[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Active Directory computers have a $ after the name

Posted on 2007-10-21
11
Medium Priority
?
178 Views
Last Modified: 2010-03-17
Recently computers in Active Directory started having a $ added to the end of the name.  When I open the properties of the computer it does not have a $.  Only when you view a computer in an OU does it show the $.  It only happens for about half the computers and servers.  There were no new policies applied to our network.  
0
Comment
Question by:mike926
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 20117998
that means its hidden.  its only for the administrator to see.
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20118000
try going to your folder options and select the reveal hidden files option
0
 

Author Comment

by:mike926
ID: 20118034
This is actually concerning Active Directory and not windows folders and files.  However, i already have that option set to view hidden files.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 2

Expert Comment

by:t_hewlett
ID: 20118059
This is a strange one, are you saying that the PC computer object within AD has a $ on the end of the object name? The 2 replys above seem to be thinking this is a share you are talking about. Unless I`m getting it wrong.....

This sounds like corruption in the build process to me, how do you build and add new machines to the domain?
I have seen machines accounts created with a whole load of grabage added to the end of the the object name. I think even disjoining and renaming the machines and then rejoining the account to the domain failed to solve the issue, but worth a try. A total rebuild was required, I think this was some thing to do with the process or image used for the ghosting section but not to sure.
As the $ sign is an invalid characture on for an object name this does seem like corruption to me. Is this just happening for new machine accounts and are you should the machine accounts dont already exist. This should not matter as the error returned should be clear that there is already a machine in there with the name. I can only guess you have some issue with the build/creation of the machine account. Can you add any details for the issue and the process ussed...?
0
 

Author Comment

by:mike926
ID: 20118241
That is correct...it's the computer object in AD that has the $.  

It's strange because new computer objects over the past couple months don't have the $, but older computers do including most of our servers like Exchange and Domain Controllers.  It was fine for a couple years and then all the sudden the $ popped up at the end of the computer object.  We have 3 network classifications and the other 2 dont have this issue and they all get the same images, policies, updates, etc.
0
 
LVL 2

Expert Comment

by:t_hewlett
ID: 20118685
I must admit to having never seen this before, I`ll have a dig round as I`m a nosiy bugger but if you think of any thing or find any info give  us an update.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20120629
Mike:

It might be a good idea to get a copy of the files you want to keep off of that machine for now. This appears to be a possible corruption of the AD database.

Once you backed up your files, can you look at a DCdiag and event viewer files to see if we have any errors that can help us troubleshoot.

Since this effects about half of your computers, is this specific to one domain controller on a mulit domain controller domain? Maybe we have a mixed domain problem and the differences between the domain controllers is causing the issue.
0
 

Author Comment

by:mike926
ID: 20121098
I ran dcdiag and all tests passed for all 3 of our domain controllers and there are no errors in the event logs.  I guess it could be a corruption issue.  We have to rebuild all of our servers over the next few months anyway because of new policies and vulnerabilities that exist on the server.  Hopefully once that happens it will fix the issue.    I don't think its caused any issues, but it was just more of a nuisance than anything else so I was curious on what might have caused it.
0
 
LVL 2

Accepted Solution

by:
t_hewlett earned 375 total points
ID: 20121166
Tis very strange, I would exspect to this happening to new machines if the database was corrupt, but the fact that it is the older machines and server which have been affected is weird.
As you rebuilt the machines I can see the issue being resolved but it will not address the machine you can not rebuild... if any and it still leaves the question of why and will it re appear over time. If so will it be the same machines.....
It would be nice to find some sort of explanation, as I say if it was the AD being corrupt then it would should up in the event logs or DC diag would flag some thing....
Dont you hat eissue like this :-(
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 375 total points
ID: 20124482
There are tools to look at the contents of the Access tokens, Also known as the SID or security identifier. I think looking into the computer's SID contents would really help out in this case.

I am providing the whole link because I think this information is very useful in figuring it out.

 http://technet2.microsoft.com/windowsserver/en/library/6361e9c2-73ad-49c3-a012-6d09cebd31611033.mspx?mfr=true
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20159478
How goes the battle?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question