Suddenly can't log into domain from one specific PC - getting "account is disabled" error even though the domain accounts aren't disabled in AD
Posted on 2006-06-09
We have a Windows 2000-based domain in our company, running almost exclusively Windows XP clients. However, one of our client machines, a Windows 2000 Pro box (SP3), is having an issue.
When a user tries to log onto the PC with the username/domain that has always worked, it now comes up with an error saying the account is disbled and to call the administrator. The domain account works fine on other PCs in the domain and is not disabled in AD. In fact, every domain account we tried comes up with this error on this PC. The only way to log on is through the local administrator login.
Once I was able to log in locally, I looked at the list of user profiles (obtained through My Computer) and all the domin accounts say "Account Unknown" under the name column! The only ones that show up correctly are the local accounts.
I also tried to have a user (that has never logged into this computer before) log onto the PC with his domain account and he also received the account disabled error. I checked the PCs IP settings and they're fine. I also tested browsing a domain file server and that worked after supplying proper credentials, which proves to me that it's definitely still seeing the network and communicating with the domain controllers.
Does anyone have a solution to fix this problem? We'd like to be able to log into the domain again on this PC without wiping it off and starting over. I'm sure it's not an AD issue since the domain accounts work fine on other PCs on the domain.
I'm wondering if a user was doing something he/she shouldn't have been doing. We allow Domain Users as local administrators, so it's possible that a user could tinker with the registry, local group policy, etc.
Thanks for the help,