Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Can't log in to domain after cloning to SSD
HI there, I have two domain computers I recently cloned the old sata drives to SSDs. The cloning worked just fine but the computers can't login to the domain when connected to the network. If i remove the ethernet cord I'm able to log in with the cached domain credentials, I reconnect the network cable and have access to all network resources. Does anyone know how to fix this without removing and rejoining the domain?
I used the cloning utilities that come with Samsung and Kingston SSDs.
thanks..
I used the cloning utilities that come with Samsung and Kingston SSDs.
thanks..
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I would update the BIOS (necessary in 2018), chipset and update or completely reinstall the Network Drivers.
When done do a TCP/IP Reset, DNS Flush to be sure.
Open cmd.exe with Run as Administrator
Then: netsh int ip reset c:\resetlog.txt
Then: ipconfig /flushdns
Now restart and test.
When done do a TCP/IP Reset, DNS Flush to be sure.
Open cmd.exe with Run as Administrator
Then: netsh int ip reset c:\resetlog.txt
Then: ipconfig /flushdns
Now restart and test.
Pull the network cable and log in. Then plug it in. Do you have access to the domain? What does the event logs say? What is the error message when you try to log in with the cable attached? (Pictures are best; use your phone if you have to take a picture and post it).
The only solution is to remove the computers from ADUC and then join the computers to domain.
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components. Every time a computer autheticate to AD, this ID is generated on the computer side and compared with the ID stored in the AD database. You've changed a component, so the ID generated on the computer side, does'n't match anymore with the ID stored in the AD database. This is a security feature, a measure to stop an intruder to impersonate your computer. A hacker would try exactly what you did.
Best regards
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components. Every time a computer autheticate to AD, this ID is generated on the computer side and compared with the ID stored in the AD database. You've changed a component, so the ID generated on the computer side, does'n't match anymore with the ID stored in the AD database. This is a security feature, a measure to stop an intruder to impersonate your computer. A hacker would try exactly what you did.
Best regards
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components.This is totally false.. Nothing relates to hardware on the computer account attributes (the GUID is random) and this is definitely not because of BIOS
https://docs.microsoft.com/en-us/previous-versions/tn-archive/ee198792(v=technet.10)
Does anyone know how to fix this without removing and rejoining the domain?Use Reset-ComputerMachinePassw
The reason why you can log on is that you have cached logins enabled.
I agree with Vermaak, nothing relies on software, GUID is a totally random identification. Moreover, you can use this on PS to generate a random GUID (PSv4 min)
In another part I think that the reset-computerMachinePassw
[GUID]::NewGuid() | select -ExpandProperty Guid
In another part I think that the reset-computerMachinePassw
Were this me, I would definitely try removing and re adding the machine to the domain. Very straightforward, takes maybe 10 mins and a couple of reboots. Make sure you have the local admin account credentials first though.
To rephrase a little Mal Osborne
Does anyone know how to fix this without removing and rejoining the domain?Why? What's the big deal pulling it out of the domain and putting it back in?
If I'm reading this correctly, you took a machine connected to a domain, cloned it, and then connected the clone to the domain?
To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't. From the domains perspective, these two computers are one computer, so they cannot coexist. Your process is broken.
BEFORE cloning a machine, you should SYSPREP (generalize) it [to comply with MS licensing, this should be a PC built using Volume Media, not OEM]. Do NOT boot the machine into Windows after the sysprep. Create the clone. THEN boot both machines. You'll need to then join both to the Domain.
When you clone without a SYSPREP, the new machine ends up with the same SID as the original. To fix it from the point you are at, you need to remove BOTH from the domain, generate a new SID on at least one of these computers (either Sysprep, or look maybe at http://www.stratesave.com/html/sidchg.html which I've never used, but looks promising), then join both to the domain.
To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't. From the domains perspective, these two computers are one computer, so they cannot coexist. Your process is broken.
BEFORE cloning a machine, you should SYSPREP (generalize) it [to comply with MS licensing, this should be a PC built using Volume Media, not OEM]. Do NOT boot the machine into Windows after the sysprep. Create the clone. THEN boot both machines. You'll need to then join both to the Domain.
When you clone without a SYSPREP, the new machine ends up with the same SID as the original. To fix it from the point you are at, you need to remove BOTH from the domain, generate a new SID on at least one of these computers (either Sysprep, or look maybe at http://www.stratesave.com/html/sidchg.html which I've never used, but looks promising), then join both to the domain.
To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't. From the domains perspective, these two computers are one computer, so they cannot coexist. Your process is broken.As far as I understand OP's question, the computers were not cloned, the drives were replaced. The two computers and still two computers
Premium Content
You need an Expert Office subscription to comment.Start Free Trial