Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

windows 2008 active directory OU issues

Posted on 2011-09-29
12
Medium Priority
?
242 Views
Last Modified: 2012-08-13
Hi
we have a windows 2008 R2 std server that has replaced a single W2003 Std server as the only gc server on a single domain, the old w2003 server will at some point have dcpromo run on it and switched off. All data and applications are now working on the new server fine. The process of adding the new server, tranfering GC roles all went as expected.

However, if a PC is now added (after being removed during diagnosis) to the domain (same domain name as before) the computer shows up in the standard "computers" OU list withing AD, not within the "domain name" OU that was created in AD and transfered accross from the old server.

these computers are also experiencing network connection issues (thats why they were removed and re-added), that are intermitent. Like not connectimg to shares, and most supprisingly one of them creates a "temp" local user profile everytime it boots?
I tried removing the few Win7 PCs and re-adding but they still have issues, there are no group policy rules added that i am aware of to the domain OU that would make this happen?

all win xp pcs are working fine, although i have not removed any and readded?
any ideas??




0
Comment
Question by:exact1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 100 total points
ID: 36818106
Un/re-join operations of a computer in the domain will result in exactly what you describe - the computer object will be a) removed from the domain (and the custom OU), then b) added to the domain - *as a new computer object*.  Don't let the name fool you.  All new computer objects are created in the Computers OU.  You need only move them back to the desired custom OU.

I expect that putting the comptuer in the correct OU will resolve your issues - particularly those with Group Policy (again, I'd expect that GPOs are applied to the custome OU, not the default OU).

After moving the computer object in AD, go to the computer and run "gpupdate /force" from a cmd prompt.

Hope that helps!
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36818236
I want you to clarify something, you said there are temp profiles.

1) Are the temp profiles still there after rejoining the domain?
2) Did you try to logon with other user than for the one creating temp profile?
3) Does this user get temp profile if logged on another computer?

Try putting this little utility on the computer you are having problem & see if you get green ticket. It should show you status near the clock:

http://www.microsoft.com/download/en/details.aspx?id=23018

If you are not getting authenticated via domain, moving the computer to any OU is not gonna help you as kerberos fails no GPO applies.

Please also check the clock of your W7.


A
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36818243
Please also post errors from Event Logs.
I am sure there would be many interesting errors there.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:exact1
ID: 36890036
littele etra info: the win7 pcs were added by another company (before the new server), they worked fine at first but then had issues connecting to other Win7 shares (a requirement), we found out this was an issue with some bundled HP Security Suite and drive encryption software, Once that software was removed the Win7 systems could access other Win7 workstation shares (a i say, a requirement). We also had some network / internet issues at about the same time which threw some confussion in, this turned out to be a DNS ISP issue which was resoleved. Part of the diagnosis also resulted in the removal and re adding to the domain.

netjgrnaut:
thanks, I sort of expected that answer ref OU after I posted it, so manually moving them to the OU that was previously created will be ok, I can confirm that was a standard OU added on the w2003 server without any GP edits. thanks.

Ackles:
thanks, answers to your questions;

1) Are the temp profiles still there after rejoining the domain?
yes, one is created everytime a user (any user inc admin) logs on
2) Did you try to logon with other user than for the one creating temp profile?
yes - creates temp profile
3) Does this user get temp profile if logged on another computer?
No

I have suggested the other company rebuild the Win7 PCs and add to the domain again without the HP software, and see what happens with a vanilla install with all win updates.

I did google and see this temp profile has an issue with the clock not syncing...will look into it.
Being in the wrong OU should not casue the temp profile on the local PC??????

0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 100 total points
ID: 36890082
Long story short, rebuild the PC without any third party software.
W7 has built in UPHC.
As for MS, ur issue is caused by third party software, here it's HP security stuff. Case closed for MS.
0
 

Author Comment

by:exact1
ID: 36890903
I have just suggested exactly that to the Win7 company. Awaiting their response.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36902706
Any update?
0
 

Author Comment

by:exact1
ID: 36902715
Ackles:
I have sent over my info and I think from feedback I have, that the company who installed the Win7 Pcs have agreed to reinstall.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36902725
Great, does that mean the issue is resolved?
0
 

Author Comment

by:exact1
ID: 36902850
well that could take a couple of weeks, I can resolve this call though.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36902861
Please take ur time, no stress ;)
0
 

Author Closing Comment

by:exact1
ID: 36984796
This was the HP software trashing windows after uninstall. Also the AD info was helpful in diagnosis.

thanks
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question