techcreebParticipantApril 30, 2016 at 1:33 am #166324
Hi guys thanks a lot for ur help,ur help is appreciated .I got a weird trust situation where Windows 7 pc’s are most often losing or droping out of the domain and when I rejoin them by first workgroup and back to domain than in few weeks it happens again…Pls any body have a clue on what might be causing this on our domain/DNS…Also sometimes I can not logging with server name through RDP to a remote server unless I use the IP Address….pls any help or advice will be highly appreciated….Thank you very much.
OssianModeratorApril 30, 2016 at 3:47 am #191201
Check the clocks vs the PDC Emulator role – if they are more than (default of) 5 mins out of sync, you will get this – note the allowable value can be changed through a GPO so yours may be differentApril 30, 2016 at 11:14 am #379614
Thanks a lot..You mean the Windows systems clock and I believe u me the doc as PDC emuApril 30, 2016 at 12:36 pm #379616
Hi Ossian, I check the PDC against the system clock and the clock is ok……pls do u kno somethings else I can check…..thanks
OssianModeratorMay 1, 2016 at 12:00 am #191204
OK, so to confirm,the clocks on the Win7 boxes are within 5 minutes (or your actual figure) of the clock on the Domain Controller holding the PDC Emulator FSMO.
If not that, could there be another DC that is not in sync with the remainder of the DCs?May 1, 2016 at 2:03 am #379618
You could be correct on the workstations as I could not check the time on the workstation it till Monday.But our DC are in sync with time and as soon I verify the workstation I will let you know…Thanks for ur help
BloodModeratorMay 3, 2016 at 9:03 am #337107
There are also various methods of re-joining. You can ‘reset’ the computer account; remove the client from the domain, reset, then rejoin; or delete the account after removing the PC from the domain so that a new computer account is created when you ‘cleanly’ add the PC to the domain. I’d research this properly, as I’ve seen various opinions about which is best.
AnonymousMay 4, 2016 at 1:15 pm #371925
You can use the cmd-line tool ‘netdom’ to reset the computer’s password on the domain, without having to go thru the delay of the divorce-then-rejoin multiple reboot sequence. The only gotcha is that ‘netdom’ isn’t included in Win7 by default, but it’s easy to put there. Netdom is installed on Server 2008 (&R2), so could be copied from inside any server on your system at that level. I’ve used this on servers and clients with equal success. You’ll need to copy 2 files from a server to the same folder names on a client: ‘netdom.exe’ from c:windowssystem32 and ‘netdom.exe.mui’ from c:windowssystem32en-us.
For the use/syntax of the command itself, have a read at: “http://ss64.com/nt/netdom-resetpwd.html” I tried several times to post the exact steps but the forum inspection engine kept blocking me. Just be sure your cmd prompt is running at the elevated (run as administrator) level. When you get the ‘success’ message, restart the client just this once.
PCs don’t normally just ‘lose’ the trust with their domain, unless the domain is sick. If you need to keep things limping along until you figure out what’s up with AD and your DNS services, you could copy the 2 needed files to the correct directories on all the clients, so it can be run on them at any time. But by all means, you need to diagnose your domain issues.
You must be logged in to reply to this topic.