Computer account not found

active-directorywindows-xp

I joined a freshly wiped and reinstalled XP pro machine to my domain, and deleted the old computer as a pre-emptive measure to it telling me my PC was already on the domain and duplicates are not allowed. Now it says it cannot find my computer account when I try to log in. I've taken it off and put it back on the domain and it still says not found. I've looked in AD and can't find the PC so this makes sense. I don't know how else to create a computer in AD except to join it to the domain. Is another wipe the only solution?

I should probably add that I'm trying to avoid changing the computer name.

It is a physical machine, so no, not cloned.

domain is replicating properly, checked another DC to be sure.

I tried the new SID thing and that didn't work.

So now I've just created the computer manually in AD, but how do I know if it is actually using the appropriate group policy? In other words, how do I know that the actual machine is linked with the name created in AD?

Best Answer

Sounds like you need to generate a new Security Identifier (SID). Make sure the machine is joined to a "Workgroup" instead of "Domain" (If you've tried to make it be in the domain and it failed but still shows as being in the domain, disjoin and reboot). Next download and run SysInternal's NewSID Application

From: http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

How it Works

NewSID starts by reading the existing computer SID. A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account. This key has a value named F and a value named V. The V value is a binary value that has the computer SID embedded within it at the end of its data. NewSID ensures that this SID is in a standard format (3 32-bit subauthorities preceded by three 32-bit authority fields).

Next, NewSID generates a new random SID for the computer. NewSID's generation takes great pains to create a truly random 96-bit value, which replaces the 96-bits of the 3 subauthority values that make up a computer SID.

Three phases to the computer SID replacement follow. In the first phase, the SECURITY and SAM Registry hives are scanned for occurrences of the old computer SID in key values, as well as the names of the keys. When the SID is found in a value it is replaced with the new computer SID, and when the SID is found in a name, the key and its subkeys are copied to a new subkey that has the same name except with the new SID replacing the old.

Reboot after computer has been renamed, and try joining it to the Domain again.

Related Topic