XP client domain account problem
Results 1 to 6 of 6

Thread: XP client domain account problem

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    3

    XP client domain account problem

    Hi! First post...Here we go...

    I am the present caretaker of a client/server Windows domain. 1 file/DC running 2003, 8 clients running XP Pro.

    The issue: I am having difficulty in adding domain group accounts to the file structure on the clients. 1) I checked the PC's to ensure domain membership (Right-click My Computer--> Properties)-->Computer Name-->Change. Looks OK... 2) Right-click on any folder-->select "Sharing & Security"-->select "Security" tab-->"Add". In the text area that lists "From this location", I have the local PC name. I need the domain name.

    OK...So I join a workgroup, and restart client. Logon as local admin, join domain. Restart client again. Logon as domain admin. Check "From this location" again in "Sharing & Security" (File structure stated above). I still get the local PC name....

    I made some changes to sync NTP on the DC with outside time server per Microsoft guidelines((HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config----Polling values, MaxPosPhaseCorrection & MaxNegPhaseCorrection DWORD values) with the clients(running NT5DS---W32Time). Clients and DC are synched on time presently.

    Before making changes to DC, I could see domain name listed in "From this location" on clients. After a period of time, they would lose domain membership. After making the changes to DC, I can't get domain name listed in "From this location". Hence, cannot add group accounts...

    Any assistance or advice would be greatly appreciated. Tks in advance......

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Any errors in the eventlogs of the clients and/or server?

    When you removed the clients from the domain did you also remove the computer account?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    just to clarify: the domain name disappear just "from location" ? if you press "locations" button you can or can not still find the domain name?
    if you have only one DC and sync this DC time with a external time source you didnt caused no harm, because since all stations will sync with DC so, even if you get the wrong time, everybody will be in sync. The only problem i can see if the external time source change the time back and forward a lot of time (a buggy time source) but i dont think that is the case.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Junior Member
    Join Date
    Aug 2006
    Posts
    3
    SirDice: First thing I checked was event log on client & server. No errors to help troubleshoot. Thought maybe a corrupt SID so blasted computer account from AD and joined domain "fresh". That didn't solve the issue.

    cacosapo: When I click "Locations", only the local PC name listed. No domain container.... The time sync between clients/server seems to be accurate.

    Thanks for your time in helping me to troubleshoot this problem..

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    1st. guess:

    Is there another computer with the same SID? perhaps you had cloned one XP and kept the same sid.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  6. #6
    Junior Member
    Join Date
    Aug 2006
    Posts
    3
    That is an interesting point! It got me thinking.... Found 2 tools from PsTools---PsGetSid, and NewSid. (GetSid from Resource Kit) This should help me troubleshoot further.

    Tried renaming a PC with different NETBIOS name & then joining domain. Initially, I was able to see domain listed under "From this location". I proceeded to test on other PC's, but with no luck. Looked on PC(about 15 minutes later) that I initially had success on to see if domain still listed under "From this location". It had fallen off to local account.

    I will try the SID route in more detail. If not successful, will resort to sniffing traffic.

    BTW, anyone know what reg keys to look at for SID's in registry? (Interested in pickin' someone brain....Didn't find anything that jumped out at me via Google, or searching antionline)

    Many thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides