shorter method for changing domain back to same domain?

O

oROEchimaru

Supreme [H]ardness
Joined
Jun 1, 2004
Messages
4,662
often pcs on the domain find themselves no on the domain and AD looks ok...

current method:
change from domain

blah.com
to:
workgroup... xyz (anything really)... reboot

then: change it back to: blah.com

any shorter methods?
 
Why would the PC's on the domain not find themselves on the Domain, unless of course you have alot of mobile users connecting?

they should be able to log in on the login screen to their regular computer account,. you dont have to change the domain to workgroup or anything?
 
thats how i usually do it.

sometimes they are on the domain, but machines act as if they are not. (on the domain on their pc.)

-they are not locked, and they are on the hosting structure in AD.

its an issue i see maybe once a month only out of 1000 calls.
 
what's the error message the user receives when they try to log in?
 
First thing I'd check would be that these problem PCs are using the IP of the DC as their one and only DNS server...from DHCP. Or perhaps are they manually assigned for some reason?
Latching onto a nearby wireless for some reason?
 
i've seen it where its wireless, but this is not in that case. it may be dns like you state.
however when switching to workgroup, rebooting pc and readding to domain it resolves it .

"domain is not available" or whatever the very common error is. usual solution is take them off domain, reboot, add them to domain its a pain in the arse.
 
You should be able to login as a local admin account and just re-join the domain. No need to join to a workgroup and then back to the domain. We do that when we have a PC dis-joined from the domain.
 
Are the users power users/local admins? I've seen some interesting issues where the user looks to see what day of the week a certain day falls on and.....
 
I ran into similar problems, as well as GP deployed software uninstalling itself on some Optiplexes. Turned out a driver update/bios update (or maybe just the hardware itself) caused the NIC to reset 3 times during boot - during post and during driver initialization. Our switch wasn't tweaked, so all the spanning tree checks took about 30 seconds to complete. By this point the machine was at the login screen. Ended up enabling portfast/disabling etherchannel and traffic was forwarded to the PCs quickly enough that the late connection flap didn't matter.
 
jroe52 said:
i've seen it where its wireless, but this is not in that case. it may be dns like you state.
however when switching to workgroup, rebooting pc and readding to domain it resolves it .

"domain is not available" or whatever the very common error is. usual solution is take them off domain, reboot, add them to domain its a pain in the arse.
Click to expand...

Yeah something's gotta be wonky with name resolution. Some malware changes the DNS settings to adware driven DNS servers (commonly in russia). Other malware injects the winsock files..so even though TCP/IP settings look correct, they're not. Maybe try some tcp/winsock repair utilities on the problem PCs.

Ensuring the PCs, when the symptom occurs, show the correct DNS servers is wonderfully easy to do, would be the first thing I check.
 
ive had this happen to probably 3-5 different machines at my work, simply removing from the domain and then rejoining on next reboot didnt work. i had to remove the computer, delete the computer account from AD, wait the requisite time for AD to replicate across all DCs(this could take shorter time, but i wait the typical 90mins, gives me time to get other shit done lol :p) come back, rejoin the machine and all seems well....this doesnt seem to happen on any one specific model(we're an all dell shop top to bottom) either...

its a win2k3 hybrid domain if anyone smarter than all of us here @ work or in this thread has ideas....:confused:
 
B1zz said:
ive had this happen to probably 3-5 different machines at my work, simply removing from the domain and then rejoining on next reboot didnt work. i had to remove the computer, delete the computer account from AD, wait the requisite time for AD to replicate across all DCs(this could take shorter time, but i wait the typical 90mins, gives me time to get other shit done lol :p) come back, rejoin the machine and all seems well....this doesnt seem to happen on any one specific model(we're an all dell shop top to bottom) either...

its a win2k3 hybrid domain if anyone smarter than all of us here @ work or in this thread has ideas....:confused:
Click to expand...

The only time I've seen this happen, when I know all my settings were correct...was on the network of the one client of mine that I deployed Vista workstations to early on shortly after Vista came out. The server was SBS2K3r2. Network of 20 workstation 'n some laptops, A few months after installing that network fresh, I had 2x workstations give this symptom within a month or so of each other. Had to rejoin. I chalked it up to some "bug" between Vista and 2K3 server...that probably got addresses 'n fixed by some update, since it never happened again.
 
YeOldeStonecat said:
The only time I've seen this happen, when I know all my settings were correct...was on the network of the one client of mine that I deployed Vista workstations to early on shortly after Vista came out. The server was SBS2K3r2. Network of 20 workstation 'n some laptops, A few months after installing that network fresh, I had 2x workstations give this symptom within a month or so of each other. Had to rejoin. I chalked it up to some "bug" between Vista and 2K3 server...that probably got addresses 'n fixed by some update, since it never happened again.
Click to expand...

That wasn't server 2k, it was small business server, Vista and office 07 didn't get along with it at first
 
jroe52 said:
"domain is not available" or whatever the very common error is.
Click to expand...

this error message states the computer cannot find the domain, it is not stating the computer does not have a computer account on the domain.

how are group policy settings configured?

Computer Configuration -> Administrative Templates -> System -> Logon
"Always wait for the network at computer startup and logon"
is this configured, and set to Enabled?

how long is the computer given to full boot up and get a DHCP IP before attempting to login?
 
jroe52 said:
often pcs on the domain find themselves no on the domain and AD looks ok...

current method:
change from domain

blah.com
to:
workgroup... xyz (anything really)... reboot

then: change it back to: blah.com

any shorter methods?
Click to expand...
When I get AD conflicts like this i just do the following:
Change from "blah.com"
to "blah" and hit OK.

That change is enough to make it try to rejoin the domain and then you dont have to join a workgroup and reboot. ;)

Although if this is happening a lot you obviously will want to look into why it happening. But once in a while when i make a naming mistake or something its a nice way to force it to rejoin the domain.
 
j-sta said:
this error message states the computer cannot find the domain, it is not stating the computer does not have a computer account on the domain.

how are group policy settings configured?

Computer Configuration -> Administrative Templates -> System -> Logon
"Always wait for the network at computer startup and logon"
is this configured, and set to Enabled?

how long is the computer given to full boot up and get a DHCP IP before attempting to login?
Click to expand...

specifically for the systems i've worked on...these boxes have sat with the user logged in(locked) over night, WSUS updates and reboots the box during that timeframe, the user comes in next morning and its a no go. this doesnt happen every time WSUS runs nor is there a timeframe i can nail down other than for one girl its about once every 40 days or thereabouts. looking at her GP settings that you mention its not configured or enabled.

When I get AD conflicts like this i just do the following:
Change from "blah.com"
to "blah" and hit OK.

That change is enough to make it try to rejoin the domain and then you dont have to join a workgroup and reboot. ;)

Although if this is happening a lot you obviously will want to look into why it happening. But once in a while when i make a naming mistake or something its a nice way to force it to rejoin the domain.
Click to expand...
i dont have full domain admin privs so i dont know WHY this is but anything short of "corp.blah.com" will not let you join the domain here @ work, simply typing in "blah" on the workstation to join the domain will not let you....i blame someone else other than me :p ;) ninja edit: this could be some stupid DNS setting they have....just thought of that....
 
awesome thanks guys!

i havnt tried blah.com to blah lol this example si hilarious.

ill check this out next time

Computer Configuration -> Administrative Templates -> System -> Logon
"Always wait for the network at computer startup and logon"
is this configured, and set to Enabled?
 
You must log in or register to reply here.
Back
Top