Computer Account in Active Directory

Posted on 2008-10-16
Last Modified: 2011-10-03
We've been seing alot of strange issue in our domain with two of our servers one named server1 and the other server2.  This all came to light when one of the computers server1 was showing up in our WSUS console.  I manauly ran wuaclt /detectnow to see if it would resolve the issue.  I checked the windows update log and it indicates its contacting the correct wsus server but still won't show up in wsus.  I then decided to disjoing and rejoing the servers to see if there was some sort of AD computers.  server2 had no problem.  server1 however disjoined and rejoined without a problem.  However the computer account never shows up ion active directory.  Normal i would expect that I wouldn't be able to log on and receive  amessage about the computer account missing or the dc is down but I was able to log on without a problem.  Any idea on this?
Question by:georgedschneider
  • 5
  • 2
LVL 31

Expert Comment

ID: 22731428
Sometimes things end up where we don't expect them to be.  Here are a few ideas.

First thing I would check would be 'gpresult > c:\temp\gpresult.log' and look at that - might want to compare it to server2 to see what differences there are.

Try searching in ADUC for computers and remote installation servers and you can also try a custom search and select exchange server, and make sure you are searching the entire directory not just the domain.
Also make sure you are getting the name of the box correctly - I am assuming server1 is a posting alias.  Make sure to be careful of 0/O, 1/I/l, etc. I find it easiest to copy/paste from the system properties/computer name tab into notepad as its normal font usually jumps out well enough.  If you are able to search ADUC from that box with the issues you are having, then you could paste it into there directly.

I would also take a look into DNS and make sure that it is showing up properly there.

You can also try doing 'gpudate /force' and see if that might help out.
LVL 31

Expert Comment

ID: 22731487
if that doesn't work, you could get a lot more information with adding the /V switch to the gpresult - normally you don't need this much info, but just in case you do I'm throwing it out there.   With normal gpresult you could get away without piping it to a log file as I included in my previous post, but with /V you have to as it will overflow your cmd box buffer.

Author Comment

ID: 22733743
The starngest thing is it finally showed up and I moved the computer account from computers to the servers OU where all servers are located except for DC's. I ran ran gpupdate and then gpresults to see what was pllied and everything seems correct.  I then ran wuauclt /detetcnow to force reporting in to the wsus server.  Here's where the strange issues begin:

In the wsus consolse there seems to be something strange betwen server1 and server2.  The actual names are the smae with the only difference is the 1 and 2.  At first server1 was appearing.  Now after running wuauclt /detectnow only server 2 is appearing.  This is very starnge.  Any idea on why one server will appear and not ht other?   And occassionaly they will flip flop which one is appearing is the wsus console.
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 31

Expert Comment

ID: 22735129
These aren't new servers, correct?  Like two built from the same image?
LVL 31

Accepted Solution

Paranormastic earned 500 total points
ID: 22735238
Look at the following reg key on 2 machines and see if they match. See if the susclientid numbers are the same.


run this in a bat file (you can backup the reg key manually first if you want)

@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow

Author Comment

ID: 22735840
I assume the susid is some sort of id for wsus which makes sens since I created the second server based off a complet ebackup of the first server including the system state.  I then changed the  name which wouldn't have changed the susid.  What are /v and /f switches do?
LVL 31

Expert Comment

ID: 22769546
Sorry, was out for a few days...  /v precedes the ValueName. /f forces the deletion without propmt
Whenever you use a base image to make another, it is best to use sysprep to prevent these issues.  In a best case scenario, you would run sysprep and have it power off the box, then you could boot up into an imaging program (e.g. Ghost) or some other offline backup type prior to loading windows.  This would ensure that new security identifiers, machine names, etc. are generated prior to the system coming online.

You can get sysprep.exe from the deployment tools package for whatever OS you need to sysprep.  Generally speaking whatever the newest one is will support the older ones as well, so you shouldn't have to keep a number of versions around.  Whenever a new service pack comes out, just google it, e.g. 'sysprep windows server 2003 service pack 2 download' and you should be in business:

Here are some general 'how to' type links:

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Questions about DHCP migration 5 55
How to filter result in PowerShell 10 57
GPO not showing IE10 in GP Preferences 14 37
Additional DC vs Child Domain 12 16
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now