Issue with Windows XP Cached Domain Credentials with Windows Server 2003 Active Directory...

Windows XP Cached Domain Credentials

I am having some issues with Windows XP Cached Domain Credentials and was looking for confirmation of my suspicions and guidance. We recently moved our enterprise headquarters and did a mass rename of all of the domain workstations (to reflect the new location and incorporate our newly implemented asset controls into our naming convention).

Except for a few application issues with relating to processes being tied to machine names, all appeared to have gone well.  We did however discover a major issue with some of our laptop users.  The machine rename seemed to invalidate/clear the cached domain credentials.

As best as we can tell, if the machine renamed and restarted and the user did not log back in after the restart while connected to the domain, there cached credentials arent there.  At that point they cannot log in with anything but a local account until they again connect the laptop to the domain.

We have identified that there were 2 different core scenarios under which the renames were accomplished.  We arent sure if this cached credentials issues is the result from one or both scenarios.  

Scenario 1:  The bulk of the rename was done by a script that we put in the domain users login log.  By cross referencing several different logs and databases were able to provide the script with the information required to determine the various elements that went into the rename.  Along the same line, if the cross referencing didnt have all of our specified parameters or if the cross checks failed because of an inconsistency those machine names were logged and our IT group manually renamed the machines.  (Although the method was different the underlying process was the same and we are looking at both of these procedures as if they were the same.)

Scenario 2:  When the automated rename failed and it was logged.  IT manually went to the machine to rename it (as state above), HOWEVER, in some instances the machine wont rename manually either.  Whether is be an AD machine registration issue or whatever, the method to accomplish the rename was to change the name and at the same time remove the machine from the domain and join it to a workgroup.  We restarted the machine and upon login with the local administrator account, we rejoined it to the domain and allowed an additional restart to complete adding it back to the domain.

Our personally suspicions are that 2nd scenario was a creator of the issue but we arent sure about the 1st scenario.

Also we have looked at ways to try and get the users domain credentials re-cached if they were able to get logged in with a local account.

Any thoughts and insight on this would be greatly appreciated.
Start Free Trial