Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem. Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem Duplicate SIDs aren't an issue in a
Domain-based environment since domain accounts have SID's based on the Domain
SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not
Disk Duplicate Installed Versions of Windows NT", in a Workgroup environment
security is based on local account SIDs. Thus, if two computers have users with
the same SID, the Workgroup will not be able to distinguish between the users.
All resources, including files and Registry keys, that one user has access to,
the other will as well. Aaron From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond NO NO NO NO NO BAD BAD BAD You have to use sysprep. You’re getting duplicate SIDs here –
bad. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Aaron Visser Gary, Brian, I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image. After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Are you implying you don’t sysprep your images? From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold Brenda, FWIW: It happens to me when I clone a
workstation then try to join that workstation to the domain in order to change
the computer name. AD sees 2 machines with the same name, gives me a
notification and lets the 2nd one in. Then when the original machine with
that name logs in next time, it isn't seen on the network. Then I have to
do the same thing you did - with the original machine. Then all is
well again. Don't know if that will help, but it might narrow down
the problem some. Gary Polvinale -----Original Message----- Yes,
their computer account in AD is actually gone. Thanks, Brenda Brenda
Casey Billings
Public Schools 406-247-3792 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else? -g From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do. Has
anyone else had this experience and how have you fixed it? Thanks, Brenda |
Title: Message
- RE: [ActiveDir] AD computer accounts being removed Aaron Visser
- RE: [ActiveDir] AD computer accounts being removed Aaron Visser
- RE: [ActiveDir] AD computer accounts being removed Brian Desmond
- RE: [ActiveDir] AD computer accounts being removed joe
- RE: [ActiveDir] AD computer accounts being removed Brian Desmond
- RE: [ActiveDir] AD computer accounts being removed joe
- RE: [ActiveDir] AD computer accounts being removed joe
- RE: [ActiveDir] AD computer accounts being removed Rocky Habeeb