Go Premium for a chance to win a PS4. Enter to Win


Computer Account in Active Directory

Posted on 2008-10-16
Medium Priority
Last Modified: 2011-10-03
We've been seing alot of strange issue in our domain with two of our servers one named server1 and the other server2.  This all came to light when one of the computers server1 was showing up in our WSUS console.  I manauly ran wuaclt /detectnow to see if it would resolve the issue.  I checked the windows update log and it indicates its contacting the correct wsus server but still won't show up in wsus.  I then decided to disjoing and rejoing the servers to see if there was some sort of AD computers.  server2 had no problem.  server1 however disjoined and rejoined without a problem.  However the computer account never shows up ion active directory.  Normal i would expect that I wouldn't be able to log on and receive  amessage about the computer account missing or the dc is down but I was able to log on without a problem.  Any idea on this?
Question by:georgedschneider
  • 5
  • 2
LVL 31

Expert Comment

ID: 22731428
Sometimes things end up where we don't expect them to be.  Here are a few ideas.

First thing I would check would be 'gpresult > c:\temp\gpresult.log' and look at that - might want to compare it to server2 to see what differences there are.

Try searching in ADUC for computers and remote installation servers and you can also try a custom search and select exchange server, and make sure you are searching the entire directory not just the domain.
Also make sure you are getting the name of the box correctly - I am assuming server1 is a posting alias.  Make sure to be careful of 0/O, 1/I/l, etc. I find it easiest to copy/paste from the system properties/computer name tab into notepad as its normal font usually jumps out well enough.  If you are able to search ADUC from that box with the issues you are having, then you could paste it into there directly.

I would also take a look into DNS and make sure that it is showing up properly there.

You can also try doing 'gpudate /force' and see if that might help out.
LVL 31

Expert Comment

ID: 22731487
if that doesn't work, you could get a lot more information with adding the /V switch to the gpresult - normally you don't need this much info, but just in case you do I'm throwing it out there.   With normal gpresult you could get away without piping it to a log file as I included in my previous post, but with /V you have to as it will overflow your cmd box buffer.

Author Comment

ID: 22733743
The starngest thing is it finally showed up and I moved the computer account from computers to the servers OU where all servers are located except for DC's. I ran ran gpupdate and then gpresults to see what was pllied and everything seems correct.  I then ran wuauclt /detetcnow to force reporting in to the wsus server.  Here's where the strange issues begin:

In the wsus consolse there seems to be something strange betwen server1 and server2.  The actual names are the smae with the only difference is the 1 and 2.  At first server1 was appearing.  Now after running wuauclt /detectnow only server 2 is appearing.  This is very starnge.  Any idea on why one server will appear and not ht other?   And occassionaly they will flip flop which one is appearing is the wsus console.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 31

Expert Comment

ID: 22735129
These aren't new servers, correct?  Like two built from the same image?
LVL 31

Accepted Solution

Paranormastic earned 2000 total points
ID: 22735238
Look at the following reg key on 2 machines and see if they match. See if the susclientid numbers are the same.


run this in a bat file (you can backup the reg key manually first if you want)

@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow

Author Comment

ID: 22735840
I assume the susid is some sort of id for wsus which makes sens since I created the second server based off a complet ebackup of the first server including the system state.  I then changed the  name which wouldn't have changed the susid.  What are /v and /f switches do?
LVL 31

Expert Comment

ID: 22769546
Sorry, was out for a few days...  /v precedes the ValueName. /f forces the deletion without propmt
Whenever you use a base image to make another, it is best to use sysprep to prevent these issues.  In a best case scenario, you would run sysprep and have it power off the box, then you could boot up into an imaging program (e.g. Ghost) or some other offline backup type prior to loading windows.  This would ensure that new security identifiers, machine names, etc. are generated prior to the system coming online.

You can get sysprep.exe from the deployment tools package for whatever OS you need to sysprep.  Generally speaking whatever the newest one is will support the older ones as well, so you shouldn't have to keep a number of versions around.  Whenever a new service pack comes out, just google it, e.g. 'sysprep windows server 2003 service pack 2 download' and you should be in business:

Here are some general 'how to' type links:

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question