We have 200 + PC running in a workgroup that has the same name as my AD domain. None of the machines are members of the domain. They users login to Novell 6.0 and get all the poilicies from Novell. They need access to our exchange 2k box for their email and another application. Most of the users have no trouble with this setup, although, a select few have been locked out of their AD account (not able to access email etc. ) We dont see anything in the event log on the domain control besides:
"Disabled user /o=Domainname.com/ou=First Administrative Group/cn=Recipients/cn=username does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account."
But so far the users with that message have not encountered the issue.
Our work around has been to reset the user's password on the DC will fix the issue. Users do not have access to reset their own passwords.