Solved

Users dropping off the Domain

Posted on 2011-03-06
13
770 Views
Last Modified: 2012-05-11
About once a week, I have 1-2 PC's that will just not join the domain. I will have users or PC's drop off the domain for no reason. Once you log in as a local admin and rejoin the PC back to the domain the PC and the user can log-on just fine. What gives? We have a 2003 & 2008 AD scheme running side-by-side. We are migrating from 2003 to 2008 just moved the print ques. More to follow, Could that be causing the issue?  
Please advise  DP -Saxman
0
Comment
Question by:dpsaxman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 

Author Comment

by:dpsaxman
ID: 35052414
Looking for an answer this week.  
0
 

Expert Comment

by:stealth2549
ID: 35052516
Most common cause is that another PC on the domain has the same name.  The PC account will be deleted from AD if 2 computers with the same name are logged in simultaneously.  Can you verify if the user accounts have experienced any issues also?
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 35052533
Need to be more specific....what do you mean by not joining the domain?  What are the errors?  What do you mean by dropping off the domain?

I would start by looking at event logs both on the workstation as well as the servers for any AD issues.
The 2003 and 2008 domain controllers should have identical copies of AD.  Make sure there are no replication issues.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:dpsaxman
ID: 35052956
So what is going on to be clear is, That the user will dock his laptop or turn on his desktop, And he will get "The user or computer is not trusted on this domain. Please contact your system administrator".

This happened to people from different depts including the CEO. And these are users and PC's, that had been on the network before with no issues. This is coming from different points and users and depts. So I am am thinking AD is playing a role on this. Just not sure where.
0
 
LVL 3

Expert Comment

by:kawamuracd
ID: 35053287
You may want to check the speed settings on the user's nic. Set the Speed & Duplex to something other than Auto Negotiation. We have a few machines that used to do that. We set it to use 100 Mbps Full Duplex, the nic could go up to 1.0 Gbps Full. I don't know if it will help you but it worked for the handful that we had.
0
 

Author Comment

by:dpsaxman
ID: 35053324
kawam..
That would be odd that one day it would work, and the next day not without a settings change. So I an not sure about making a change on the system like that, Because after you re-join the domain the system has no problems after that.
0
 
LVL 26

Expert Comment

by:MidnightOne
ID: 35177417
Are the clocks on the troubled systems synced with the DC holding the PDC Emulator role?
0
 

Author Comment

by:dpsaxman
ID: 35177449
I am not sure about the PDC Emulator role. I will have to check and get back with you on this.
0
 
LVL 14

Accepted Solution

by:
Burns2007 earned 500 total points
ID: 35178018
It sounds like you probably have a tombstoned domain controller that is no longer replicating with the other DCs. PCs reset their computer account password every 30 days or so, and if they reset the password with one domain controller that isn't replicating, then when they try to connect to another domain controller they will appear to "fall off the domain"

Use Active Directory Sites and Services to check the replication between all your domain controllers is working correctly.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35180649
We have a 2003 & 2008 AD scheme running side-by-side.

That is impossible.  There can only be one scheme,...and it would have to be 2003 since it is impossible for 2003 Dcs to operate at a 2008 level.  Now if you mean that you have both a 2003 Domain and a separate 2008 Domain with a Trust between the two then you need to make that clear.
0
 

Author Comment

by:dpsaxman
ID: 35229039
Thank you very much.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Make the most of your online learning experience.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question