I have an issue with one Sharepoint server that has fallen off the domain twice already.
Management is trying to get me to find out who is maliciously bumping these machines off the domain however, I can't find out because the logs are too full and the computer properties show that it was still a part of the domain.
The only thing I can think of is someone deleted the computer account and recreated. I also seen cases where large scope VLAN changes bumped machines off as well.
What other non malicious issues could cause this? For some reason they think it's malicious but I know machines do this sometimes for no good reason.