Computer account missing from AD

So, I've had 2 separate issues that have involved me having to disjoin the domain and rejoin.

One computer earlier this week was giving me error whenever a user attempted to log in to the domain... I reset the computer account but that did not help. This was a Windows XP Pro computer that has been on the domain for over 1 year.

Another issue that just happened today was a Windows 2000 Pro user complained that they were getting an error logging in. I went up and tried my domain admin user and got the same error. So I took a look in AD and the computer was missing! I had to log on with a local account, disjoin then rejoin the domain. Which of course gave me an error while dis joining saying that it could not disable the computer account.

I verified that no one had been making any changes in AD. So, what can make a computer account disappear from AD like that? I've never ran across this.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

sprkymrk

Megadeth4168 wrote:

One computer earlier this week was giving me error whenever a user attempted to log in to the domain...

What was the error? Any clue in the event logs on the computer or DC?

Megadeth4168 wrote:

Another issue that just happened today was a Windows 2000 Pro user complained that they were getting an error logging in. I went up and tried my domain admin user and got the same error. So I took a look in AD and the computer was missing! I had to log on with a local account, disjoin then rejoin the domain. Which of course gave me an error while dis joining saying that it could not disable the computer account.

I verified that no one had been making any changes in AD. So, what can make a computer account disappear from AD like that? I've never ran across this.

How did you verify? Asking people? I think it's most likely an error by an administrator. It's easy to accidentally click on something in ADUC and mess something up. Sometimes people realize they screwed up but are too embarrassed to admit it. You can check the security event logs on the DC to see if someone did delete that computer account.

Megadeth4168

Sorry, should have elaborated. I verified by checking the logs and by asking the only other person who has the ability to make changes... My boss.

blargoe

You didn't give any details on the first problem, but it sounds like this "workstation trust" problem that seems to come up from time to time. On the Domain Controller's event log you would see a Netlogon error about the computer account not being trusted or something to that effect, and the fix is to disjoin and rejoin. I haven't spent enough time researching that particular problem to find the real cause of it.