No announcement yet.

Original admin gone, computer dropped from the domain (was: How can this happen?)

  • Filter
  • Time
  • Show
Clear All
new posts

  • Original admin gone, computer dropped from the domain (was: How can this happen?)

    (Windows XP Pro SP2...)
    I am the 2nd of two IT people in our firm. A person from one of our satellite offices called me the other day saying he could no longer log into his laptop...

    After getting nowhere really fast, I finally asked him to use the administrator login and gave him the computer's password (Keep in mind, the computer, NOT the domain password). This no longer worked. Only a few minutes later did I find out that it was also no longer a part of the domain.

    How can a user drop the computer from a domain without having the correct login/password?

    I have finally resorted to him overnighting the laptop here and I also have found that this person has deleted the Administrator account and seems to have created a new account named "Admin" with a completely different password than I set up on this thing.

    So, long story short - read the title - HOW can this possibly happen? I want to prevent it forever!!!

    Any reply will be greatly appreciated!!!

  • #2
    Choose a better topic for your thread!

    Make sure you pick a better topic for your next thread. Failing to do so will result in your account being suspended for 2 weeks.

    As for your question:

    How do you know he deleted the original administrator? Maybe he renamed it. Check the object's SID, see if it ends with 500 or not.

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services


    • #3
      Re: Original admin gone, computer dropped from the domain

      First off, I apologize for not picking a better thread topic - I was summarizing my story as simply as I thought was possible.

      After I used the "reinstall" method with the original XP CD to get to a command prompt and created a new user to log in with, I found out the original computer admin account was disabled and a new account "Admin" was created roughly three minutes afterward.

      This is nervewrecking, and haven't found anything on the web with other network admins having this issue. We have strong passwords and only I.T. here has the proper rights to drop a computer from the domain. It's just weird.

      I never knew the SID tip though. Definitely something that will prove helpful in the future! Thanks!!!