Solved

Need help sorting things out, dealing with cached credentials, Outlook 2010, and network settings.

Posted on 2013-01-15
7
284 Views
Last Modified: 2013-01-22
My place of work has two separate buildings and both are setup with domain controllers. One via wireless networking and the other wired. Both domains are named the same.

My boss had been using a pc with Mark's user profile on the wired network. She then brought it over to the other building (that uses wireless networking) and was able to access and send email via Outlook 2010 using Mark's profile (probably via cached credentials). It was NOT set to login to the wireless networking domain controller yet.

Life was happy until I decided to add this computer to the wireless domain. Since I am somewhat new to setting up networking settings, I couldn't add the pc to the wireless initially and tried a few different things. (I had all sorts of messages about Trust Relationships, and DNS Server not found..) etc. One thing I tried was changing the computer name, MARK02-PC to MARK02PC. I also tried to Reset the Computer in AD User/Computer, also Deleted the Computer from list of Domain Computers and added it back while inside AD User/Computer. Also tried leaving and re-entering the domain.

Eventually, after trial and error I changed the computer name back to the original MARK02-PC and was able to get it logged into the wireless domain. (I pointed the wireless adapter to the IP address of the DNS server).

The bad thing now is my boss can no longer login to the Mark user profile (cached credentials erased?) I am hoping to take it back over to the building with the wired network, login as Mark and regain the credentials. Will this work? I hope so, Mark user account has very important emails.

I hope my changing of the computer name had no effect on the SID?
0
Comment
Question by:tcai1976
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 38781389
Renaming the computer will not change the SID but deleting it will.

I'm not sure what you meant by...
...also Deleted the Computer from list of Domain Computers and added it back while inside AD User/Computer.

However, this has nothing to do with Mark's emails you are concerned about.

The email should be archived in the .pst file on the computer unless you are using a roaming profile or folder redirection which means everything would be on the home directory of the user.

Inability to log on to the domain most likely because there is no trust relationship between the wireless network and the domain that houses the user account.

The idea of connecting the computer back to the wired LAN is a good decision. The logon info will be cached after the first logon. My guess is you are not using Radius server to integrate wireless network to your domain.
0
 

Author Comment

by:tcai1976
ID: 38782086
Hi. Thanks for your assistance.

To clarify what I meant by "also Deleted the Computer from list of Domain Computers and added it back while inside AD User/Computer." -  On the domain controller that is running Windows Server 2008, I deleted the computer MARK02-PC while within the Active Directory Users and Computers window (ie. I selected to "Delete" the computer from the sub-folder that listed all computers on the domain.)

I went back to her client machine and renamed it MARK02PC.

Then I went to the domain controller again and manually added her machine to the list of computers inside of Active Directory Users and Computers. This time I added the computer again as MARK02PC.

Bear in mind I did this to try and 'fix' the trust relationship issue between her computer and the wireless network. Removing the client computer, renaming, and adding it back manually to the domain controllers list of Computer didn't work.

I then removed MARK02PC from the domain controller AD U&C computer list, renamed the client machine back to MARK02-PC as previous and then added it back to the domain controller computer list. This time I pointed the wireless adapter to use a preferred DNS Server (it had been previously set to Obtain DNS Server Automatically) and was able to join her client machine to the wireless domain.

Somewhere along the way I accidentally wiped out the cache credentials of the Mark user profile on her client machine. Before I came along to 'fix' the machine they were able to log into the client machine using Mark's cache credentials and had it using the wireless internet router for internet access, do email in Outlook 2010, and use a network printer. I don't understand how they accomplished that without being part of the wireless domain.

Our networks are setup so a user can log onto the network from any machine on the network but the User profile settings for each computer is stored on the local client machine. For instance, on my computer using my username I log onto the domain and have a black desktop background, if I were to log onto the domain in the conference room it has a blue background. Is this a roaming profile setup?

I looked for the archived .pst Outlook file but didn't not find it for Mark. I will enable 'Show Hidden Files and Folders' and look again. it it makes any difference this is on a Windows 7 Pro Client machine with a domain controller running Windows Server 2008.
0
 

Author Comment

by:tcai1976
ID: 38783102
After some research it appears leaving the domain by joining a workgroup will clear cached credentials. I did not know this.. I did leave the current domain and joined a workgroup as a step in attempting to 'fix' the security issues between client and domain controller.

Seems the next step is indeed joining the wired network domain and then login as Mark so the credentials are cached again.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 38784214
Correct

Deleting the computer in AD and re-adding it causes the SID to change also. It is possible to force a specific SID also but like I said previously, this has no bearing on the User profile. If you had deleted the user, then that's where issues would be.

You should be fine with your anticipated move.

All the best
0
 

Author Comment

by:tcai1976
ID: 38785149
That is good to hear.

Once I've tried this tomorrow I will post the results. It'll be another restless night for me in the meantime.
0
 

Author Comment

by:tcai1976
ID: 38806674
Problem has been resolved.

Performing a wired connection login to the domain restored credentials and my boss was able to access the flood of emails.

Thanks Akinsd.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38808335
You're welcome
You would still have resolved it on your own though. Great job and thanks
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

Suggested Solutions

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now