-
May 23rd, 2007, 10:26 PM
#1
AD computer disappearing trick
We were checking out a computer earlier that was having some software problems, and found that somehow it was no longer listed in AD. It was still able to logon to the domain, and domain users had no problems logging in.
We've seen this happen with a couple of other computers. Anyone know what would be causing this?
-
May 24th, 2007, 10:30 AM
#2
I think AD gets its computer list from DHCP. So, devices on a static IP don't show. Certainly devices that have been off for long enough for the lease to expire don't show.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
May 24th, 2007, 12:03 PM
#3
We don't use DHCP. AD adds computers to its list whenever a domain admin joins it to the domain. We can rejoin it to the domain, and the computer will show back up. We're all scratching our heads on this one.
-
May 24th, 2007, 12:43 PM
#4
Originally Posted by Aardpsymon
I think AD gets its computer list from DHCP.
You're confusing AD with DDNS.
On a windows domain a computer needs to be registered to it. This usually happens when you "join" a domain, the computer account gets created automagicly.
Delstar, maybe you should turn on some auditting? Perhaps someone is removing the computer account, or it may "time-out". I've seen both happen. The security logs can show the needed info, if you turn on audits that is.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 24th, 2007, 01:15 PM
#5
Nothing was in the logs about it, and we know none of us removed it. The computer in question is used daily, and all of our computers are set to reboot at midnight, so I'm not sure how it would time-out.
-
May 24th, 2007, 01:25 PM
#6
Haven't figured that one out either, just know it happens from time to time.
Do you audit these events? They aren't by default and nothing would show up in the logs.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 24th, 2007, 04:03 PM
#7
delstar,
yeah, no resolution here either. I've suffered a similar situation where my account has just disappeared from AD. No error messages, nothing in the event viewer. It's happened twice over a year and I still have no clue what's causing it.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
May 24th, 2007, 04:37 PM
#8
SirDice : yes, we audit events such as this
ShagDevil : we've seen it happen to 2 different computers, but others may have been affected and we just haven't found them yet
After a bit of googling, nobody else seems to know what's causing it, either. We did notice a large number of the people that did have this problem made note of the fact that they use McAfee, which we also use, but I have no idea why that would be causing problems like this.
-
May 25th, 2007, 05:51 PM
#9
Are you guys running McAfee Antivirus or Firewall? I've seen issues where reinstalling this fixes the problem. Have also seen it work with Norton/Symantec products as well...worth a shot.
"It is a shame that stupidity is not painful" - Anton LaVey
-
May 25th, 2007, 06:42 PM
#10
well it is going to get the computer name over netbios since you are using AD. Maybe those systems have firewalls or maybe some one changed the name of them recently?
Similar Threads
-
By akachuckie in forum The Security Tutorials Forum
Replies: 8
Last Post: February 24th, 2005, 01:47 AM
-
By devildell in forum Tech Humor
Replies: 0
Last Post: November 15th, 2004, 11:41 PM
-
By ai0070 in forum Miscellaneous Security Discussions
Replies: 6
Last Post: October 18th, 2004, 11:21 PM
-
By ali1 in forum The Security Tutorials Forum
Replies: 27
Last Post: January 1st, 2004, 11:59 AM
-
By ar_wind in forum Tech Humor
Replies: 0
Last Post: November 19th, 2003, 01:48 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|