Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

RIS Server 'Computer Account' limitations (induced by RIS to WinPE boots)

Posted on 2004-11-08
17
Medium Priority
?
305 Views
Last Modified: 2012-08-14
I'm running a Win2003 AD/RIS server that boots PXE enabled systems into a slightly modified  version of WinPE.  I presently have RIS set to autoname the systems PC## where the ## represents an incremental integer.  Once 100 'computer' accounts are reached (PC00 to PC99) in the OU (is that right, computer accounts are it's own OU right?) the RIS/PE instance will fail to generate a unique name of any more RIS booted systems.  Initially I thought this was a character limitation, but after decreasing the amount of chars used for a computer account name, I have been unable to resolve this 100 account limitation problem.  I have poked thru the GPO for this setting and have come up with nothing.

Does anyone know how to increase this undocumented limit so that I can boot an infinite amount of systems from my RIS to WinPE (or at least set an expiration time of the accounts so they GO away)?
0
Comment
Question by:jeremiahj
16 Comments
 
LVL 20

Expert Comment

by:What90
ID: 12528261
Hi jeremiahj,

I have a feeling your problem is due to the lack of correct permisions for RIS to create accounts in that OU. I have a nagging feeling that there's a hard coded basic limit for a standard account to create computer objects.
Try delegating permissions to create computer objects to the RIS account and see if that fixes the problem.
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 12528281
What90,

Thanks for the tip.  I'll give it a shot in the lab tomorrow and see what happens!

I should have known that was it, as I have run into a similar issue with sysprep...duh!

-JeremiahJ
0
 
LVL 11

Expert Comment

by:WeHe
ID: 12534374
in a w2k3 domain the limit for adding machines to AD by normal users is 10.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:jeremiahj
ID: 12534650
small problem...

which account does RIS use to add computer accounts to the domain?
0
 
LVL 11

Expert Comment

by:WeHe
ID: 12534713
The user who logs on using the Client Installation Wizard (CIW) is the one whose credentials are used to create the machine account, so the rights on the default container that will hold the machine account need to be modified to grant these rights.
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 12535213
done...

now i just need 49 more systems to boot of the RIS and ill know if this worked or not!

: )
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 12618098
elevating group membership to 'account operator' did not resolve the issue.  anyone else care to take a stab?
0
 
LVL 11

Expert Comment

by:WeHe
ID: 12619860
can you give us the detailed error message?
maybe it will shed some light on this.
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 12624547
I'll have to recreate it sometime this week, just takes a while to generate it as I have cleared the computer accounts already.

It fails out of PXE/PE installation with something like...

"Windows was unable to generate a a unique name/account for your system..."

Anyways, I'll make sure I get the rest and post later next week.
0
 
LVL 11

Expert Comment

by:WeHe
ID: 12625062
can you try this?

To make it possible for users to create computer accounts anywhere in the domain:
Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
In the left pane, right-click your domain name, and then click Delegate Control.
In the Delegation of Control Wizard, click Next.
Click Add.
Type the name of the group that requires permission to add computer accounts to the domain, and then click OK.
Click Next.
Click to select the Join a computer to the domain check box, and then click Next.
Click Finish.
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 12703523
quick update...

have been out of lab since last post. will try to get in this week and recreate. thanks for the input WeHe...
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 13260867
still no luck on this problem.

perhaps i am not delegation permissions to the right group?

can someone be more explicit about the step:

"Type the name of the group that requires permission to add computer accounts to the domain, and then click OK."

Thanks!
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 13723491
"I presently have RIS set to autoname the systems PC## where the ## represents an incremental integer..."

Eureka!

The ## was the limitation.  The naming convention I had elected was preventing additional names from being created, anything beyond PC99 is an invalid name, as ## is the char limitation on the integers - duh!

Ghetto solution: Have a batch process delete the computer accounts every so often.

Simple solution: Use the mac address token for PC name.
0
 
LVL 1

Author Comment

by:jeremiahj
ID: 14197104
I answered my own question...so how do I cleanly close this?
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 14197257
Hi, Jeramiahj

The proper way to do it is to request a PAQ/Refund in http://www.experts-exchange.com/Community_Support/ 

It is always good policy to ask to have the Q closed properly, even after a CV has come along and made a recommendation, but that said - my recommendation was to PAQ/Refund anyway. I saw you answered it yourself, and you provided enough information for someone with the same problem to work it out.

It would probably be wise for you to ask for a refund oficially, I don't know if the mods make black marks for those people who persistently abandon questions...

0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14229730
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question