dsadd

  • Thread starter Thread starter Barney
  • Start date Start date
B

Barney

In the past, we've had a Windows 2K/XP computer that was
on the far side of a WAN in a different domain.

Because of human error, the computer account in the
domain was deleted so the computer was essentially
unusable.

To prevent this from happening in the future I have been
farting around with dsadd to add a computer account in
the domain/active directory. I am successful in doing so
but a computer with the same CN is still unable to log on
complaining about the absence of its computer account in
the domain. Is this related to its SID? How do I
resolve this problem?
 
Barney said:
In the past, we've had a Windows 2K/XP computer that was
on the far side of a WAN in a different domain.

Because of human error, the computer account in the
domain was deleted so the computer was essentially
unusable.

To prevent this from happening in the future I have been
farting around with dsadd to add a computer account in
the domain/active directory. I am successful in doing so
but a computer with the same CN is still unable to log on
complaining about the absence of its computer account in
the domain. Is this related to its SID? How do I
resolve this problem?


Yes, the SID is the real account identifier. You will need to delete the
new account you created, and then remove the computer from the domain and
add it back. AD does support SID histories, but I don't think it will help
you in this situation.

You might play around with NETDOM.EXE from the Windows XP Support Tools:

C:\>netdom.exe /?
The syntax of this command is:
NETDOM HELP command
-or-
NETDOM command /help

Commands available are:

NETDOM ADD NETDOM RESETPWD NETDOM RESET
NETDOM COMPUTERNAME NETDOM QUERY NETDOM TRUST
NETDOM HELP NETDOM REMOVE NETDOM VERIFY
NETDOM JOIN NETDOM RENAME
NETDOM MOVE NETDOM RENAMECOMPUTER

NETDOM HELP SYNTAX explains how to read NET HELP syntax lines.
NETDOM HELP command | MORE displays Help one screen at a time.
 
Back
Top