Two sets of questions to begin with:
Basic questions:
1. Is it Windows Server 2003 or later, or is it Windows 2000? More precisely, what version of AD/Domain is being used?
It is Server 2003 (the server its self probably isn't much newer than that!). It has Active Directory 5.2.3790.3959.
2. Are you positive the user is logging on to the domain (or the right one), and not to the local machine?
Yes, I'm positive.
3. If Windows 2003 and later, what is being entered as a username: "
[email protected]" or simply "username". If just "username", back to point 2., can you confirm the third line in the logon screen labeled "Logon To:" is actually showing the proper domain and not local computer?
They are using just the prefix, not the whole address.
4. What is the exact wording of the error message?
I'll try to get the full error, but at the moment I'm working on these machines remotely, so I don't know if I'll be able to log back in...
More advanced:
A. Is the logon failing on one PC only, or on every domain PC?
B. Are other domain users loggin on successfully on those same workstations where this particular user logon is failing?
Logons aren't failing for everyone, but I'm thinking it might be because others have already logged into those computers and have accounts created locally. Does that make sense? However, I definitely replaced one user's computer recently and was able to log her on (it was a computer already joined to the domain, just one she hadn't logged onto before...
C. On the Domain Server, checking the properties of the PCs where logon is failing, can you confirm their icon in the AD is not showing a broken connection? It is very unlikely, but it may have happened if you changed the computername without operating in the domain first, for example.
I didn't change any computer names that I can think of. I don't see any problem with the icon...
D. Have you re-imaged any of the workstations where the logon is failing?
No, everything is as it was.
In general, one way to solve broken domain-workstation link without spending too much time troubleshooting is to remove the workstation from the domain (done at the workstation), then in the domain (on the domain server) - not always needed, but again, it takes 1 second and does not hurt-, then create the workstation again in the domain, the re-join the workstation (at the workstation). Of course, make sure the workstation name you enter in the domain is correct.
I'll have to see if I can do that. Like I said, I'm remoting these computers, so it might not be possible to remove and re-add the computer without getting kicked off in an unrecoverable way...
Is there any chance that's what happened to you?
Heh, I think I'd remember all that, so no, I don't think that's what happened. I haven't done nearly that much with these peoples' systems.
Previous Topic
Index
