No announcement yet.

Domain Access

  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Access

    Hello, I am wondering if there is an easier way to get computers back on the domain after a server rebuild. We had a SBS 2000 server, and migrated to Server 2000 Standard, and then upgraded to Windows 2003. We chose to do a fresh build of the AD user and computer accounts, instead of restoring the system state. After the rebuild, SOME of the computers will not log into the domain unless you put them in a workgroup and then rejoin them to the domain. The domain name, server name and IP address is the same as before the rebuild. The error when trying to login is that the PC cannot contact the domain controller. If I log on locally, I can ping the DC by it's name just fine. Any shortcut to acheiving this would be much appreciated. Thank you!
    Last edited by jasona; 15th September 2006, 01:20.

  • #2
    Re: Domain Access

    When you add machines to a network a special trust is configured between the workstation and the DC and a password set.

    Since you rebuilt your DC (Even thought the name and IP address are the same) the trust between the workstation and the DC is lost and password out of sync.

    Unfortunately your going to have to add the machines to a workgroud and then back onto the domain.

    try for ways to automate this.

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: Domain Access

      That is what I was afraid of! I have been busy getting them joined back up manually, and will look to automate this as suggested. Thank you again!


      • #4
        Re: Domain Access

        IMHO destroying and re-installing a domain is one of the worst IT decisions that can be made. Far too many people think because you make a user named BillG destroy AD and make another USER named BillG they will work the same. Think of the security implications of all the users named BillG in the world! Windows itself even warns you if you ever delete a user, you can never recreate that same user again - even though it may be named the same.
        In fact, a user name is just an alias for a SecurityID or SID which is (or most definitely should be) a unique number worldwide.
        Similarly when a computer joins a domain it is given a SID which, when you "recreate" a domain is equally unique.
        This is why I am such a strong proponent of aka as Swing Migration. The ONLY technique that I know of that preserves a domain structure and its AD (limitation: single domains)!

        Steven Teiger [SBS-MVP(2003-2009)]
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.