Solved

Domain account shows as a little head with a question mark

Posted on 2011-03-10
7
2,168 Views
Last Modified: 2012-05-11
I have 2 domain controllers that are a child domain of a larger forest.  The forest is running at 2000 Level.
My DC's are 2008.  I am told by the forest Admin's that it isn't a problem.

Starting around this past weekend, domain functions started to become very slow.  I noticed some odd issues but the one that sticks out the most is when I go to add a domain user account into the authorized remote desktop users, the domain account show up with a little head and a question mark next to it.

I can click "Add" and after about 2 minutes the domain directory appears.  I can add a domain account, it looks normal, but when it gets to the workstation it turns into this icon again.

Not sure if it is related, but when I was installing some software on a member server I got an error about the compute not being trusted.  I googled that error and I found a hit to take the member server into a work group and then put it back in the domain.  I did it about 10 times and it didn't work until today.  

However the question mark with the head still appears.

DCDIAG shows no errors.  DNS looks good.

any one have any ideas?
0
Comment
Question by:lefty431
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35104734
No errors at all in dcdiag, what do your event logs look like?
0
 
LVL 1

Author Comment

by:lefty431
ID: 35104796
nothing really sticks out..  it seems that some of the computers have been distrusted for some reason..

I just built a new computer windows 7 and joined it.  I added..  it took about 60 seconds for it to join to the domain, but it looks ok.  I added a user to the remote users and again, it too a minute for it to pop up and apply the user account but it worked. I am just getting to reboot to see if the account stays there or see if it turns into a head again..  
0
 
LVL 6

Expert Comment

by:arunexp
ID: 35104900
have you looked at the event logs does it say anything?? do you have any firewall between your domain controllers and clients...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 6

Accepted Solution

by:
arunexp earned 250 total points
ID: 35104905
check when was the last reboot of you domain controllers??
0
 
LVL 1

Author Comment

by:lefty431
ID: 35104919
no software firewalls between DC's.  Hardware firewalls are in place but they are managed at the corp. level.  they are fine.  been in place for years..  
Event logs don't really show any detail.

the computer I mentioned in the previous post, when I went back to check that account, the account was gone in remote desktop and replaced with the head/question mark.  I am assuming that is an invalid SID or something...
0
 
LVL 12

Assisted Solution

by:Navdeep
Navdeep earned 250 total points
ID: 35107597
Can you post a screenshot of what you see?
0
 
LVL 1

Author Closing Comment

by:lefty431
ID: 35125122
Issue was solved, but neither one of these solutions fixed it.  However, they weren't wrong either.  Just ended up being something different in the Forest.

thanks for trying though..
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question