Machine accounts disappear every two days

[Brad]

I have a Windows 2000 AD environment w/ W2K Pro
workstations. I have a W2K Pro machine that has been
successfully added to the AD environment and can login.
The machine account is created and visible within AD
Users and Computers. The client has registered
successfully within DNS. Every two days, this client
receives a error when logging into his domain stating the
computer account cannot be found. Sure enough, it no
longer exists in AD. The client still sees itself as
belonging to the appropriate domain, yet the account is
not in AD. This is a W2K Pro machine with SP3. All DCs
in the AD forest are SP3. We have dropping it into a
workgroup and readding it to the domain from the client
GUI. This fixes the problem for another two days. Any
insight would be appreciated.

 

[Alan Sterling [MSFT]]

Hi Brad,
Open your group policy (either for domain, domain controller, site, or
organizational unit)
Double click on Computer Configuration
Double click on Windows Settings
Double click on Security Settings
Double click on Local Policy
Select Audit Policy
In the right pane, select Audit Account Management
Select Success and Failures

Once the group policy is applied, you then will generate the following
events in
the Security Event Log

624 - Account Management - User Account Created
642 - Account Management - User Account Modified
630 - Account Management - User Account Deleted

This should help determine who is deleting the account.


In the Domain Controller policy, setup

 

[Guest]

Auditing was setup and confirmed on the DC OU. We
checked the DC where the object was created originally
with no audit trail for any change or deletion. Any
other thoughts? We thought maybe replication was
overwriting the newly created object somehow, but we
can't pinpoint what is happening.