tmccabe
asked on
Newly built systems cant logon to domain
When I build a new system and initially try to logon to the domain (mixed mode AD and one BDC) I always get an error about the "primary account" etc. and I have to wait for a while before the system can logon to the domain with a legitimate user logon.
I have no problem geting to network resources if I use the local admin logon but it seems I always have to wait for a while before my domain logon works. Im sure it has something to do with DNS or WINS perhaps ? Any ideas ?
I have no problem geting to network resources if I use the local admin logon but it seems I always have to wait for a while before my domain logon works. Im sure it has something to do with DNS or WINS perhaps ? Any ideas ?
ASKER
50 thousand computers on your lan ? betcha cant name them all
ASKER
Seriously though, what part of AD handles this ? I want to find out.
How are you building machines? Imaging? did the prototype system have a domain account? how are you adding machines to the domain (or are you?)? Do you have many, or just a few DCs? are they all local or distributed geographically? More information on your problem please
"betcha cant name them all" >> you would be correct. I only deal with about 3500 of them in my little corner of the network; I can't even name all of them, even with our naming conventions.
-Steve
"betcha cant name them all" >> you would be correct. I only deal with about 3500 of them in my little corner of the network; I can't even name all of them, even with our naming conventions.
-Steve
ASKER
Yarno - Its a single domain with 2 AD DC's and one BDC leftover as we are in mixed mode. and I get the same result if I "build" from scratch or use a ghost image for those systems that we have a lot of.
I noticed that when systems were added to the domain back when it was an NT4 PDC prior to migrating to AD this never happened.
I noticed that when systems were added to the domain back when it was an NT4 PDC prior to migrating to AD this never happened.
Do you have a machine doing PDC emulation?
-Steven Yarnot
-Steven Yarnot
ASKER
the "main" DC running AD was once a PDC that was promoted during migration using DCpromo. I have one other DC that was Windows 2000 from scratch and one old BDC that hasnt been retired yet.
ASKER
the "main" DC running AD was once a PDC that was promoted during migration using DCpromo. I have one other DC that was Windows 2000 from scratch and one old BDC that hasnt been retired yet.
ASKER
the "main" DC running AD was once a PDC that was promoted during migration using DCpromo. I have one other DC that was Windows 2000 from scratch and one old BDC that hasnt been retired yet.
If running DHCP - have DHCP do auto updating to DNS. It will give a list of computers/IPs it serves to the DNS server. That might speed things up.
what others things are you getting your PDC to do or is just SOA?
ASKER
Steve - is there a setting for updating the AD database or for how long it should take for the "machine account" to be created ? We have a simple one domain , 3 DC network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Where I am at, we have more than 50K machines on our network and are in every time zone on the planet; when we add a machine to the domain, we need to wait until at least the local DCs are aware of the PC before we can use it on the domain; for us this delay is usually less than 15 mins.
HTH
-Steven Yarnot
http://yarnosg.home.insightbb.com