terrytusvi
asked on
Domain Admins Cannot Login
This is perhaps the weirdest IT problem I have encountered in my 20+ years of IT work.
I have a client whose new network was recently installed about three weeks ago. It has one AD server and eight workstations, all members of the domain. There are three domain admin accounts. These accounts can login to the AD server without any issues.
However, when the same accounts are used to login to a desktop (workstation), the hour glass rolls and rolls as if the system is stuck during the process. This only happens to accounts that are domain administrators.
Regular users can login without any problems. Why is this?
I have a client whose new network was recently installed about three weeks ago. It has one AD server and eight workstations, all members of the domain. There are three domain admin accounts. These accounts can login to the AD server without any issues.
However, when the same accounts are used to login to a desktop (workstation), the hour glass rolls and rolls as if the system is stuck during the process. This only happens to accounts that are domain administrators.
Regular users can login without any problems. Why is this?
Are there any settings applied via Group Policy, or logon scripts?
ASKER
No, there are no GPOs or scripts.
Is the user that are able to logn able to access active directory?.
Myabe the users have already profile on the workstation and thats why its allowing to those users...
Myabe the users have already profile on the workstation and thats why its allowing to those users...
ASKER
Yes, those users are able to access the AD without a problem.
By Normal users who are able to login with no problems, do you mean AD users or local computer users?
May be you lost AD connection,and those users are able to login due to the cached logons? to verify that, try to create a new user and see if this new user can logon.
If that user can't logon, maybe we should check something regarding AD health.
May be you lost AD connection,and those users are able to login due to the cached logons? to verify that, try to create a new user and see if this new user can logon.
If that user can't logon, maybe we should check something regarding AD health.
ASKER
Two test accounts (domain users) were created and they can login to workstations without a problem. If I create a user account with domain user rights, no problem. The moment I assign Domain Administrator rights to the user, the problem pops up.
The only solution then is to delete the user account and re-create it. The user can then login without any issues.
The only solution then is to delete the user account and re-create it. The user can then login without any issues.
Do you put those new users in the workstation's Administrators groups? If not, please try to put them in that group, and see if they are able to login.
Then also try to put them in a group in the AD, then give this group Admin privileges on the workstation, and see if they are able to login.
Then also try to put them in a group in the AD, then give this group Admin privileges on the workstation, and see if they are able to login.
Can you login as a local administrator?
ASKER
Yes, I can log in as a local administrator.
Just an additional note - these machines were created from a Sysprep image. Could that have something to do with it?
Just an additional note - these machines were created from a Sysprep image. Could that have something to do with it?
Have you tried the suggestions in my previous comments?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.