Unable to log on with a domain account

G

Guest

I have a workstation that is on the domain. My colleague logged on this
morning using his domain username and was able to log on fine. Eventually,
the PC was lagging and he decided to do a reboot. After rebooting he was
unable to log on with his domain user account. He would get the following
error "Windows cannot connect to the domain, either because the domain
controller is down or otherwise unavailable, or becuase your computer account
was not found."

So, we tried two other AD accounts and the same error occurs. I spoke with
an AD admin and we tried the following. I had him flush the computer account
from the domain controller. On the PC we removed the PC from the domain and
added it to a workgroup. Did the required reboot. Logged on. I had the AD
admin add the computer to the domain using the same computer name that he
previously flushed. He authenticates the addition of the PC with the domain
controller. It gives the welcome to the AD domain message and asks for us to
reboot. So at this point it obviously has the ability to communicate with a
domain controller.

I reboot after adding the computer to the domain and try logging on with my
AD account. Same error.

I verified the local admin group and our AD accounts are in that group. I
even removed my name and re-added my name to the group. That had no problem.
Once again showing that it can communicate with the domain controller.

So basically I can do anything minus log on to the computer using AD accounts.


Anyone have any ideas? I'm baffled.
 
G

Guest

Ok - I found something that seems to have worked. I thought I would post it
in case someone else has this same problem in the future.

We went from the domain to a workgroup. Changed the computer name to
something we never used before and never used to put on the domain. Rebooted.
Added the PC to the domain with this new name that we never used in the past.
Rebooted and now we can log in fine with an AD account.
 
H

Hank Arnold (MVP)

Dups said:
Ok - I found something that seems to have worked. I thought I would post it
in case someone else has this same problem in the future.

We went from the domain to a workgroup. Changed the computer name to
something we never used before and never used to put on the domain. Rebooted.
Added the PC to the domain with this new name that we never used in the past.
Rebooted and now we can log in fine with an AD account.
Click to expand...

You may not have waited long enough for AD to completely delete the
account. Do you have more than one DC?

I usually wait at least 15 minutes to let all the DCs replicate the
changes.

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
 
G

Guest

Actually, I have more information on this.

I mentioned to the AD admin to remove computer from the domain. We waited an
entire day (like Hank said you need to wait a while for all the DCs to
replicate but not as long as I did it's just that I thought of it at the end
of the day). Anyhow, the next day we tried putting the PC on the domain with
the hostname that was giving us problems and it let us on fine.

So that is what the problem was, there must have been something messed up
with the computer name that was on the domain and we were not waiting long
enough to re-add it to the domain when removing it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Prevent some Domain Admin Account from creating USERS, Groups, OUs 2
child domain logging to parent domain 1
I reset the computer account 2
Single domain AD with many separated offices 9
AD courpt? 7
Migration Woes -the system cannot log you on now because the domain <domain>is not available 1
adding a Windows 2003 server and promote to DC in Windows 2000 AD/Domain 4
Domain Controller Crashed - Other servers don't have 'copies' of A 2

Top