?
Solved

Problem with Joining Domain

Posted on 2008-10-16
7
Medium Priority
?
228 Views
Last Modified: 2013-12-04
We have a network where a user without Administrative privleges is able to join computers that he reformats on the domian. We don't know how he is doing it and need to prevent him from doing this and also need to know how he is doing this before we contact the managment. Besideds Administrator's privilages what other methods are there? Also is there anything on windows Event Logs that we can be looking for? We also noticed that his newly rebuilded computer has port 2002 open on it.
0
Comment
Question by:mavrukin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
mirzas earned 2000 total points
ID: 22732283
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732305
In ADUC check his account properties and hit the member of tab, what security groups is he a member of?  You can start there...Account Operator privledges and Allow join computers to domain are other options that would allow that user to join computers to the domain...
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22732324
But that is limited to only ten, it sounds like he has passed that limit?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 6

Expert Comment

by:mirzas
ID: 22732356
Then just set it to zero.
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22732365
The limit is 10 different hostnames not ten times the same hostname.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22748971
HI, thank you for the responses. No he has not passed this limit. We need to lock his account to the way it was before. In ADUC he is not a member of anything. However ms-ds-machineaccountquota has been altered. How do we change it back to Not Set? Right now he has a long binary code. Even if you switch it to decimal it still shows about 30 groups of 3 digit numbers.
0
 
LVL 1

Author Comment

by:mavrukin
ID: 22750062
Sorry, I meant ms-DS-CreatorSID has been altered.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question