Friday, January 28, 2011

computer account not found

I joined a freshly wiped and reinstalled XP pro machine to my domain, and deleted the old computer as a pre-emptive measure to it telling me my PC was already on the domain and duplicates are not allowed. Now it says it cannot find my computer account when I try to log in. I've taken it off and put it back on the domain and it still says not found. I've looked in AD and can't find the PC so this makes sense. I don't know how else to create a computer in AD except to join it to the domain. Is another wipe the only solution?

I should probably add that I'm trying to avoid changing the computer name.

It is a physical machine, so no, not cloned.

domain is replicating properly, checked another DC to be sure.

I tried the new SID thing and that didn't work.

So now I've just created the computer manually in AD, but how do I know if it is actually using the appropriate group policy? In other words, how do I know that the actual machine is linked with the name created in AD?

  • You can just add the computer name to Active Directory right click on the computers object, choose new -> computer.

  • Sounds like you need to generate a new Security Identifier (SID). Make sure the machine is joined to a "Workgroup" instead of "Domain" (If you've tried to make it be in the domain and it failed but still shows as being in the domain, disjoin and reboot). Next download and run SysInternal's NewSID Application


    How it Works

    NewSID starts by reading the existing computer SID. A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account. This key has a value named F and a value named V. The V value is a binary value that has the computer SID embedded within it at the end of its data. NewSID ensures that this SID is in a standard format (3 32-bit subauthorities preceded by three 32-bit authority fields).

    Next, NewSID generates a new random SID for the computer. NewSID's generation takes great pains to create a truly random 96-bit value, which replaces the 96-bits of the 3 subauthority values that make up a computer SID.

    Three phases to the computer SID replacement follow. In the first phase, the SECURITY and SAM Registry hives are scanned for occurrences of the old computer SID in key values, as well as the names of the keys. When the SID is found in a value it is replaced with the new computer SID, and when the SID is found in a name, the key and its subkeys are copied to a new subkey that has the same name except with the new SID replacing the old.

    Reboot after computer has been renamed, and try joining it to the Domain again.

    therulebookman : When I joined to the domain after following all step it did not add the computer to the computers container.
    From l0c0b0x
  • Run sysprep on the system. This will reset the SID and should fix whatever machine account conflict the network is seeing. Was this machine cloned?

    From SQLChicken
  • If you didn't pre-create the computer account in Active Directory, the default location for it is in the Computers folder. If it's not there, try and pre-create the computer account in the proper location with the name that you're using. Then drop your computer into a workgroup, reboot, add it to the domain, reboot, and verify its domain membership.

  • Do you have multiple domain controllers? The computer may be logging on to a domain controller that has not replicated recently...

    From Yannone
  • It sounds like what you did was:

    • Joined new machine to domain.
    • Deleted computer account after join.

    Regardless as to whether that is the case, following these steps will fix it no matter what your SID is:

    • On the Workstation, log on as local administrator and remove the machine from the domain and reboot. When it prompts for credentials to leave the domain, just leave it blank and hit OK. You do not need to use AD Users and Computers at any point.
    • On the Workstation, after rebooting, log on as local admin and rejoin the domain. When it asks for credentials enter your Domain Admin or other privileged account. Again, you don't need to touch AD Users and Computers.
    • After rebooting, go look in AD Users and Computers. Search for your computer name (make sure when you search you change "Find" from "Users, Contacts and Groups" to "Computers" or your system won't show up.

    Your workstation should be there somewhere, assuming you don't have more issues with your domain.

    therulebookman : In my question I specifically stated that I had already taken the PC off and put it back on the domain and it still doesn't show up in AD, which is the process you describe here.
    From Neobyte
  • Well, I wiped it out again and used a different computer name from the start and it finally joined the domain and showed up in AD users and computers.

    I tried all the solutions mentioned here, plus a few of my own and it just would not co-operate.

    Thanks for everyone's help.

  • jus remove from domain rename and return to domain


Post a Comment