Lost Domain Server and Password Failure

  • Thread starter Thread starter WorkHard
  • Start date Start date
W

WorkHard

Thanks in advance for you help.

Recently, a small business asked that I assist them with
getting their network back up and running.

I went to visit and discovered that the domain controller
server was not functioning. The Network Administrator
had rebuilt the server. This person is no longer with
the company.

The domain name that had been built is maindomain. About
7 clients had been placed in the maindomain. The 7
clients were not taken out of the maindomain before it
went away.

When I try to create a new user, I get an error.(Why?...I
think it is trying to authenticate the userid on the DC)

Since this is a small network, with a fresh server
install. I decided to create workgroups rather than use
a DC. Thus I create a Workgroup name ROCK.

As a test, I added one of the clients to the new ROCK
workgroup. The clients was rebooted. Now the user can
not log in.

I notice that the ability to login to a domain was gone
and it appears that one can only log in locally.

Questions:
Does the ability to log in to a domain fields only show
up when their is a domain on the subnet?
Is a reinstall of the client (running win 2k
orofessional) the only option?

How can I successfully add other clients to the ROCK
workgroup?

Please help
 
Questions:
Does the ability to log in to a domain fields only show
up when their is a domain on the subnet?
Click to expand...

When you removed the computer from the domain you removed the ability to log
into that domain.
Is a reinstall of the client (running win 2k
orofessional) the only option?

How can I successfully add other clients to the ROCK
workgroup?
Click to expand...


You need to reset the local admin password before removing the computer from
the domain. Chances are the user did not have a local login when they were
on the domain so they can't log in locally.
If you know the domain admin login and password, log in to the computer
using them. Reset the local admin password, remove the computer from the
domain add it to the workgroup and reboot. Then log in locally to the
computer using the local admin user account and password, set the user up
with a local account.

hth
DDS W 2k MVP MCSE
 
When a computer joins a domain it has a computer account in Active Directory
on the domain controllers. When a computer is a member of a workgroup it is
strictly for netbios browsing convenience as shown in My Network places.

First you need to make sure that the domain controller is configured
correctly. It is extremely important that the domain controller point to
itself as it's ONLY preferred dns server in tcp/ip properties via it's
static IP address and them the clients must point to the domain controller
only as their preferred dns server. Read the link below for more information
on dns. After you have verified that dns is correctly configured, then you
could try joining computers to the domain. If you have computer accounts in
AD you may want to delete them before trying to rejoin the computer and you
may have to manually logon to them as an administrator and temporarily place
them in a workgroup first before attempting to join the domain. Computer
account passwords expire after thirty days and if there as been a time
greater than that since the computer has contacted a domain controller the
secure channel to the domain controller will be broken for sure. Computers
do not have to be on the same subnet, they just need connectivity.

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Two extremely helpful tools for diagnosing domain problems are netdiag and
dcdiag. They are located on the install cd under the support/tools folder
where you will need to run setup. I would first run netdiag and then dcdiag
on the domain controller looking for any failed tests/errors/warnings
particularly related to dns, domain membership, and dclist. Fatal errors are
a sure sign of bad things. After you get your domain controller configured
properly run netdiag on one of the workstations that you want to add to the
domain looking for the same. Of course on non domain machine will not yet
show domain membership, but one joined to the domain will if everything is
configured correctly. Also make sure you can ping the domain controller by
IP address and fully qualified domain name before you attempt to join it to
the domain and you have configured it to have the domain controller as it's
preferred dns server. --- Steve
 
Back
Top