Computers dropping off from the Domain

Posted on 2007-10-03
Last Modified: 2013-12-05
Morning all.  I have 28 Windows XP systems with SP2 on a Windows 2000 Advanced Server Domain.  With a PDC, BDC and File server.  Due to certain security requirerments we are required to unplug our laptops and place them in a safe.  But every day my IT staff has to go out and unjoin each computer from the domain and rejoin them for the users to be able to access e-mail, the share drive and use the Internet.  

I think it might be a DNS problem but I am not sure. The IT department is able to leave their computers hooked up all the time and we have not expereinced any of these problems.  Does it have anything to do with them disconnecting every night?

Any help would be gratly appreciated.


We have one switch and that is working just fine.
Question by:John Sheehy
    LVL 1

    Expert Comment

    When you connect one of this computers and you log with your credentials, Do you get any message?  
    Is your IT Staff loggin on the laptops with their Domain Credentials or with Local Adminsitrator password?
    Do you have this issue with any user that log on on that machines?
    Please tell us how do you assign the IP Addressing, do you have DHCP?

    To check that DNS settings are correct you must:
    1st. Point the Primary DNS to the DC that hosts Active Directory if it's installed there, or you can point to the DNS that hosts DNS Service
    2nd. In the Forward Lookup Zone of your you need to check that Updates are enabled


    LVL 70

    Expert Comment

    If you have windows 2000 server you dont have a PDC and a BDC - you have two domain controllers, both of which hold a copy of a read/write multi-master database and one of the machines happens to hold the PDC emulator role. Sorry about that, nothing personal, but it really gets to you when you see this 20 times a day !!

    Now to your question - no it should not matter that the machines are disconnected. They certainly should not loose their security association with the domain so removing and rejoing to the domain seels a little drastic. Are they switched off or put into standby or hibernated?

    Does an ipconfig /release followed by ipconfig /renew cure the issue?


    Author Comment

    by:John Sheehy
    Sorry about the PDC/BDC thing.  That is how I have to explain it to the non IT folks here.

    We have a DHCP server and the machines are acquiring leases from it. IPCONFIG /release and /renew works for just that, releasing and renewing the IP but does nothing for the workstations joining the domain.  I did however, run IPCONFIG /REGISTERDNS and I get the error access is denied.  What si that all about?

    Our ITs are using their own domain accounts to join the computers to the domain.  And the users are shutting down computers vice placing them in standby or hibernate.

    LVL 1

    Accepted Solution

    Shouldn't matter how the laptops are being shut off, or if they go into hibernate.  

    KCTS:  Would I be wrong in suggesting that it sounds like the 2 DCs aren't syncing up?  I would check, from the laptops, what DC their authenticating against by using:

    echo %logonserver% from the command prompt, then check that DC to see if that computer's account exists.

    It's something that I have done before and worked for me, so it's just a thought to try to help narrow things down a bit.
    LVL 70

    Expert Comment

    The registerDNS failing does suggest a broken security association. This may work - Go to the default domain policy->Local Policies->Security Options
    find Domain Controller: refuse machine account password changes and set it to ENABLED.

    run gpupdate /force

    restart the laptops and log on and off again at least twice and see if this does the trick - it stops machines changing their credentials - i think they may be changing credentilas and them losing them somehow.

    If this does the trick and you want the other machines to be unaffected then remove this setting, put the laptops in an OU of their own and then apply a GPO directly to the laptop OU.

    If if does not work remove the setting and we'll have to think again
    LVL 70

    Assisted Solution

    Read your post after making mine - yes the two DCs may be out of sync
    this can be checked see

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
    Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now