RE: [ActiveDir] AD computer accounts being removed

[joe]

Title: Message



> who would even think of 
ghosting a Server
 
Heh. Quite a few people actually. 
:)
 
 
> I have yet to hear anything worth while on why I 
should be running sysprep on a workstation in a Domain Environment 

 
The main one in my mind is simply a support thing with 
MS. I agree with how bad the info is out there on why people think it needs to 
be done. It is easier to do it as you go then to actually really hit a real 
problem that does impact you that has you running around your environment doing 
it for all machines. So while I myself have mixed feelings on how much it is 
needed you will NEVER hear me tell a customer or anyone else they shouldn't do 
it. 
 
  joe
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron 
VisserSent: Friday, January 20, 2006 5:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


I was referring to 
workstations not Servers, who would even think of ghosting a Server? And here is 
the bottom line I have been ghosting workstations for several years now at this 
site without using Sysprep or anything like it, and it has caused me no 
problems, I have yet to hear anything worth while on why I should be running 
sysprep on a workstation in a Domain Environment where local login is not 
prohibited other than some BS stuff from Wininternals or some other mag like 
that. So put your rolled up newspapers away ( unless of course your going to be 
using it on yourself ) and give me something worth while or concrete as to why I 
should be running Sysprep in the mentioned environment other than NO NO NO NO 
BAD BAD BAD BAD you must run sysprep.
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian 
DesmondSent: Friday, January 
20, 2006 11:37 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Tell 
me about it. We had a vendor roll a server into every site to do as they pleased 
with. Didn’t get sysprep’ed. Many sites decided to dcpromo theirs up. Of course 
every independent domain has to trust me, and you can’t trust more than one 
domain with the same sid…
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Lee, WookSent: Friday, January 20, 2006 2:16 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
You can have collisions 
between a domain controller SID and a member server 
SID when two machines have 
duplicate SIDs and one is DCPROMO’d and the other is joined to the new domain. 
The error messages that are logged say something to the effect that the domain 
and the member server SIDs conflict. Darn confusing when you see it for the 
first time. I’ll see if I can dig out the exact text of the 
message.
 
Wook
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Wednesday, January 18, 2006 6:36 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Yep sorry, didn't 
intend to say it wasn't a good idea. At some point the list will catch up and my 
post that says that will show up. :)
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 8:39 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Dozen 
other reasons to run it. Not running sysprep is just a bad idea. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Wednesday, January 18, 2006 8:11 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Well not really. The 
important SID in question is the Domain 
SID and that isn't duped. The 
domain doesn't care about the machine SID. It is still good practice 
to newsid the machines though.
 
If the accounts are 
disappearing it is one of two things
 
1. Someone is deleting 
it.
 
2. During the join 
process something fails and the computer deletes the object out. I don't recall 
the details of this but I do recall hearing it happen. It happens right after 
the failed join though, you don't have to wait for it. I have also heard 
other people who don't have enough rights report the account being disabled 
instead of deleted. I never verified personally either. 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 6:50 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednes

RE: [ActiveDir] AD computer accounts being removed

[Grillenmeier, Guido]

Title: Message



Hey Wook - though I agree it's a bad idea to do this, I've 
always thought DCPROMOing a server to a new domain created a NEW domain SID, 
which is totally unrelated to the server's SID.  Or was it the other 
way around (un-promoting a DC creates a new SID for the server...).  Hmm 
probalby the latter from what you write.
 
Would be good if you can find the error-message (saves me 
time in testing this :-)
 
/Guido


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Lee, 
WookSent: Freitag, 20. Januar 2006 08:16To: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


You can have collisions 
between a domain controller SID and a member server 
SID when two machines have 
duplicate SIDs and one is DCPROMO’d and the other is joined to the new domain. 
The error messages that are logged say something to the effect that the domain 
and the member server SIDs conflict. Darn confusing when you see it for the 
first time. I’ll see if I can dig out the exact text of the 
message.
 
Wook
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Wednesday, January 18, 2006 6:36 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Yep sorry, didn't 
intend to say it wasn't a good idea. At some point the list will catch up and my 
post that says that will show up. :)
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian 
DesmondSent: Wednesday, 
January 18, 
2006 8:39 
PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Dozen 
other reasons to run it. Not running sysprep is just a bad idea. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Wednesday, January 18, 2006 8:11 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Well not really. The 
important SID in question is the Domain 
SID and that isn't duped. The 
domain doesn't care about the machine SID. It is still good practice 
to newsid the machines though.
 
If the accounts are 
disappearing it is one of two things
 
1. Someone is deleting 
it.
 
2. During the join 
process something fails and the computer deletes the object out. I don't recall 
the details of this but I do recall hearing it happen. It happens right after 
the failed join though, you don't have to wait for it. I have also heard 
other people who don't have enough rights report the account being disabled 
instead of deleted. I never verified personally either. 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 6:50 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, 
January 18, 
2006 5:44 
PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary, 
Brian,
 
I do not use Sysprep on 
my images and have yet to come across any problems, but there may be one big 
difference with my images, before I ghost them or create the image I put the 
said machine into a workgroup and then create image.  After I have imaged a 
computer I log on and change the Computer Name reboot and then join the domain 
with the new computer name, should I be using Sysprep? 

 
And Brenda I have 
experienced your problem but I have never noticed the accounts actually being 
out of AD, anyways most times for me a simple reboot works although I have had 
to actually ghost computers in order to rejoin the domain because I do not have 
any local accounts active on my computers in the school, makes it a little safer 
J but with that comes 
more work L
 
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 12:38 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 

Brenda,

 

FWIW:  It happens 
to me when I clone a workstation then try to join that workstation to the domain 
in order to change the computer name.  AD sees 2 machines with the same 
name, gives me a notification and lets the 2nd one in.  Then when the 
original machine with that name logs in next time, it isn't 

RE: [ActiveDir] AD computer accounts being removed

[Aaron Visser]

Title: Message








Sorry, Sorry, Sorry it is Friday and I
have had enough, next time I will try to think before I hit Send

(Disregard last post on this topic)

 

 

Aaron Visser

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Friday, January 20, 2006
11:37 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Tell me about it. We had a vendor roll a server into every site to do as
they pleased with. Didn’t get sysprep’ed. Many sites decided to
dcpromo theirs up. Of course every independent domain has to trust me, and you
can’t trust more than one domain with the same sid…

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook
Sent: Friday, January 20, 2006
2:16 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

You can have collisions between a domain
controller SID
and a member server SID
when two machines have duplicate SIDs and one is DCPROMO’d and the other
is joined to the new domain. The error messages that are logged say something
to the effect that the domain and the member server SIDs conflict. Darn
confusing when you see it for the first time. I’ll see if I can dig out
the exact text of the message.

 

Wook

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
6:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Yep sorry, didn't intend to say it wasn't
a good idea. At some point the list will catch up and my post that says that
will show up. :)

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
8:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Dozen other reasons to run it. Not running sysprep is just a bad idea. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
8:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well not really. The important SID
in question is the Domain SID and that isn't duped.
The domain doesn't care about the machine SID. It is still good
practice to newsid the machines though.

 

If the accounts are disappearing it is one
of two things

 

1. Someone is deleting it.

 

2. During the join process something fails
and the computer deletes the object out. I don't recall the details of this but
I do recall hearing it happen. It happens right after the failed join though,
you don't have to wait for it. I have also heard other people who don't
have enough rights report the account being disabled instead of deleted. I
never verified personally either. 

 

 







From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
6:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: R

RE: [ActiveDir] AD computer accounts being removed

[Aaron Visser]

Title: Message








I was referring to workstations not Servers,
who would even think of ghosting a Server? And here is the bottom line I have
been ghosting workstations for several years now at this site without using
Sysprep or anything like it, and it has caused me no problems, I have yet to
hear anything worth while on why I should be running sysprep on a workstation
in a Domain Environment where local login is not prohibited other than some BS
stuff from Wininternals or some other mag like that. So put your rolled up
newspapers away ( unless of course your going to be using it on yourself ) and
give me something worth while or concrete as to why I should be running Sysprep
in the mentioned environment other than NO NO NO NO BAD BAD BAD BAD you must
run sysprep.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Friday, January 20, 2006
11:37 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Tell me about it. We had a vendor roll a server into every site to do as
they pleased with. Didn’t get sysprep’ed. Many sites decided to
dcpromo theirs up. Of course every independent domain has to trust me, and you
can’t trust more than one domain with the same sid…

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook
Sent: Friday, January 20, 2006
2:16 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

You can have collisions between a domain
controller SID
and a member server SID
when two machines have duplicate SIDs and one is DCPROMO’d and the other
is joined to the new domain. The error messages that are logged say something
to the effect that the domain and the member server SIDs conflict. Darn
confusing when you see it for the first time. I’ll see if I can dig out
the exact text of the message.

 

Wook

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
6:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Yep sorry, didn't intend to say it wasn't
a good idea. At some point the list will catch up and my post that says that
will show up. :)

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
8:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Dozen other reasons to run it. Not running sysprep is just a bad idea. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
8:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well not really. The important SID
in question is the Domain SID and that isn't duped.
The domain doesn't care about the machine SID. It is still good
practice to newsid the machines though.

 

If the accounts are disappearing it is one
of two things

 

1. Someone is deleting it.

 

2. During the join process something fails
and the computer deletes the object out. I don't recall the details of this but
I do recall hearing it happen. It happens right after the failed join though,
you don't have to wait for it. I have also heard other people who don't
have enough rights report the account being disabled instead of deleted. I
never verified personally either. 

 

 







From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
6:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, make

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Title: Message








Tell me about it. We had a vendor roll a server into every site to do as
they pleased with. Didn’t get sysprep’ed. Many sites decided to
dcpromo theirs up. Of course every independent domain has to trust me, and you
can’t trust more than one domain with the same sid…

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Lee, Wook
Sent: Friday, January 20, 2006
2:16 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

You can have collisions between a domain
controller SID
and a member server SID
when two machines have duplicate SIDs and one is DCPROMO’d and the other
is joined to the new domain. The error messages that are logged say something
to the effect that the domain and the member server SIDs conflict. Darn
confusing when you see it for the first time. I’ll see if I can dig out
the exact text of the message.

 

Wook

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
6:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Yep sorry, didn't intend to say it wasn't
a good idea. At some point the list will catch up and my post that says that
will show up. :)

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
8:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Dozen other reasons to run it. Not running sysprep is just a bad idea. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
8:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well not really. The important SID
in question is the Domain SID and that isn't duped.
The domain doesn't care about the machine SID. It is still good
practice to newsid the machines though.

 

If the accounts are disappearing it is one
of two things

 

1. Someone is deleting it.

 

2. During the join process something fails
and the computer deletes the object out. I don't recall the details of this but
I do recall hearing it happen. It happens right after the failed join though,
you don't have to wait for it. I have also heard other people who don't
have enough rights report the account being disabled instead of deleted. I
never verified personally either. 

 

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
6:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't see

RE: [ActiveDir] AD computer accounts being removed

[Lee, Wook]

Title: Message








You can have collisions between a domain
controller SID
and a member server SID
when two machines have duplicate SIDs and one is DCPROMO’d and the other
is joined to the new domain. The error messages that are logged say something
to the effect that the domain and the member server SIDs conflict. Darn
confusing when you see it for the first time. I’ll see if I can dig out
the exact text of the message.

 

Wook

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
6:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Yep sorry, didn't intend to say it wasn't
a good idea. At some point the list will catch up and my post that says that
will show up. :)

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
8:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Dozen other reasons to run it. Not running sysprep is just a bad idea. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Wednesday, January 18, 2006
8:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well not really. The important SID
in question is the Domain SID and that isn't duped.
The domain doesn't care about the machine SID. It is still good
practice to newsid the machines though.

 

If the accounts are disappearing it is one
of two things

 

1. Someone is deleting it.

 

2. During the join process something fails
and the computer deletes the object out. I don't recall the details of this but
I do recall hearing it happen. It happens right after the failed join though,
you don't have to wait for it. I have also heard other people who don't
have enough rights report the account being disabled instead of deleted. I
never verified personally either. 

 

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
6:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new computer
name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Yes,
their computer account in AD is actually gone.



 

RE: [ActiveDir] AD computer accounts being removed

[joe]

Title: Message



FYI. I submitted a request to have this article reviewed 
and corrected as deemed necessary.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rich 
MilburnSent: Thursday, January 19, 2006 3:08 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


Well, XP is kind of obscure, 
esp when you include Server 2003 SP1 in an imaging article England 
and do not catch such things J>
 

---Rich 
MilburnMCSE, Microsoft MVP - 
Directory ServicesSr 
Network Analyst, Field Platform DevelopmentApplebee's International, 
Inc.4551 
W. 107th 
StOverland 
Park, 
KS 66207913-967-2819--”I love the smell of 
red herrings in the morning” - 
anonymous




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Thursday, January 19, 2006 12:30 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Most likely oversight. 
I submit quite a few requests to get articles like this updated that are missing 
specific OS versions or App versions. At one point I asked that they have an 
additional field of "doesn't apply to" for OSes so you at least knew they 
weren't forgetting it. I was told to piss off.
 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Rich 
MilburnSent: Thursday, January 
19, 2006 8:44 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Any idea why XP is 
omitted in this article, but 2k and 2k3 are 
included?
http://support.microsoft.com/?id=162001
"Do Not Disk 
Duplicate Installed Versions of Windows NT"
 
 

---Rich 
MilburnMCSE, Microsoft MVP - 
Directory ServicesSr 
Network Analyst, Field Platform DevelopmentApplebee's International, 
Inc.4551 
W. 107th 
StOverland 
Park, 
KS 66207913-967-2819--”I love the smell of 
red herrings in the morning” - 
anonymous




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 6:27 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Well I would agree that 
is not a safe practice for most but for my application where all Local accounts 
are disabled I do not see a problem.
 
Taken 
from http://www.sysinternals.com/Utilities/NewSid.html 
under the SID Duplication Problem
Duplicate SIDs aren't 
an issue in a Domain-based environment since domain accounts have SID's based on 
the Domain SID. But, according to Microsoft Knowledge Base article Q162001, "Do 
Not Disk Duplicate Installed Versions of Windows NT", in a Workgroup environment 
security is based on local account SIDs. Thus, if two computers have users with 
the same SID, the Workgroup will not be able to distinguish between the users. 
All resources, including files and Registry keys, that one user has access to, 
the other will as well.
 
Aaron
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian 
DesmondSent: Wednesday, 
January 18, 2006 3:50 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 5:44 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary, 
Brian,
 
I do not use Sysprep on 
my images and have yet to come across any problems, but there may be one big 
difference with my images, before I ghost them or create the image I put the 
said machine into a workgroup and then create image.  After I have imaged a 
computer I log on and change the Computer Name reboot and then join the domain 
with the new computer name, should I be using Sysprep? 

 
And Brenda I have 
experienced your problem but I have never noticed the accounts actually being 
out of AD, anyways most times for me a simple reboot works although I have had 
to actually ghost computers in order to rejoin the domain because I do not have 
any local accounts active on my computers in the school, makes it a little safer 
J but with that comes 
more work L
 
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 12:38 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL P

RE: [ActiveDir] AD computer accounts being removed

[Charlie Kaiser]

I can relate. I frequently do the 60 hr week thing, and as the senior of
the two IT people for our company, I do all the
design/planning/decision-making, as well as fix all the hard stuff the
other guy can't fix.
I have found that automating my repetitive tasks has helped a lot. I did
a few things to help my ability to work smarter rather than harder.
I set aside an hour a day for a while (at home, at work after hours,
wherever) and played with new tools; reskit, joeware, scripting,
whatever it took. That got me some confidence in using the advanced
tools.
I spent a bunch of time on this forum and the sys admin forum (sunbelt).
Lurking mostly, and contributing when time and skill allowed, but
frequently looking at a problem, making an estimate of the fix, and then
comparing my fix to the "experts". 
I developed monitoring for all my production using What's Up Gold and
Dumpevt/grep. That allowed me to find most failures well before they
developed. I'd say better than 95% of the server problems I deal with
are things I find before the end-users know about them, which is how it
should be, IMO.
I've also trained my junior admin and handed off all the stuff I can to
him. It's hard to let go of some of it, but once I do and see that it's
getting handled, I relax. :-)
I think the bottom line is that until I took the steps necessary to work
smarter, I just kept working harder. Spending a bunch of time to improve
my skills and efficiency paid off tremendously. I don't do the 100 hour
weeks anymore. Spending 8 hours to develop workable group policies saved
me at least that much time per week with desktop configuration issues.
If you can get your boss to buy into allowing you some no-contact time
each week, you can use that to improve your skills/efficiency. You can
make the case to him/her that using a bit of your time will pay
dividends quickly. 
Do whatever it takes to move as far from reactive mode as you can. I've
felt your pain; it's no fun...

**
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
> Sent: Thursday, January 19, 2006 7:39 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> Charlie,
> 
> Thanks for taking the time to explain.  I'm in a position 
> where I'm making
> the big decisions, doing the big work and also doing all the 
> little details
> (I'm it) including daily problems.  Zero training/learning time, zero
> anything except get to the next fire.  I need spend some time 
> learning and
> using tools like sysprep and GP to get back some of that time.
> 
> Gary
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Charlie Kaiser
> Sent: Thursday, January 19, 2006 10:07 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> Sysprep is pretty simple; there's a lot of documentation 
> available on it. As
> Rich mentioned, you need to set up your customizations under 
> one profile and
> copy that to the default user profile. Some irksome things 
> change, however.
> One of my pet peeves is that when you sysprep a PC, the next 
> time it boots,
> the select OS timeout goes from whatever you have set it to 
> (5 sec in our
> case) back to the default of 30 sec. 
> 
> I have found that using group policy to make most of the 
> settings changes is
> better than doing it on the workstation. We start with a 
> sysprepped image
> that runs the mini-setup when first booted. We then the 
> workstation and
> place it in the domain, where the GPOs apply to make all the required
> settings.
> 
> I was able to go from a boot floppy, ghost, and ghostwalker 
> to a boot CD,
> sysprep, and ghost (our new laptops don't have floppy drives) 
> in about 4
> days of testing and fine-tuning. I took a couple of laptops 
> and a BartPE CD
> (with ghost added to it) into a spare conference room, didn't 
> answer my
> phone, and worked it all out. A few days of work and the result is
> significantly simpler deployment of new images.
> 
> **
> Charlie Kaiser
> W2K3 MCSA/MCSE/Security, CCNA
> Systems Engineer
> Essex Credit / Brickwalk
> 510 595 5083
> **
>  
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
> > Sent: Thursday, January 19, 2006 5:01 AM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] AD computer accounts bei

RE: [ActiveDir] AD computer accounts being removed

[Rich Milburn]

Title: Message








Well, XP is kind of obscure, esp when you include
Server 2003 SP1 in an imaging article England
and do not catch such things J>

 



---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
--
”I love the smell
of red herrings in the morning” - anonymous











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, January 19, 2006
12:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Most likely oversight. I submit quite a
few requests to get articles like this updated that are missing specific OS
versions or App versions. At one point I asked that they have an additional
field of "doesn't apply to" for OSes so you at least knew they
weren't forgetting it. I was told to piss off.

 

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Thursday, January 19, 2006
8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Any idea why XP is omitted in this
article, but 2k and 2k3 are included?

http://support.microsoft.com/?id=162001

"Do Not Disk Duplicate Installed
Versions of Windows NT"

 

 



---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
--
”I love the smell
of red herrings in the morning” - anonymous











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
6:27 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem.

 

Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem

Duplicate SIDs aren't an issue in a
Domain-based environment since domain accounts have SID's based on the Domain
SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not
Disk Duplicate Installed Versions of Windows NT", in a Workgroup
environment security is based on local account SIDs. Thus, if two computers
have users with the same SID, the Workgroup will not be able to distinguish
between the users. All resources, including files and Registry keys, that one user
has access to, the other will as well.

 

Aaron

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
3:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me 

RE: [ActiveDir] AD computer accounts being removed

[joe]

Title: Message



Most likely oversight. I submit quite a few requests to get 
articles like this updated that are missing specific OS versions or App 
versions. At one point I asked that they have an additional field of "doesn't 
apply to" for OSes so you at least knew they weren't forgetting it. I was told 
to piss off.
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rich 
MilburnSent: Thursday, January 19, 2006 8:44 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


Any idea why XP is 
omitted in this article, but 2k and 2k3 are 
included?
http://support.microsoft.com/?id=162001
"Do Not Disk 
Duplicate Installed Versions of Windows NT"
 
 

---Rich 
MilburnMCSE, Microsoft MVP - 
Directory ServicesSr 
Network Analyst, Field Platform DevelopmentApplebee's International, 
Inc.4551 
W. 107th 
StOverland 
Park, 
KS 66207913-967-2819--”I love the smell of 
red herrings in the morning” - 
anonymous




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 6:27 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Well I would agree that 
is not a safe practice for most but for my application where all Local accounts 
are disabled I do not see a problem.
 
Taken 
from http://www.sysinternals.com/Utilities/NewSid.html 
under the SID Duplication Problem
Duplicate SIDs aren't 
an issue in a Domain-based environment since domain accounts have SID's based on 
the Domain SID. But, according to Microsoft Knowledge Base article Q162001, "Do 
Not Disk Duplicate Installed Versions of Windows NT", in a Workgroup environment 
security is based on local account SIDs. Thus, if two computers have users with 
the same SID, the Workgroup will not be able to distinguish between the users. 
All resources, including files and Registry keys, that one user has access to, 
the other will as well.
 
Aaron
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian 
DesmondSent: Wednesday, 
January 18, 2006 3:50 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 5:44 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary, 
Brian,
 
I do not use Sysprep on 
my images and have yet to come across any problems, but there may be one big 
difference with my images, before I ghost them or create the image I put the 
said machine into a workgroup and then create image.  After I have imaged a 
computer I log on and change the Computer Name reboot and then join the domain 
with the new computer name, should I be using Sysprep? 

 
And Brenda I have 
experienced your problem but I have never noticed the accounts actually being 
out of AD, anyways most times for me a simple reboot works although I have had 
to actually ghost computers in order to rejoin the domain because I do not have 
any local accounts active on my computers in the school, makes it a little safer 
J but with that comes 
more work L
 
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 12:38 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 

Brenda,

 

FWIW:  It happens 
to me when I clone a workstation then try to join that workstation to the domain 
in order to change the computer name.  AD sees 2 machines with the same 
name, gives me a notification and lets the 2nd one in.  Then when the 
original machine with that name logs in next time, it isn't seen on the 
network.  Then I have to do the same thing you did - with the original 
machine.  Then all is well again.  Don't know if that will 
help, but it might narrow down the problem 
some.

 

Gary

 

Gary 
Polvinale

Denton 
ATD

 

 
-Original 
Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 2:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Yes, 
their computer account in AD is ac

RE: [ActiveDir] AD computer accounts being removed

[joe]

LOL. I talk to myself (a lot) and write a lot of stuff that I later erase
prior to sending. Through that mechanism, mostly anyone outside of me will
see the good 50% but some of the bad can slip through. :o) I have a strong
desire to not look like a complete dunderhead in public. I have been known
to say some stunningly stupid things though.  

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Thursday, January 19, 2006 9:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed

"And further, I am not trying to say I am always right. Quite the contrary,
fully 50% of what I say is flat out incorrect, made up, or complete opinion.
Your job is to try to figure out what is and isn't in that 50%."

joe, I will not be signing my emails to you anymore with "YMYMYM"

Unless of course, your recant.

RH
___


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of joe
Sent: Wednesday, January 18, 2006 9:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed


And further, I am not trying to say I am always right. Quite the contrary,
fully 50% of what I say is flat out incorrect, made up, or complete opinion.
Your job is to try to figure out what is and isn't in that 50%. Preferably
prior to changing your environment based on something I said. :o)

Or to put it another simpler way, mileage varies. What works very well for
me may not be in your best interest.

I would like to hear the technical details behind the SID issues from that
article though. Maybe I will follow the link. Though I doubt what I want is
there. Very little serious deep tech in that mag anymore. The tech stuff I
previously wrote for them they stopped putting in the mag and started
putting in their over the top highly overpriced "professional newsletters"
that were $100+ for 12 tiny little issues that looked like a small school
newspaper.


  joe



-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 9:14 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] AD computer accounts being removed

Don't get me wrong though... Sysprep/newsid, follow the process. I am
absolutely not telling people to image machines and deploy them without
cleaning them up. If you have odd things happening and are not following the
recommended processes, it is all on you and you get to take responsibility
for what you do. :)



-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 9:01 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] AD computer accounts being removed

I would like to see the details of what the issues are. Windows IT Pro mag
is a nice mag and all, but there is no real technical review of the
articles, you can say about anything you want to and I have seen several
examples. Ditto for Redmond Mag and SearchWindows*, etc.

I don't think the people actually test the stuff they say in a lot of those
articles though they try to state it authoritatively.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the SID 
> Duplication Problem
>
>
>   snip

Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html

At the start of the GUI phase of installation each NT/2000 installation
generates a unique Security IDentifier (SID). If you then clone a
workstation each installation would have the same machine SID.
This is not a problem in a Windows NT 4.0 domain as users have a SID
generated by the domain controller and do not user the local workstation SID
for security. It IS a problem in a Windows 2000 domain as the local machine
SID is used in nearly all aspects of security and before migrating to 2000
you should resolve any duplicate SID issues which may have been caused by
cloning installations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.a

RE: [ActiveDir] AD computer accounts being removed

[Scott Klassen]

I'm in the position of jack-of-all-trades as well.  I barely get a chance to
visit the restroom on some days, nevermind breaks or lunch. Here's some
advise I can impart:

1)  Learn to say no and/or wait to the powers that be at your company.  You
can't do everything at once.  Make certain that this is a realization which
upper management has.  Going hand in hand with this, be certain that you
take some time for proactive monitoring during the week.  Check logs for
your devices and servers.  Don't wait for a system to go down before you
realize the logs had been throwing errors for days beforehand.

2)  Train the employees to take off some of the burden.  I taught all of my
users about the mysterious help file.  :)  I also created walkthroughs of
recurring chores that a standard user could perform themselves and put them
into a FAQ on our intranet site.

3)  Google is your biggest friend.  You will have a very hard time finding a
professionals forum where you will get an exact answer to a specific
question every time first try.  The expectation is that you do some research
on an issue before even asking in a forum.  On a simple problem somebody
asks, the most frequent reply is a google search link.

4)  Some good resources are experts-exchange and myitforum.  I would also
highly recommend the NTSysAdmin group hosted by Sunbelt-Software.  It
definitely doesn't hurt to pick up a book or two on various subjects which
may apply.

5)  The biggest and best time saver I can think of is to learn scripting.
This is one where it's do as I say not as I do.  I really want to learn and
have made some inroads, but there is never enough time.  My ability now is
at the level of taking scripts others have generously posted and modifying
them to my purposes.  Tons of great sites for scripts including the Technet
scripting center, scriptinganswers.com, and http://cwashington.netreach.net.

6)  Stick with it here as well, if only as a lurker.  Learn and absorb as
much as you can.  It will make you a better admin in the long run.

7)  In doing all of these things, I pared down my workweek here from 80+
hours when I began 1.5 years ago to a normal 40 hour work week.  I've even
gotten back to doing external consulting work on the weekends again.

Hope some of this helps.

Scott Klassen

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Thursday, January 19, 2006 11:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed

Larry,

I know I'm not the only one in this position.  But membership in that club
doesn't dissolve any of the stress.  Are there other online forums that deal
with the people who have to do it all in the smaller operations?
Time-saving tips, direct answers and help on specific issues?  Etc?
Frankly, I'm lost on a lot of the stuff discussed in this forum - haven't
been able to reach that level of knowledge yet.  But it's still an
invaluable source.  

Are there any more out there like it, at a lower tier of knowledge with
slightly different focus, for the tied-to-the-whipping-post average
"network-admin/PC-schlepp/IT-Systems-Mgr/purchasing-guy/telephone-system-guy
/database-admin/software-specialist/new-technology-wizard/programmer-analyst
/security-specialist/software-upgrade-maintainer/forget-about-cleaning-up-th
at-messy-office/no-raises-this-year" multifaceted IT meatball surgeon?

I'm getting further behind every day.  It would be great to see how others
are handling it.

Gary



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, January 19, 2006 11:02 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed


Gary wrote:
> I'm in a position
> where I'm making
> the big decisions, doing the big work and also doing all the 
> little details
> (I'm it) including daily problems.  Zero training/learning time, zero
> anything except get to the next fire. 

Boy, does that sound familiar...

-- 
Larry
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] AD computer accounts being removed

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

You forgot emptying the trash.

I can tell you where the SMB outside consultants hang out... but I'll 
agree with you... the SMB  or just "M" admin crowdnot sure if I've 
found a venue spot on yet.


hmmm... ActiveDirGUI division?   :-)

I know that Microsoft is gathering resources for this 'medium' business 
space as well.  I'll ask around.



Garyphold wrote:


Larry,

I know I'm not the only one in this position.  But membership in that club
doesn't dissolve any of the stress.  Are there other online forums that deal
with the people who have to do it all in the smaller operations?
Time-saving tips, direct answers and help on specific issues?  Etc?
Frankly, I'm lost on a lot of the stuff discussed in this forum - haven't
been able to reach that level of knowledge yet.  But it's still an
invaluable source.  


Are there any more out there like it, at a lower tier of knowledge with
slightly different focus, for the tied-to-the-whipping-post average
"network-admin/PC-schlepp/IT-Systems-Mgr/purchasing-guy/telephone-system-guy
/database-admin/software-specialist/new-technology-wizard/programmer-analyst
/security-specialist/software-upgrade-maintainer/forget-about-cleaning-up-th
at-messy-office/no-raises-this-year" multifaceted IT meatball surgeon?

I'm getting further behind every day.  It would be great to see how others
are handling it.

Gary



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, January 19, 2006 11:02 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed


Gary wrote:
 


I'm in a position
where I'm making
the big decisions, doing the big work and also doing all the 
little details

(I'm it) including daily problems.  Zero training/learning time, zero
anything except get to the next fire. 
   



Boy, does that sound familiar...

 



--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Garyphold]

Larry,

I know I'm not the only one in this position.  But membership in that club
doesn't dissolve any of the stress.  Are there other online forums that deal
with the people who have to do it all in the smaller operations?
Time-saving tips, direct answers and help on specific issues?  Etc?
Frankly, I'm lost on a lot of the stuff discussed in this forum - haven't
been able to reach that level of knowledge yet.  But it's still an
invaluable source.  

Are there any more out there like it, at a lower tier of knowledge with
slightly different focus, for the tied-to-the-whipping-post average
"network-admin/PC-schlepp/IT-Systems-Mgr/purchasing-guy/telephone-system-guy
/database-admin/software-specialist/new-technology-wizard/programmer-analyst
/security-specialist/software-upgrade-maintainer/forget-about-cleaning-up-th
at-messy-office/no-raises-this-year" multifaceted IT meatball surgeon?

I'm getting further behind every day.  It would be great to see how others
are handling it.

Gary



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, January 19, 2006 11:02 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed


Gary wrote:
> I'm in a position
> where I'm making
> the big decisions, doing the big work and also doing all the 
> little details
> (I'm it) including daily problems.  Zero training/learning time, zero
> anything except get to the next fire. 

Boy, does that sound familiar...

-- 
Larry
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Title: Message








There’s really nothing to learn. You extract deploy.cab to a
folder, run setupmgr to create the sysprep.inf, the you open it up and change
ComputerName to = * and copy it all to afolder called c:\sysprep. Run
sysprep.exe. It will shutdown your PC, boot it back up with the ghost disk in
and dump your image. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Thursday, January 19, 2006
8:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Not implying - I don't.  I've been
unable to find time to experiment.  Yeah, I know - if I used that, I'd
have much more time.  Can Sysprep be much trouble to learn to use?  I
guess I have writer's block when it comes to that.  Irrational fear of
Sysprep.





 





Gary





 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
3:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Larry Wahlers]

Gary wrote:
> I'm in a position 
> where I'm making
> the big decisions, doing the big work and also doing all the 
> little details
> (I'm it) including daily problems.  Zero training/learning time, zero
> anything except get to the next fire. 

Boy, does that sound familiar...

-- 
Larry
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Garyphold]

Charlie,

Thanks for taking the time to explain.  I'm in a position where I'm making
the big decisions, doing the big work and also doing all the little details
(I'm it) including daily problems.  Zero training/learning time, zero
anything except get to the next fire.  I need spend some time learning and
using tools like sysprep and GP to get back some of that time.

Gary

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Thursday, January 19, 2006 10:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed


Sysprep is pretty simple; there's a lot of documentation available on it. As
Rich mentioned, you need to set up your customizations under one profile and
copy that to the default user profile. Some irksome things change, however.
One of my pet peeves is that when you sysprep a PC, the next time it boots,
the select OS timeout goes from whatever you have set it to (5 sec in our
case) back to the default of 30 sec. 

I have found that using group policy to make most of the settings changes is
better than doing it on the workstation. We start with a sysprepped image
that runs the mini-setup when first booted. We then the workstation and
place it in the domain, where the GPOs apply to make all the required
settings.

I was able to go from a boot floppy, ghost, and ghostwalker to a boot CD,
sysprep, and ghost (our new laptops don't have floppy drives) in about 4
days of testing and fine-tuning. I took a couple of laptops and a BartPE CD
(with ghost added to it) into a spare conference room, didn't answer my
phone, and worked it all out. A few days of work and the result is
significantly simpler deployment of new images.

**
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
> Sent: Thursday, January 19, 2006 5:01 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> Thanks for the link Nav.
>  
> I use Symantec (PowerQuest) V2i Desktop (DriveImage).
> Haven't used Ghost (Ghostwalker) or Sysprep.  Been wanting to 
> experiment with Sysprep but haven't had the time.  I was 
> thinking about that this morning though.  Is there a big 
> learning curve with Sysprep?  
>  
> I use V2i for cloning, because I'm already using that for
> backups of all the workstations and all the servers.  Hard 
> drive backups instead of tape.  Without sysprep, I'm stuck 
> being able to only clone like machines.  
>  
> I really need to learn to use Sysprep.  Too many fires
> burning right now.
>  
> Gary
>  
>  
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Navroz Shariff
> Sent: Wednesday, January 18, 2006 3:29 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> Hi Gary,
>  
> Try looking at this article from MS regarding 'Resetting
> computer accounts in Windows 2000 and Windows XP'.
> http://support.microsoft.com/kb/216393/EN-US/
>  
> Also, you join the computer to the domain and then change its name?
> Do you reset the SIDs of the cloned workstation using 
> GhostWalker or Sysprep?
>  
> -Nav
>  
> 
> ________
> 
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
> Sent: Wednesday, January 18, 2006 3:04 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> Brenda,
>  
> FWIW:  It happens to me when I clone a workstation then try
> to join that workstation to the domain in order to change the 
> computer name.  AD sees 2 machines with the same name, gives 
> me a notification and lets the 2nd one in.  Then when the 
> original machine with that name logs in next time, it isn't 
> seen on the network.  Then I have to do the same thing you 
> did - with the original machine.  Then all is well again.  
> Don't know if that will help, but it might narrow down the 
> problem some.
>  
> Gary
>  
> Gary Polvinale
> Denton ATD
>  
>  
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
> Sent: Wednesday, January 18, 2006 2:24 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> Yes, their computer account in AD is actually gone.
>  
> Thanks,
> Brenda
>  
> Brenda Casey
> Network Manager
> Billings Public Schools
> [EMAIL 

RE: [ActiveDir] AD computer accounts being removed

[Charlie Kaiser]

Sysprep is pretty simple; there's a lot of documentation available on
it. As Rich mentioned, you need to set up your customizations under one
profile and copy that to the default user profile. Some irksome things
change, however. One of my pet peeves is that when you sysprep a PC, the
next time it boots, the select OS timeout goes from whatever you have
set it to (5 sec in our case) back to the default of 30 sec. 

I have found that using group policy to make most of the settings
changes is better than doing it on the workstation. We start with a
sysprepped image that runs the mini-setup when first booted. We then the
workstation and place it in the domain, where the GPOs apply to make all
the required settings.

I was able to go from a boot floppy, ghost, and ghostwalker to a boot
CD, sysprep, and ghost (our new laptops don't have floppy drives) in
about 4 days of testing and fine-tuning. I took a couple of laptops and
a BartPE CD (with ghost added to it) into a spare conference room,
didn't answer my phone, and worked it all out. A few days of work and
the result is significantly simpler deployment of new images.

**
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
> Sent: Thursday, January 19, 2006 5:01 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> Thanks for the link Nav.
>  
> I use Symantec (PowerQuest) V2i Desktop (DriveImage).  
> Haven't used Ghost (Ghostwalker) or Sysprep.  Been wanting to 
> experiment with Sysprep but haven't had the time.  I was 
> thinking about that this morning though.  Is there a big 
> learning curve with Sysprep?  
>  
> I use V2i for cloning, because I'm already using that for 
> backups of all the workstations and all the servers.  Hard 
> drive backups instead of tape.  Without sysprep, I'm stuck 
> being able to only clone like machines.  
>  
> I really need to learn to use Sysprep.  Too many fires 
> burning right now.
>  
> Gary
>  
>  
> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Navroz Shariff
> Sent: Wednesday, January 18, 2006 3:29 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> Hi Gary,
>  
> Try looking at this article from MS regarding 'Resetting 
> computer accounts in Windows 2000 and Windows XP'.
> http://support.microsoft.com/kb/216393/EN-US/
>  
> Also, you join the computer to the domain and then change its name? 
> Do you reset the SIDs of the cloned workstation using 
> GhostWalker or Sysprep?
>  
> -Nav
>  
> 
> ________
> 
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
> Sent: Wednesday, January 18, 2006 3:04 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> Brenda,
>  
> FWIW:  It happens to me when I clone a workstation then try 
> to join that workstation to the domain in order to change the 
> computer name.  AD sees 2 machines with the same name, gives 
> me a notification and lets the 2nd one in.  Then when the 
> original machine with that name logs in next time, it isn't 
> seen on the network.  Then I have to do the same thing you 
> did - with the original machine.  Then all is well again.  
> Don't know if that will help, but it might narrow down the 
> problem some.
>  
> Gary
>  
> Gary Polvinale
> Denton ATD
>  
>  
> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
> Sent: Wednesday, January 18, 2006 2:24 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> Yes, their computer account in AD is actually gone.
>  
> Thanks, 
> Brenda
>  
> Brenda Casey
> Network Manager
> Billings Public Schools
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 
> 406-247-3792
>  
> 
> 
> 
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Gil 
> Kirkpatrick
> Sent: Wednesday, January 18, 2006 11:14 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD computer accounts being removed
> 
> 
> When you say "lose their account", do you mean the computer 
> object in AD disappears? Or something else?
>  
> -g
> 
> 
> 
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PRO

RE: [ActiveDir] AD computer accounts being removed

[Rich Milburn]

Title: Message








> Is
there a big learning curve with Sysprep?

Well, there can be.  It depends on what
you do to your master before you image it.  If you do a lot of profile
customization, then yes, because sysprep cleans out the profiles, and you’ll
need to figure out how to apply settings to the default profile, or figure out
how to script them.  Since you are using AD you don’t have the lack of
GPO issue I did.  For example, on our workgroup systems, we create a certain
account and set up that profile, lock it down etc.  If I sysprep it, that
profile gets removed and a new one is created when that user logs into the
sysprepped computer – without any of the customizations.  There are ways
around this, but I couldn’t solve all of them so for now on our newer XP
systems we use a silent install with scripted profile configuration and
lockdowns.  It takes 38 minutes from DVD incl. Office 2003 install, so it’s
not too bad – sysprep using an ximage image took 25 minutes on the same
box, most of that was DVD to HDD copy time though.

 



---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
--
”I love the smell
of red herrings in the morning” - anonymous











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Thursday, January 19, 2006
7:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Thanks for the link Nav.





 





I use Symantec (PowerQuest) V2i Desktop
(DriveImage).  Haven't used Ghost (Ghostwalker) or Sysprep.  Been
wanting to experiment with Sysprep but haven't had the time.  I was
thinking about that this morning though.  Is there a big learning curve
with Sysprep?  





 





I use V2i for cloning, because I'm
already using that for backups of all the workstations and all the
servers.  Hard drive backups instead of tape.  Without sysprep, I'm
stuck being able to only clone like machines.  





 





I really need to learn to use
Sysprep.  Too many fires burning right now.





 





Gary





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Navroz Shariff
Sent: Wednesday, January 18, 2006
3:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Hi Gary,

 

Try looking at this article from MS
regarding 'Resetting computer accounts in Windows 2000 and Windows XP'.

http://support.microsoft.com/kb/216393/EN-US/

 

Also, you join the computer to the domain
and then change its name? 

Do you reset the SIDs of the cloned
workstation using GhostWalker or Sysprep?

 

-Nav

 

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine.  Then all
is well again.  Don't know if that will help, but it might narrow
down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on 

RE: [ActiveDir] AD computer accounts being removed

[Rocky Habeeb]

"And further, I am not trying to say I am always right. Quite the contrary,
fully 50% of what I say is flat out incorrect, made up, or complete opinion.
Your job is to try to figure out what is and isn't in that 50%."

joe, I will not be signing my emails to you anymore with "YMYMYM"

Unless of course, your recant.

RH
___


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of joe
Sent: Wednesday, January 18, 2006 9:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer accounts being removed


And further, I am not trying to say I am always right. Quite the contrary,
fully 50% of what I say is flat out incorrect, made up, or complete opinion.
Your job is to try to figure out what is and isn't in that 50%. Preferably
prior to changing your environment based on something I said. :o)

Or to put it another simpler way, mileage varies. What works very well for
me may not be in your best interest.

I would like to hear the technical details behind the SID issues from that
article though. Maybe I will follow the link. Though I doubt what I want is
there. Very little serious deep tech in that mag anymore. The tech stuff I
previously wrote for them they stopped putting in the mag and started
putting in their over the top highly overpriced "professional newsletters"
that were $100+ for 12 tiny little issues that looked like a small school
newspaper.


  joe



-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 9:14 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] AD computer accounts being removed

Don't get me wrong though... Sysprep/newsid, follow the process. I am
absolutely not telling people to image machines and deploy them without
cleaning them up. If you have odd things happening and are not following the
recommended processes, it is all on you and you get to take responsibility
for what you do. :)



-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 9:01 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] AD computer accounts being removed

I would like to see the details of what the issues are. Windows IT Pro mag
is a nice mag and all, but there is no real technical review of the
articles, you can say about anything you want to and I have seen several
examples. Ditto for Redmond Mag and SearchWindows*, etc.

I don't think the people actually test the stuff they say in a lot of those
articles though they try to state it authoritatively.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the SID
> Duplication Problem
>
>
>   snip

Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html

At the start of the GUI phase of installation each NT/2000 installation
generates a unique Security IDentifier (SID). If you then clone a
workstation each installation would have the same machine SID.
This is not a problem in a Windows NT 4.0 domain as users have a SID
generated by the domain controller and do not user the local workstation SID
for security. It IS a problem in a Windows 2000 domain as the local machine
SID is used in nearly all aspects of security and before migrating to 2000
you should resolve any duplicate SID issues which may have been caused by
cloning installations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Rich Milburn]

Title: Message








Any idea why XP is omitted in this article,
but 2k and 2k3 are included?

http://support.microsoft.com/?id=162001

"Do Not Disk Duplicate Installed
Versions of Windows NT"

 

 



---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
--
”I love the smell
of red herrings in the morning” - anonymous











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
6:27 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem.

 

Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem

Duplicate SIDs aren't an issue in a
Domain-based environment since domain accounts have SID's based on the Domain
SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not
Disk Duplicate Installed Versions of Windows NT", in a Workgroup
environment security is based on local account SIDs. Thus, if two computers
have users with the same SID, the Workgroup will not be able to distinguish
between the users. All resources, including files and Registry keys, that one
user has access to, the other will as well.

 

Aaron

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
3:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer
accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or 

RE: [ActiveDir] AD computer accounts being removed

[Almeida Pinto, Jorge de]

>>>It IS a problem in a Windows 2000 domain as the local machine SID is used in 
>>>nearly all aspects of security and before migrating to 2000 you should 
>>>resolve any duplicate SID issues which may have been caused by cloning 
>>>installations.
 
Huh..I'm having a small headache and I'm not smoking anything weird here, 
but... what is this?
 
Shoudn't this be:
Duplicate SIDs for objects in the domain are bad and a problem in NT4 and AD. 
It is not possible to copy an object and dupe the SID. Screwing around with the 
RID FSMO (AD) could result in dupped SIDs. If dupped SIDs are detected the 
detecting DC has a mechanism to clean those
Although a bad practice, cloned machines which have the same local SID can be 
in an NT4 domain and AD. The local computer SID will only be used if a user 
(domain base or not) is a member of a local group on that computer as the group 
SID on that computer consists of the computer SID and a RID
 
IMHO opinion the writer is mixing the object SID in the domain with the local 
computer SID...
 
 
Jorge



Van: [EMAIL PROTECTED] namens AdamT
Verzonden: do 2006-01-19 02:22
Aan: ActiveDir@mail.activedir.org
Onderwerp: Re: [ActiveDir] AD computer accounts being removed



On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the
> SID Duplication Problem
>
>
>   snip

Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html

At the start of the GUI phase of installation each NT/2000
installation generates a unique Security IDentifier (SID). If you then
clone a workstation each installation would have the same machine SID.
This is not a problem in a Windows NT 4.0 domain as users have a SID
generated by the domain controller and do not user the local
workstation SID for security. It IS a problem in a Windows 2000 domain
as the local machine SID is used in nearly all aspects of security and
before migrating to 2000 you should resolve any duplicate SID issues
which may have been caused by cloning installations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Garyphold]

Title: Message



Not 
implying - I don't.  I've been unable to find time to experiment.  
Yeah, I know - if I used that, I'd have much more time.  Can Sysprep be 
much trouble to learn to use?  I guess I have writer's block when it comes 
to that.  Irrational fear of Sysprep.
 
Gary
 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 
3:38 PMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] AD computer accounts being removed

Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 

Brenda,

 

FWIW:  It happens 
to me when I clone a workstation then try to join that workstation to the domain 
in order to change the computer name.  AD sees 2 machines with the same 
name, gives me a notification and lets the 2nd one in.  Then when the 
original machine with that name logs in next time, it isn't seen on the 
network.  Then I have to do the same thing you did - with the original 
machine.  Then all is well again.  Don't know if that will 
help, but it might narrow down the problem 
some.

 

Gary

 

Gary 
Polvinale

Denton 
ATD

 

 
-Original 
Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 2:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Yes, 
their computer account in AD is actually 
gone.

 
Thanks, 

Brenda
 
Brenda 
CaseyNetwork 
Manager
Billings 
Public Schools
[EMAIL PROTECTED]
406-247-3792

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Gil 
KirkpatrickSent: Wednesday, 
January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
When you say "lose 
their account", do you mean the computer object in AD disappears? Or something 
else?
 
-g
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed
Occasionally 
computers will lose their account in Active Directory for no apparent 
reason. Sometimes it is a computer that has just joined the domain, while 
other times the machine has been a member of the domain for 2 years.  The 
computer can only be logged on by a local account (not a domain account).  
To remedy this, the computer has to be disjoined from the domain, join a 
workgroup, then join the domain again.  As I am sure you all are aware, 
this is not only time consuming, but very inappropriate to have to 
do.
 
 Has 
anyone else had this experience and how have you fixed 
it?

 
Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Garyphold]

Title: Message



Thanks 
for the link Nav.
 
I use 
Symantec (PowerQuest) V2i Desktop (DriveImage).  Haven't used Ghost 
(Ghostwalker) or Sysprep.  Been wanting to experiment with Sysprep but 
haven't had the time.  I was thinking about that this morning though.  
Is there a big learning curve with Sysprep?  
 
I use 
V2i for cloning, because I'm already using that for backups of all the 
workstations and all the servers.  Hard drive backups instead of 
tape.  Without sysprep, I'm stuck being able to only clone like 
machines.  
 
I 
really need to learn to use Sysprep.  Too many fires burning right 
now.
 
Gary
 
 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Navroz ShariffSent: Wednesday, January 18, 2006 
3:29 PMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] AD computer accounts being removed
Hi Gary,
 
Try looking at this article from MS regarding 
'Resetting computer accounts in Windows 2000 and Windows 
XP'.
http://support.microsoft.com/kb/216393/EN-US/
 
Also, you join the computer to the domain and then 
change its name? 
Do you reset the SIDs of the cloned workstation 
using GhostWalker or Sysprep?
 
-Nav
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
GarypholdSent: Wednesday, January 18, 2006 3:04 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

Brenda,
 
FWIW:  It happens to me when I clone a workstation then try to join 
that workstation to the domain in order to change the computer name.  AD 
sees 2 machines with the same name, gives me a notification and lets the 2nd one 
in.  Then when the original machine with that name logs in next time, it 
isn't seen on the network.  Then I have to do the same thing you did - with 
the original machine.  Then all is well again.  Don't know 
if that will help, but it might narrow down the problem 
some.
 
Gary
 
Gary 
Polvinale
Denton 
ATD
 
 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda CaseySent: Wednesday, January 18, 2006 
2:24 PMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] AD computer accounts being removed
Yes, their computer account in AD is actually 
gone.
 
Thanks, 
Brenda
 
Brenda CaseyNetwork 
Manager
Billings Public 
Schools
[EMAIL PROTECTED]

406-247-3792
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

When you say "lose their account", do you mean the computer 
object in AD disappears? Or something else?
 
-g


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda 
CaseySent: Wednesday, January 18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed

Occasionally computers will lose their 
account in Active Directory for no apparent reason. Sometimes it is a 
computer that has just joined the domain, while other times the machine has been 
a member of the domain for 2 years.  The computer can only be logged on by 
a local account (not a domain account).  To remedy this, the computer has 
to be disjoined from the domain, join a workgroup, then join the domain 
again.  As I am sure you all are aware, this is not only time consuming, 
but very inappropriate to have to do.
 
 Has anyone else had this experience 
and how have you fixed it?
 
Thanks, 
Brenda

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Title: Message








We have roughly 650 unique nightmare LANs here. I’ve seem some
interesting things. Have a folder full of screenshots and JPEGs from site
visits to prove it. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 18, 2006
8:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

NetBEUI? Ouch.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
7:59 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Sysprep also removes other information which identifies the computer. For
example, I once had the pleasure of repairing a network where they had used
NewSID to do this and also had bound NetBEUI to every NIC in the LAN. I had 500
computers all claiming the same NetBEUI name. Sysprep takes care of things like
this. Highly recommended over any other tool.

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
7:27 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem.

 

Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem

Duplicate SIDs aren't an issue in a
Domain-based environment since domain accounts have SID's based on the Domain
SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not
Disk Duplicate Installed Versions of Windows NT", in a Workgroup
environment security is based on local account SIDs. Thus, if two computers
have users with the same SID, the Workgroup will not be able to distinguish
between the users. All resources, including files and Registry keys, that one
user has access to, the other will as well.

 

Aaron

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
3:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveD

RE: [ActiveDir] AD computer accounts being removed

[joe]

Title: Message



Yep sorry, didn't intend to say it wasn't a good idea. At 
some point the list will catch up and my post that says that will show up. 
:)


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brian 
DesmondSent: Wednesday, January 18, 2006 8:39 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


Dozen 
other reasons to run it. Not running sysprep is just a bad idea. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Wednesday, January 18, 2006 8:11 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Well not really. The 
important SID in question is the Domain SID and that isn't duped. The domain 
doesn't care about the machine SID. It is still good practice to newsid the 
machines though.
 
If the accounts are 
disappearing it is one of two things
 
1. Someone is deleting 
it.
 
2. During the join 
process something fails and the computer deletes the object out. I don't recall 
the details of this but I do recall hearing it happen. It happens right after 
the failed join though, you don't have to wait for it. I have also heard 
other people who don't have enough rights report the account being disabled 
instead of deleted. I never verified personally either. 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 6:50 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 5:44 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary, 
Brian,
 
I do not use Sysprep on 
my images and have yet to come across any problems, but there may be one big 
difference with my images, before I ghost them or create the image I put the 
said machine into a workgroup and then create image.  After I have imaged a 
computer I log on and change the Computer Name reboot and then join the domain 
with the new computer name, should I be using Sysprep? 

 
And Brenda I have 
experienced your problem but I have never noticed the accounts actually being 
out of AD, anyways most times for me a simple reboot works although I have had 
to actually ghost computers in order to rejoin the domain because I do not have 
any local accounts active on my computers in the school, makes it a little safer 
J but with that comes 
more work L
 
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 12:38 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 

Brenda,

 

FWIW:  It happens 
to me when I clone a workstation then try to join that workstation to the domain 
in order to change the computer name.  AD sees 2 machines with the same 
name, gives me a notification and lets the 2nd one in.  Then when the 
original machine with that name logs in next time, it isn't seen on the 
network.  Then I have to do the same thing you did - with the original 
machine.  Then all is well again.  Don't know if that will 
help, but it might narrow down the problem 
some.

 

Gary

 

Gary 
Polvinale

Denton 
ATD

 

 
-Original 
Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 2:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Yes, 
their computer account in AD is actually 
gone.

 
Thanks, 

Brenda
 
Brenda 
CaseyNetwork 
Manager
Billings 
Public Schools
[EMAIL PROTECTED]
406-247-3792

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Gil 
KirkpatrickSent: Wednesday, 
January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
When you say "lose 
their account", do you mean the computer object in AD disappears? Or something 
else?
 
-g
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed
Occasionally 
computers will lose their account in Acti

RE: [ActiveDir] AD computer accounts being removed

[joe]

And further, I am not trying to say I am always right. Quite the contrary,
fully 50% of what I say is flat out incorrect, made up, or complete opinion.
Your job is to try to figure out what is and isn't in that 50%. Preferably
prior to changing your environment based on something I said. :o)

Or to put it another simpler way, mileage varies. What works very well for
me may not be in your best interest. 

I would like to hear the technical details behind the SID issues from that
article though. Maybe I will follow the link. Though I doubt what I want is
there. Very little serious deep tech in that mag anymore. The tech stuff I
previously wrote for them they stopped putting in the mag and started
putting in their over the top highly overpriced "professional newsletters"
that were $100+ for 12 tiny little issues that looked like a small school
newspaper.


  joe

 

-Original Message-
From: joe [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 18, 2006 9:14 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] AD computer accounts being removed

Don't get me wrong though... Sysprep/newsid, follow the process. I am
absolutely not telling people to image machines and deploy them without
cleaning them up. If you have odd things happening and are not following the
recommended processes, it is all on you and you get to take responsibility
for what you do. :)

 

-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 9:01 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] AD computer accounts being removed

I would like to see the details of what the issues are. Windows IT Pro mag
is a nice mag and all, but there is no real technical review of the
articles, you can say about anything you want to and I have seen several
examples. Ditto for Redmond Mag and SearchWindows*, etc.  

I don't think the people actually test the stuff they say in a lot of those
articles though they try to state it authoritatively.
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the SID 
> Duplication Problem
>
>
>   snip

Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html

At the start of the GUI phase of installation each NT/2000 installation
generates a unique Security IDentifier (SID). If you then clone a
workstation each installation would have the same machine SID.
This is not a problem in a Windows NT 4.0 domain as users have a SID
generated by the domain controller and do not user the local workstation SID
for security. It IS a problem in a Windows 2000 domain as the local machine
SID is used in nearly all aspects of security and before migrating to 2000
you should resolve any duplicate SID issues which may have been caused by
cloning installations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[joe]

Don't get me wrong though... Sysprep/newsid, follow the process. I am
absolutely not telling people to image machines and deploy them without
cleaning them up. If you have odd things happening and are not following the
recommended processes, it is all on you and you get to take responsibility
for what you do. :)

 

-Original Message-
From: joe [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 18, 2006 9:01 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] AD computer accounts being removed

I would like to see the details of what the issues are. Windows IT Pro mag
is a nice mag and all, but there is no real technical review of the
articles, you can say about anything you want to and I have seen several
examples. Ditto for Redmond Mag and SearchWindows*, etc.  

I don't think the people actually test the stuff they say in a lot of those
articles though they try to state it authoritatively.
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the SID 
> Duplication Problem
>
>
>   snip

Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html

At the start of the GUI phase of installation each NT/2000 installation
generates a unique Security IDentifier (SID). If you then clone a
workstation each installation would have the same machine SID.
This is not a problem in a Windows NT 4.0 domain as users have a SID
generated by the domain controller and do not user the local workstation SID
for security. It IS a problem in a Windows 2000 domain as the local machine
SID is used in nearly all aspects of security and before migrating to 2000
you should resolve any duplicate SID issues which may have been caused by
cloning installations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[joe]

I would like to see the details of what the issues are. Windows IT Pro mag
is a nice mag and all, but there is no real technical review of the
articles, you can say about anything you want to and I have seen several
examples. Ditto for Redmond Mag and SearchWindows*, etc.  

I don't think the people actually test the stuff they say in a lot of those
articles though they try to state it authoritatively.
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the SID 
> Duplication Problem
>
>
>   snip

Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html

At the start of the GUI phase of installation each NT/2000 installation
generates a unique Security IDentifier (SID). If you then clone a
workstation each installation would have the same machine SID.
This is not a problem in a Windows NT 4.0 domain as users have a SID
generated by the domain controller and do not user the local workstation SID
for security. It IS a problem in a Windows 2000 domain as the local machine
SID is used in nearly all aspects of security and before migrating to 2000
you should resolve any duplicate SID issues which may have been caused by
cloning installations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Title: Message








Dozen other reasons to run it. Not running sysprep is just a bad idea. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Wednesday, January 18, 2006
8:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well not really. The important SID in
question is the Domain SID and that isn't duped. The domain doesn't care about
the machine SID. It is still good practice to newsid the machines though.

 

If the accounts are disappearing it is one
of two things

 

1. Someone is deleting it.

 

2. During the join process something fails
and the computer deletes the object out. I don't recall the details of this but
I do recall hearing it happen. It happens right after the failed join though,
you don't have to wait for it. I have also heard other people who don't
have enough rights report the account being disabled instead of deleted. I
never verified personally either. 

 

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
6:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer
accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy th

Re: [ActiveDir] AD computer accounts being removed

[AdamT]

On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the
> SID Duplication Problem
>
>
>   snip

Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html

At the start of the GUI phase of installation each NT/2000
installation generates a unique Security IDentifier (SID). If you then
clone a workstation each installation would have the same machine SID.
This is not a problem in a Windows NT 4.0 domain as users have a SID
generated by the domain controller and do not user the local
workstation SID for security. It IS a problem in a Windows 2000 domain
as the local machine SID is used in nearly all aspects of security and
before migrating to 2000 you should resolve any duplicate SID issues
which may have been caused by cloning installations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[joe]

Title: Message



NetBEUI? Ouch.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brian 
DesmondSent: Wednesday, January 18, 2006 7:59 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


Sysprep 
also removes other information which identifies the computer. For example, I 
once had the pleasure of repairing a network where they had used NewSID to do 
this and also had bound NetBEUI to every NIC in the LAN. I had 500 computers all 
claiming the same NetBEUI name. Sysprep takes care of things like this. Highly 
recommended over any other tool.
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 7:27 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Well I would agree that 
is not a safe practice for most but for my application where all Local accounts 
are disabled I do not see a problem.
 
Taken 
from http://www.sysinternals.com/Utilities/NewSid.html 
under the SID Duplication Problem
Duplicate SIDs aren't 
an issue in a Domain-based environment since domain accounts have SID's based on 
the Domain SID. But, according to Microsoft Knowledge Base article Q162001, "Do 
Not Disk Duplicate Installed Versions of Windows NT", in a Workgroup environment 
security is based on local account SIDs. Thus, if two computers have users with 
the same SID, the Workgroup will not be able to distinguish between the users. 
All resources, including files and Registry keys, that one user has access to, 
the other will as well.
 
Aaron
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 3:50 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 5:44 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary, 
Brian,
 
I do not use Sysprep on 
my images and have yet to come across any problems, but there may be one big 
difference with my images, before I ghost them or create the image I put the 
said machine into a workgroup and then create image.  After I have imaged a 
computer I log on and change the Computer Name reboot and then join the domain 
with the new computer name, should I be using Sysprep? 

 
And Brenda I have 
experienced your problem but I have never noticed the accounts actually being 
out of AD, anyways most times for me a simple reboot works although I have had 
to actually ghost computers in order to rejoin the domain because I do not have 
any local accounts active on my computers in the school, makes it a little safer 
J but with that comes 
more work L
 
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 12:38 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 

Brenda,

 

FWIW:  It happens 
to me when I clone a workstation then try to join that workstation to the domain 
in order to change the computer name.  AD sees 2 machines with the same 
name, gives me a notification and lets the 2nd one in.  Then when the 
original machine with that name logs in next time, it isn't seen on the 
network.  Then I have to do the same thing you did - with the original 
machine.  Then all is well again.  Don't know if that will 
help, but it might narrow down the problem 
some.

 

Gary

 

Gary 
Polvinale

Denton 
ATD

 

 
-Original 
Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 2:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Yes, 
their computer account in AD is actually 
gone.

 
Thanks, 

Brenda
 
Brenda 
CaseyNetwork 
Manager
Billings 
Public Schools
[EMAIL PROTECTED]
406-247-3792

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Gil 
KirkpatrickSent: Wednesday, 
January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
When you say "lose 
their account", do you mean the computer object in AD disappears? Or something 
else?
 
-g
 

RE: [ActiveDir] AD computer accounts being removed

[joe]

Title: Message



Well not really. The important SID in question is the 
Domain SID and that isn't duped. The domain doesn't care about the machine SID. 
It is still good practice to newsid the machines though.
 
If the accounts are disappearing it is one of two 
things
 
1. Someone is deleting it.
 
2. During the join process something fails and the computer 
deletes the object out. I don't recall the details of this but I do recall 
hearing it happen. It happens right after the failed join though, you don't have 
to wait for it. I have also heard other people who don't have enough rights 
report the account being disabled instead of deleted. I never verified 
personally either. 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brian 
DesmondSent: Wednesday, January 18, 2006 6:50 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 5:44 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary, 
Brian,
 
I do not use Sysprep on 
my images and have yet to come across any problems, but there may be one big 
difference with my images, before I ghost them or create the image I put the 
said machine into a workgroup and then create image.  After I have imaged a 
computer I log on and change the Computer Name reboot and then join the domain 
with the new computer name, should I be using Sysprep? 

 
And Brenda I have 
experienced your problem but I have never noticed the accounts actually being 
out of AD, anyways most times for me a simple reboot works although I have had 
to actually ghost computers in order to rejoin the domain because I do not have 
any local accounts active on my computers in the school, makes it a little safer 
J but with that comes 
more work L
 
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 12:38 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 

Brenda,

 

FWIW:  It happens 
to me when I clone a workstation then try to join that workstation to the domain 
in order to change the computer name.  AD sees 2 machines with the same 
name, gives me a notification and lets the 2nd one in.  Then when the 
original machine with that name logs in next time, it isn't seen on the 
network.  Then I have to do the same thing you did - with the original 
machine.  Then all is well again.  Don't know if that will 
help, but it might narrow down the problem 
some.

 

Gary

 

Gary 
Polvinale

Denton 
ATD

 

 
-Original 
Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 2:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Yes, 
their computer account in AD is actually 
gone.

 
Thanks, 

Brenda
 
Brenda 
CaseyNetwork 
Manager
Billings 
Public Schools
[EMAIL PROTECTED]
406-247-3792

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Gil 
KirkpatrickSent: Wednesday, 
January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
When you say "lose 
their account", do you mean the computer object in AD disappears? Or something 
else?
 
-g
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed
Occasionally 
computers will lose their account in Active Directory for no apparent 
reason. Sometimes it is a computer that has just joined the domain, while 
other times the machine has been a member of the domain for 2 years.  The 
computer can only be logged on by a local account (not a domain account).  
To remedy this, the computer has to be disjoined from the domain, join a 
workgroup, then join the domain again.  As I am sure you all are aware, 
this is not only time consuming, but very inappropriate to have to 
do.
 
 Has 
anyone else had this experience and how have you fixed 
it?

 
Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Title: Message








Sysprep also removes other information which identifies the computer. For
example, I once had the pleasure of repairing a network where they had used
NewSID to do this and also had bound NetBEUI to every NIC in the LAN. I had 500
computers all claiming the same NetBEUI name. Sysprep takes care of things like
this. Highly recommended over any other tool.

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
7:27 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem.

 

Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem

Duplicate SIDs aren't an issue in a
Domain-based environment since domain accounts have SID's based on the Domain
SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not
Disk Duplicate Installed Versions of Windows NT", in a Workgroup
environment security is based on local account SIDs. Thus, if two computers
have users with the same SID, the Workgroup will not be able to distinguish
between the users. All resources, including files and Registry keys, that one
user has access to, the other will as well.

 

Aaron

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
3:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer
accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer
accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM

RE: [ActiveDir] AD computer accounts being removed

[Aaron Visser]

Title: Message








Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem.

 

Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem

Duplicate SIDs aren't an issue in a
Domain-based environment since domain accounts have SID's based on the Domain
SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not
Disk Duplicate Installed Versions of Windows NT", in a Workgroup environment
security is based on local account SIDs. Thus, if two computers have users with
the same SID, the Workgroup will not be able to distinguish between the users.
All resources, including files and Registry keys, that one user has access to,
the other will as well.

 

Aaron

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
3:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone a
workstation then try to join that workstation to the domain in order to change
the computer name.  AD sees 2 machines with the same name, gives me a
notification and lets the 2nd one in.  Then when the original machine with
that name logs in next time, it isn't seen on the network.  Then I have to
do the same thing you did - with the original machine.  Then all is
well again.  Don't know if that will help, but it might narrow down
the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Aaron Visser]

No it is not possible to delete that account. (As far as I know) but there
are times when the account has been disabled thru a Policy (that is how I
disable it) and that program has not worked, I know it doesn't make a lot of
sense because why is the policy being enforced if it will not connect to the
domain but guess what sometimes it is like that, and if everything always
worked the way it was supposed to well then we wouldn't be needed now would
we?

Aaron Visser


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 3:10 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/18/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
snip
>  I have had to actually ghost computers in order to rejoin the
> domain because I do not have any local accounts active on my computers in
> the school, makes it a little safer J but with that comes more work L
>
Surely it's not possible to delete the administrator account?

You might be able to disable it, but IIRC, you can reset the password
and unlock/re-enable to account using the infamous bootdisk at:
http://home.eunet.no/~pnordahl/ntpasswd/

Shouldn't need to re-image.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Gil Kirkpatrick]

Title: Message



Let me find my rolled up newspaper... 
:)


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brian 
DesmondSent: Wednesday, January 18, 2006 4:50 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


NO 
NO NO NO NO BAD BAD BAD
 
You 
have to use sysprep. You’re getting duplicate SIDs here – bad. 

 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Aaron 
VisserSent: Wednesday, January 
18, 2006 5:44 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary, 
Brian,
 
I do not use Sysprep on 
my images and have yet to come across any problems, but there may be one big 
difference with my images, before I ghost them or create the image I put the 
said machine into a workgroup and then create image.  After I have imaged a 
computer I log on and change the Computer Name reboot and then join the domain 
with the new computer name, should I be using Sysprep? 

 
And Brenda I have 
experienced your problem but I have never noticed the accounts actually being 
out of AD, anyways most times for me a simple reboot works although I have had 
to actually ghost computers in order to rejoin the domain because I do not have 
any local accounts active on my computers in the school, makes it a little safer 
J but with that comes 
more work L
 
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006 12:38 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 
Gary-
 
Are 
you implying you don’t sysprep your images?
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
 

Brenda,

 

FWIW:  It happens 
to me when I clone a workstation then try to join that workstation to the domain 
in order to change the computer name.  AD sees 2 machines with the same 
name, gives me a notification and lets the 2nd one in.  Then when the 
original machine with that name logs in next time, it isn't seen on the 
network.  Then I have to do the same thing you did - with the original 
machine.  Then all is well again.  Don't know if that will 
help, but it might narrow down the problem 
some.

 

Gary

 

Gary 
Polvinale

Denton 
ATD

 

 
-Original 
Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 2:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
Yes, 
their computer account in AD is actually 
gone.

 
Thanks, 

Brenda
 
Brenda 
CaseyNetwork 
Manager
Billings 
Public Schools
[EMAIL PROTECTED]
406-247-3792

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Gil 
KirkpatrickSent: Wednesday, 
January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed
When you say "lose 
their account", do you mean the computer object in AD disappears? Or something 
else?
 
-g
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed
Occasionally 
computers will lose their account in Active Directory for no apparent 
reason. Sometimes it is a computer that has just joined the domain, while 
other times the machine has been a member of the domain for 2 years.  The 
computer can only be logged on by a local account (not a domain account).  
To remedy this, the computer has to be disjoined from the domain, join a 
workgroup, then join the domain again.  As I am sure you all are aware, 
this is not only time consuming, but very inappropriate to have to 
do.
 
 Has 
anyone else had this experience and how have you fixed 
it?

 
Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Title: Message








NO NO NO NO NO BAD BAD BAD

 

You have to use sysprep. You’re getting duplicate SIDs here –
bad. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost computers
in order to rejoin the domain because I do not have any local accounts active
on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine.  Then all
is well again.  Don't know if that will help, but it might narrow
down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

Re: [ActiveDir] AD computer accounts being removed

[AdamT]

On 1/18/06, Doug Ferguson <[EMAIL PROTECTED]> wrote:
> I would use NETDOM JOIN.  Type NETDOM JOIN /? To see the syntax.
>
Thanks, I'll look in to that.  Would save me lots of time talking
engineers through the process of joining a domain when they turn up to
install new PCs.
I'm also somewhat unhappy with reading out account passwords over the
phone to engineers I've never met.  Netdom and psexec ought to take
care of this for me ;-)

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] AD computer accounts being removed

[AdamT]

On 1/18/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
snip
>  I have had to actually ghost computers in order to rejoin the
> domain because I do not have any local accounts active on my computers in
> the school, makes it a little safer J but with that comes more work L
>
Surely it's not possible to delete the administrator account?

You might be able to disable it, but IIRC, you can reset the password
and unlock/re-enable to account using the infamous bootdisk at:
http://home.eunet.no/~pnordahl/ntpasswd/

Shouldn't need to re-image.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Aaron Visser]

Title: Message








Gary, Brian,

 

I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image.  After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep? 

 

And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L

 

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 

Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Doug Ferguson]

I would use NETDOM JOIN.  Type NETDOM JOIN /? To see the syntax.

-;)

Doug Ferguson
Windows Systems Administrator
Hynix Semiconductor Manufacturing America, Inc.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 2:03 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/18/06, Crawford, Scott <[EMAIL PROTECTED]> wrote:

> For example, if the
> domain box shows MICROSOFT, change it to Microsoft.com or vice-versa.
This
> seems to trigger a domain rejoin without having to join the workgroup.
>
> snip

On a side-note - is there a command line utility which will allow a
workstation to be renamed/joined to a domain?

I'm aware of a way of creating a computer account using the NET
command, but this has to be done from the server, and ideally, I'm
hoping there's a way of joining from the NT4/2kpro/XP workstations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Coleman, Hunter]

Look at netdom.exe 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 3:03 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed

On 1/18/06, Crawford, Scott <[EMAIL PROTECTED]> wrote:

> For example, if the
> domain box shows MICROSOFT, change it to Microsoft.com or vice-versa.

> This seems to trigger a domain rejoin without having to join the
workgroup.
>
> snip

On a side-note - is there a command line utility which will allow a
workstation to be renamed/joined to a domain?

I'm aware of a way of creating a computer account using the NET command,
but this has to be done from the server, and ideally, I'm hoping there's
a way of joining from the NT4/2kpro/XP workstations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] AD computer accounts being removed

[AdamT]

On 1/18/06, Crawford, Scott <[EMAIL PROTECTED]> wrote:

> For example, if the
> domain box shows MICROSOFT, change it to Microsoft.com or vice-versa.  This
> seems to trigger a domain rejoin without having to join the workgroup.
>
> snip

On a side-note - is there a command line utility which will allow a
workstation to be renamed/joined to a domain?

I'm aware of a way of creating a computer account using the NET
command, but this has to be done from the server, and ideally, I'm
hoping there's a way of joining from the NT4/2kpro/XP workstations.

--
AdamT
"Maidenhead is *not* in Kent"
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD computer accounts being removed

[Doug Ferguson]

We have seen the same thing in our
organization, and I am investigating whether our technician that does the
images for our desktop deployments has been using the wrong version of
Sysprep.  I read on the MS site that there are versions of Sysprep for
different OS levels (or service packs).  Just a thought.

 

-;)

 

Doug Ferguson

Windows Systems Administrator

Hynix Semiconductor Manufacturing America,
Inc.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
9:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed



 

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Gil Kirkpatrick]

You might enable auditing on the appropriate OU to find out 
who is doing the deleting. You  need to enable AD auditing in the Domain 
Controllers group policy, and then add auditing entries on the security 
descriptor of the appropriate OU, e.g CN=Computers to track creation and 
deletion of Computer objects.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda 
CaseySent: Wednesday, January 18, 2006 12:24 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

Yes, their computer account in AD is actually 
gone.
 
Thanks, 
Brenda
 
Brenda CaseyNetwork 
Manager
Billings Public 
Schools
[EMAIL PROTECTED]

406-247-3792
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

When you say "lose their account", do you mean the computer 
object in AD disappears? Or something else?
 
-g


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda 
CaseySent: Wednesday, January 18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed

Occasionally computers will lose their 
account in Active Directory for no apparent reason. Sometimes it is a 
computer that has just joined the domain, while other times the machine has been 
a member of the domain for 2 years.  The computer can only be logged on by 
a local account (not a domain account).  To remedy this, the computer has 
to be disjoined from the domain, join a workgroup, then join the domain 
again.  As I am sure you all are aware, this is not only time consuming, 
but very inappropriate to have to do.
 
 Has anyone else had this experience 
and how have you fixed it?
 
Thanks, 
Brenda

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Title: Message








Gary-

 

Are you implying you don’t sysprep your images?

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed



 



Brenda,





 





FWIW:  It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name.  AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in.  Then when the original machine
with that name logs in next time, it isn't seen on the network.  Then I
have to do the same thing you did - with the original machine. 
Then all is well again.  Don't know if that will help, but it
might narrow down the problem some.





 





Gary





 





Gary Polvinale





Denton ATD





 





 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD computer
accounts being removed

Yes,
their computer account in AD is actually gone.



 



Thanks, 

Brenda

 

Brenda
Casey
Network Manager

Billings
Public Schools

[EMAIL PROTECTED]

406-247-3792



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD
computer accounts being removed

When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?

 

-g

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Navroz Shariff]

Title: Message



Hi Gary,
 
Try looking at this article from MS regarding 
'Resetting computer accounts in Windows 2000 and Windows 
XP'.
http://support.microsoft.com/kb/216393/EN-US/
 
Also, you join the computer to the domain and then 
change its name? 
Do you reset the SIDs of the cloned workstation 
using GhostWalker or Sysprep?
 
-Nav
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
GarypholdSent: Wednesday, January 18, 2006 3:04 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

Brenda,
 
FWIW:  It happens to me when I clone a workstation then try to join 
that workstation to the domain in order to change the computer name.  AD 
sees 2 machines with the same name, gives me a notification and lets the 2nd one 
in.  Then when the original machine with that name logs in next time, it 
isn't seen on the network.  Then I have to do the same thing you did - with 
the original machine.  Then all is well again.  Don't know 
if that will help, but it might narrow down the problem 
some.
 
Gary
 
Gary 
Polvinale
Denton 
ATD
 
 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda CaseySent: Wednesday, January 18, 2006 
2:24 PMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] AD computer accounts being removed
Yes, their computer account in AD is actually 
gone.
 
Thanks, 
Brenda
 
Brenda CaseyNetwork 
Manager
Billings Public 
Schools
[EMAIL PROTECTED]

406-247-3792
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

When you say "lose their account", do you mean the computer 
object in AD disappears? Or something else?
 
-g


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda 
CaseySent: Wednesday, January 18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed

Occasionally computers will lose their 
account in Active Directory for no apparent reason. Sometimes it is a 
computer that has just joined the domain, while other times the machine has been 
a member of the domain for 2 years.  The computer can only be logged on by 
a local account (not a domain account).  To remedy this, the computer has 
to be disjoined from the domain, join a workgroup, then join the domain 
again.  As I am sure you all are aware, this is not only time consuming, 
but very inappropriate to have to do.
 
 Has anyone else had this experience 
and how have you fixed it?
 
Thanks, 
Brenda

RE: [ActiveDir] AD computer accounts being removed

[Crawford, Scott]

I don’t have any suggestions for why
its happening or how to prevent it, but I do have a tip for speeding up the
rejoin process.  I’ve never had a problem ignoring the reboot prompt
after you remove it from the domain.  So basically, I just add it to a
workgroup, ignore the reboot prompt, add to the domain, then reboot.  This
saves you a reboot which is really what makes this so time consuming.  Also,
Dan Holme suggested just changing the name of the domain from its DNS name to
its NetBIOS name.  For example, if the domain box shows MICROSOFT, change it to
Microsoft.com or vice-versa.  This seems to trigger a domain rejoin without
having to join the workgroup.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
11:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed



 

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Garyphold]

Title: Message



Brenda,
 
FWIW:  It happens to me when I clone a workstation then try to join 
that workstation to the domain in order to change the computer name.  AD 
sees 2 machines with the same name, gives me a notification and lets the 2nd one 
in.  Then when the original machine with that name logs in next time, it 
isn't seen on the network.  Then I have to do the same thing you did - with 
the original machine.  Then all is well again.  Don't know 
if that will help, but it might narrow down the problem 
some.
 
Gary
 
Gary 
Polvinale
Denton 
ATD
 
 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda CaseySent: Wednesday, January 18, 2006 
2:24 PMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] AD computer accounts being removed
Yes, their computer account in AD is actually 
gone.
 
Thanks, 
Brenda
 
Brenda CaseyNetwork 
Manager
Billings Public 
Schools
[EMAIL PROTECTED]

406-247-3792
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

When you say "lose their account", do you mean the computer 
object in AD disappears? Or something else?
 
-g


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda 
CaseySent: Wednesday, January 18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed

Occasionally computers will lose their 
account in Active Directory for no apparent reason. Sometimes it is a 
computer that has just joined the domain, while other times the machine has been 
a member of the domain for 2 years.  The computer can only be logged on by 
a local account (not a domain account).  To remedy this, the computer has 
to be disjoined from the domain, join a workgroup, then join the domain 
again.  As I am sure you all are aware, this is not only time consuming, 
but very inappropriate to have to do.
 
 Has anyone else had this experience 
and how have you fixed it?
 
Thanks, 
Brenda

RE: [ActiveDir] AD computer accounts being removed

[Brenda Casey]

Yes, their computer account in AD is actually 
gone.
 
Thanks, 
Brenda
 
Brenda CaseyNetwork 
Manager
Billings Public 
Schools
[EMAIL PROTECTED]

406-247-3792
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed

When you say "lose their account", do you mean the computer 
object in AD disappears? Or something else?
 
-g


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda 
CaseySent: Wednesday, January 18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed

Occasionally computers will lose their 
account in Active Directory for no apparent reason. Sometimes it is a 
computer that has just joined the domain, while other times the machine has been 
a member of the domain for 2 years.  The computer can only be logged on by 
a local account (not a domain account).  To remedy this, the computer has 
to be disjoined from the domain, join a workgroup, then join the domain 
again.  As I am sure you all are aware, this is not only time consuming, 
but very inappropriate to have to do.
 
 Has anyone else had this experience 
and how have you fixed it?
 
Thanks, 
Brenda

RE: [ActiveDir] AD computer accounts being removed

[Brenda Casey]

No, there is not any lockdown type of software 
on these machines.  
 
Thanks, 
Brenda
 
Brenda CaseyNetwork 
Manager
Billings Public 
Schools
[EMAIL PROTECTED]

406-247-3792
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brian 
DesmondSent: Wednesday, January 18, 2006 11:02 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer 
accounts being removed


Brenda-
 
I 
see the k12 email address (I run AD for Chicago Public Schools), first question 
I have to ask is do you have any lockdown software on these computers? 
DeepFreeze, Fortress, or similar? This will screw with and hose up computer 
password sync. 
 

Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brenda 
CaseySent: Wednesday, January 
18, 2006 12:42 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed
 
Occasionally 
computers will lose their account in Active Directory for no apparent 
reason. Sometimes it is a computer that has just joined the domain, while 
other times the machine has been a member of the domain for 2 years.  The 
computer can only be logged on by a local account (not a domain account).  
To remedy this, the computer has to be disjoined from the domain, join a 
workgroup, then join the domain again.  As I am sure you all are aware, 
this is not only time consuming, but very inappropriate to have to 
do.
 
 Has 
anyone else had this experience and how have you fixed 
it?

 
Thanks, 

Brenda

RE: [ActiveDir] AD computer accounts being removed

[Gil Kirkpatrick]

When you say "lose their account", do you mean the computer 
object in AD disappears? Or something else?
 
-g


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda 
CaseySent: Wednesday, January 18, 2006 10:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer accounts 
being removed

Occasionally computers will lose their 
account in Active Directory for no apparent reason. Sometimes it is a 
computer that has just joined the domain, while other times the machine has been 
a member of the domain for 2 years.  The computer can only be logged on by 
a local account (not a domain account).  To remedy this, the computer has 
to be disjoined from the domain, join a workgroup, then join the domain 
again.  As I am sure you all are aware, this is not only time consuming, 
but very inappropriate to have to do.
 
 Has anyone else had this experience 
and how have you fixed it?
 
Thanks, 
Brenda

RE: [ActiveDir] AD computer accounts being removed

[Brian Desmond]

Brenda-

 

I see the k12 email address (I run AD for Chicago Public Schools), first
question I have to ask is do you have any lockdown software on these computers?
DeepFreeze, Fortress, or similar? This will screw with and hose up computer password
sync. 

 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
12:42 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD computer
accounts being removed



 

Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years.  The
computer can only be logged on by a local account (not a domain account). 
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again.  As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.

 

 Has
anyone else had this experience and how have you fixed it?



 



Thanks, 

Brenda

[ActiveDir] AD computer accounts being removed

[Brenda Casey]

Occasionally computers will lose their 
account in Active Directory for no apparent reason. Sometimes it is a 
computer that has just joined the domain, while other times the machine has been 
a member of the domain for 2 years.  The computer can only be logged on by 
a local account (not a domain account).  To remedy this, the computer has 
to be disjoined from the domain, join a workgroup, then join the domain 
again.  As I am sure you all are aware, this is not only time consuming, 
but very inappropriate to have to do.
 
 Has anyone else had this experience 
and how have you fixed it?
 
Thanks, 
Brenda