Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

GPO to prevent Duplicate computer Accounts

  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO to prevent Duplicate computer Accounts

    I am having issues with duplicate computers accounts in my AD Server 2003 environment. This is causing trust relationship error. Is there any group policy out there which can prevent technicians to add a computer object with the name which already exists in AD?


  • #2
    Re: GPO to prevent Duplicate computer Accounts

    There is no option in the GPO to my knowledge.


    • #3
      Re: GPO to prevent Duplicate computer Accounts

      Can you explain the problem in more detail -- I presume you mean someone joins a computer to the domain with the same name as an existing one and "kidnaps" the computer account?

      Who has permission to join the domain -- consider prestaged accounts
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: GPO to prevent Duplicate computer Accounts

        Surely if technicians are adding PC's to the domain without knowing / checking the names already in use, you have to address this from a procedural point of view. I dont know how big your organisation is but you must have a record of the naming system in use (and consequently which PC names are already in the domain. Surely then create some sort of database (maintained by you/accessed by your technicians) to keep track and even offer the next name to be used could help prevent this. Failing that (and maybe as well), give them a good hard kicking!
        Last edited by gingerbeast121; 12th March 2010, 14:02.