Yup, like Oli pointed out, this looks like a replication issue.
1.How many DCs do you have
2.Go to each DC individually create a unique user and see if all the
users created replicate to all DCs
3. This doesnt appear to be an issue with perms , rights since the
user is able to add a new machine (new name) to the domain.
Cheers,
--
+----------------------------------+
I reply at the news groups only on weekends. If you need to contact
me, Im available on MSN Messenger at heygautam at hotmail
Thanks
Gautam Anand
+----------------------------------+
| Right. That should work, so I'm also having difficulty working out
what's
| going on. I wonder if the deletion has not replicated to all domain
| controllers before the join takes place and a different domain
controller is
| being used for the domain join. Just a thought.
|
| If I have any more thoughts, I'll let you know.
|
| Oli
|
|
| | >I created a JoinWorkstations group and configured the permissions
in
| > 'security' tab, on the respective "computer" container OU. I just
make the
| > domain user a member of that joinworkstations group and here we
go.
| >
| > I will copy this tech account and try to reproduce the problem to
see
| > what's
| > going.
| >
| >
| > | >> When you say "using a different name", do you mean a different
computer
| > name
| >> or a different user name?
| >>
| >> So, can you confirm that you're either using a domain admin
account (bad
| >> idea), or you've already delegated the right to create and delete
| >> computer
| >> accounts. If not, how did you give the user the right to join an
| > unlimited
| >> number of machines?
| >>
| >> Oli
| >>
| >>
| >> | >> > In this case the user does have the appropriate rights to join
| >> > unlimited
| >> > number of machines; that's why I mentioned that 'the user is
able to
| > join
| >> > the machine account' using a different name. Upon disjoining,
the user
| > got
| >> > no message saying that machine account could not be deleted
either.
| >> >
| >> > | >> >> When the user disjoined the machine from the domain, she would
have
| >> >> got
| >> >> an
| >> >> warning message saying that the machine account could not be
deleted.
| >> > This
| >> >> is because she doesn't have permission to delete computer
objects from
| >> >> the
| >> >> appropriate container.
| >> >>
| >> >> When she tries to rejoin, there's already a machine account in
Active
| >> >> Directory with the computer's name.
| >> >>
| >> >> You're probably also finding that regular users by default
have the
| >> > ability
| >> >> to add up to 10 machines to a domain. If you need these users
to be
| > able
| >> > to
| >> >> add and remove machine accounts freely from workstations, use
the
| >> > delegation
| >> >> of control wizard to delegate the creation and deletion of
machine
| >> > accounts
| >> >> on the "computers" container. I recommend that you create a
group and
| >> >> delegate permissions to the group rather than delegating to
users
| >> > directly.
| >> >>
| >> >> Hope this helps
| >> >>
| >> >> Oli
| >> >>
| >> >> | >> >> >I have here this User1tech here that complains that when she
disjoins
| > a
| >> >> > workstation from the domain, goes there a day or two later
and
| > attempt
| >> > to
| >> >> > rejoin SameComputerName to the domain, a message "account
already
| >> > exists"
| >> >> > is
| >> >> > displayed and joining operation is unsucessful.
| >> >> >
| >> >> > Then if User1tech tries to add the computer account using a
| >> >> > different
| >> >> > name,
| >> >> > the joining operation works accordingly, what tells me
permissions
| > wise
| >> >> > that
| >> >> > should be fine.
| >> >> >
| >> >> > What's wrong ?
| >> >> > Win2000ADSP4
| >> >> >
| >> >> >
| >> >>
| >> >>
| >> >
| >> >
| >>
| >>
| >
| >
|
|
