Joining to domain on same computer account name
Hi,
I have a critical server. I need to reinstall it with clean installation an same name. I don't have permissions to delete computer account from AD, but I have permissions to add to domain. If I remove server from domain reinstall it and will join to domain
with same name. Does this can cause any issues? Do I have to delete server computer account before joining to domain?
thank you,
Hi
If you are reinstalling server and do not want to delete the existing computer account, you'll get error "Computer account usually exists already, and security on that account does not allow you to join — usually because the computer was joined
previously by using different computer account credentials."(Assuming you did not joined it to domain in present case). So you must first delete the existing account or get full permissions on the account.
If you receive the error "Failure to create a computer account," it usually means that either the account already exists or that there are insufficient access rights available to the user who is trying to join. Table 10.8 shows the error codes
that come under this category.
Table 10.8 "
Failure to create a computer account " Error Codes
Description
Actual Error
Error Code
Computer account usually exists already, and security on that account does not allow you to join — usually because the computer was joined previously by using different computer account credentials.
ERROR_ACCESS_DENIED
5
The user has joined so many computers that he has exceeded the default per user computer quota (by default, 10).
ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED
8557
The specified user already exists.
ERROR_USER_EXISTS
2224
Also pls refer the article for in-depth details :
Join and Authentication Issues
http://technet.microsoft.com/en-us/library/cc961817.aspx
Hope this helps. :)
Thanks
Similar Messages
-
I have 2 iPads with the same Apple account name. How do I set up one with a different Apple name?
Why is the reason you want a different apple id on them? Need more details to make sure we don't accidently set up the self destruct feature and destory the planet.
-
Setting computer account name if multiple Macs?
I recently purchased a new MacBook Air - yay! I had the old white MacBook and a 2009 iMac!). Therein lies my question.
I plan to still access those computers as I use some files infrequently but don't want to bring them over to my new pristine MacBook Air. I know when I'm off network I can't reach them as easily, but I do have LogMeIn so I can get to them in a pinch if I need to do so.
Anyway, when I set up my other two over the years, I named them MynameMac and mynameMacBook so I wouldn't be confused on the network. But it's been so long I can't remember when to do that? I'm at the setup screen of Create Computer Name - is that when I should do that? Or can I have my Account Name be one thing but designate a different name for when the computers are Home Sharing on the network?
this is not referring to Apple ID accounts - I mean the actual Computer Account Name (home folder label etc.)
thanks for your guidance.You need to pick a user account name now, which cannot be easily changed later. The computer name can be changed quite easily on the Sharing System Prefs pane.
-
Should I have the same admin account name on multiple computers
Currently I have a Macbook with an admin account plus 2 user accounts. When get a 2nd macbook, should I use the same admin name on the 2nd computer? I was thinking of making all admin account names the same for multiple macbooks, time machine, network etc. Maybe it doesn't really matter and it just means remembering multiple login names and passwords. On a related question, should the same account name be used on multiple computers. This would create a home directory on each computer with the same name. Would it be best to keep seperate names? I am refering to computer accounts, not itunes or app store accounts.
It doesn't really matter, but my vote is for different Admin names and passwords and for different computer/disk names.
The first one is for increased security (if someone breaks your password on one, they won't have access to the other). The second one is to easilly distinguish the different macs and disks in a file sharing, network browsing and syncing situations. -
How to use migration assistant when the same user account name is on both computers
I want to migrate all my info from my MacBook to my new (to me) MacBook Pro. I've already set up a user account on the new MBP that has the same name as the user account on the MacBook that I want to migrate.
Snags40 wrote:
In both cases the UID for my primary User Account is 507
507? That's odd; usually the first one created is 501, then 502, etc. Could you have gone through 6 accounts?
Since I've migrated thru several Macs to get to the current state on the old MacBook, I suspect the UID has changed.
That could explain some of it, if you used Migration Assistant instead of Setup Assistant. It would have taken a lot of migrations and user accounts to get to 507, I'd think.
I still have the Powerbook that preceded the MacBook. How can I determine the UID on 10.4.11? The right click on the Account name in User Accounts doesn't show that value. I'd like to see if UID has changed going from 10.4 to 10.5.
Good question. I skipped Tiger, and don't recall earlier versions, but this article may help: http://hints.macworld.com/article.php?story=20051022175850619&query=change%252BU ID -
Hi!
We have two companies in our building, Company A and Company B. Company A has 50 client computers and one brand new DC (Win 2012 R2 Std). Company B has 5 clients and one established DC (Win 2008 R2 Foundation).
I work for Company A and I have the job of connecting all 50 clients to the new DC. Up until last week we had a workgroup set up and it has been my task to migrate our clients onto the domain. I have done 10 migrations of Win 7 machines so far, but three
others seem to be unable to connect with the error: The specified network name is no longer available.
I have connected these successfully to Company B Domain Controller successfully so this seems to point towards Company A DC being wrong somewhere, but doesn't make sense as to why 10 other clients have connected fine.
Here are the troubleshooting steps I have taken so far:
I am in the Domain Admin group on Company A Active Directory
Computer Browser Service is running on server and affected client
Workstation Service is running on server and affected client
Server Service is running on server and affected client
To connect to the domain I have tried using the NetBIOS and the FQDN, I get the same error message.
NETLOGON service is enabled tried restarting - no difference
Windows Firewall is off
No AV installed at the moment. I have Sophos waiting to go on once the machine is hooked onto the domain.
DNS Reverse lookup manually created as it wasn't there
Tried ipconfig /flushdns /release /renew
NSLookup sucessful, can ping NETBIOS, FQDN of server and both client and server IP both directions
Affectted clients are configured with one network card.
I've been pulling my hair out for a few days on this one. Anyone have a possible solution for this.
Many thanks,
MattHi!
We have two companies in our building, Company A and Company B. Company A has 50 client computers and one brand new DC (Win 2012 R2 Std). Company B has 5 clients and one established DC (Win 2008 R2 Foundation).
I work for Company A and I have the job of connecting all 50 clients to the new DC. Up until last week we had a workgroup set up and it has been my task to migrate our clients onto the domain. I have done 10 migrations of Win 7 machines so far, but three others
seem to be unable to connect with the error: The specified network name is no longer available.
I have connected these successfully to Company B Domain Controller successfully so this seems to point towards Company A DC being wrong somewhere, but doesn't make sense as to why 10 other clients have connected fine.
Here are the troubleshooting steps I have taken so far:
I am the Domain Admin group on Company A Active Directory and have full Admin rights to Company B
Computer Browser Service is running on server and affected client
Workstation Service is running on server and affected client
Server Service is running on server and affected client
NETLOGON service is enabled tried restarting - no difference
IPv6 is enabled, but not used
DCDIAG tests all pass
NIC 2 has been disabled as it is not used
NIC 1 is first priority
To connect to the domain I have tried using the NetBIOS and the FQDN, I get the same error.
Windows Firewall is off
No AV installed at the moment. I have Sophos waiting to go on once the machine is hooked onto the domain.
DNS Reverse lookup manually created as it wasn't there
Tried ipconfig /flushdns /release /renew /registerdns
NSLookup sucessful, can ping NETBIOS, FQDN of server and both client and server IP both directions
Affected clients are configured with one network card.
*****Domain Controller*****
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : AG-ADDS
Primary Dns Suffix . . . . . . . : aggora.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : aggora.local
Ethernet adapter NIC1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : F8-BC-12-3D-C7-6A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b499:7b3b:5ee7:618c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.251(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.4
DHCPv6 IAID . . . . . . . . . . . : 318290962
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3E-88-37-F8-BC-12-3D-C7-6A
DNS Servers . . . . . . . . . . . : ::1
10.0.0.251
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{F2A8A31C-01D2-4F6F-8CFF-A5AB69F344A8}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
*****Problematic Client*****
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : AG21
Primary Dns Suffix . . . . . . . : aggora.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : aggora.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : aggora.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-19-99-9B-90-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.115(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 23 July 2014 10:12:30
Lease Expires . . . . . . . . . . : 24 July 2014 10:12:30
Default Gateway . . . . . . . . . : 10.0.0.4
DHCP Server . . . . . . . . . . . : 10.0.0.253
DNS Servers . . . . . . . . . . . : 10.0.0.251
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.aggora.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : aggora.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I'd be grateful for any assistance.
Many thanks, -
Disable domain join unless computer account has first been created
Anyone know if its possible to configure Active Directory so that a computer cannot be joined to the domain unless the computer account is first created manually
Hi Meinolf,
while you are right with a Domain user can join up to 10 Computers to a Domain, that is not exaktly what happened.
Even if a user may join a new computer, this only and only is possible in case the user is allowed to write to the corresponding OU / Container, where the account needs to be created.
A join will fail if the user cannot create the computer account object. The statement is not correct in this way from an end (Computer) to end (Computer object) view.
If you worked with pre-populated Computer objects, the 10 Computer Limit is also obsolete. When you create the object you are (GUI) asked "who can join that Computer to the Domain?". If you are a member of the group put in that Dialog, there is no 10 computer
limit. You will be able to join as many Computers, as needed.
The 10 computer limit per Account is only and only valid if you did not prepopulate the object AND you have access to create a new computer account at the default OU for new computers. This is working for AD Windows Server 2003 up to AD DS Windows Server
2012 R2.
http://support.microsoft.com/kb/243327/en-us
http://blogs.technet.com/b/kevinremde/archive/2013/10/30/what-s-new-for-active-directory-in-server-2012-r2.aspx
Kind regards,
Martin -
Two people, two iPhones, one computer, same iTunes account?
My girl friend and I just recently purchased our own iPhones. I've owned an iPod for a couple of years so my iTunes account has been active for that long. When I synced MY iPhone it went well I wasn't concerned. However, when my girlfriend synced her iPhone (even after signing herself up for her own account) it put ALL my phone numbers, music, etc., etc., on HER iPhone. Not good for either one of us I must say. So, can two people with two iPhones using the same computer sync to iTunes TOTALLY SEPARATE AND TOTALLY EXCLUSIVE OF EACH OTHER'S saved telephone numbers, music, games, pics, etc., etc.
Your iTunes same computer account can handle many iPods and iPhones on that particular computer and account. However, be sure to _backup your computer_ (not the iPhone/iPod. The computer).
The scenario being your computer came up with viruses not removable except from a computer wipe and restore and all of your movies, songs, etc are wiped with it. When that happens, all your iPods and iPhones will be wiped the next time you reconnect. It pops an error message saying this is not the same account and you have to wipe and sync to be allowed to use it. -
WinXP computers can't join the domain
Hi, I'm setting up my first Xserve and I'm having troubles making WinXP machines join the domain.
With OS X and Win98 clients I have no problems with the tests accounts I have created, but with with WinXP machines I get the error that they can't Join the domain becouse Access is Denied. I don't think is a configuration error on the server's services or the WinXP boxes becouse I can join the domain and access the account for diradmin OK from the WinXP boxes, so it may be an account configuration problem.
Also the accounts have network home folders, don't know if this might also cause a problem, I did try with no home assigned and still got the same error.
Any help would be appreciatedFixed the problem myself....
Creted a new account and dindn't move anything on it, nothing managed and nothing changed on the account windows tab.
Joined the domain with the diradmin account, and after the reboot used the new test user, logged in fine and home folder was mounted as a Network drive perfectly.
Hope this helps someone in the future -
Computer account disappears after losing trust
Hello,
We are having quite a strange issue.
We have about 2000 PCs on our network running a range of different OS versions. Some PCs in randomly lose their trust with the domain.
The strange thing is, after losing the secure connectivity with the domain. The computer accounts just disappear from AD.
Is this the normal case when losing secure connectivity with the domain?
We also searched for the deleted computer account in recycle bin, But the entry is not there. Our domain and forest functional level is 2008r2 and we are running 2008 r2 standard domain controllers.
Please help me on the point "computer accounts disappearing from AD after losing trust relationship without present in deleted containers"Hi Venkat,
Thanks for your information. We would check with the NIC drivers. But please help us to understand on the point "computer
accounts disappearing from AD after losing trust relationship without present in deleted containers" Is this a normal issue when trust relation breaks?
The disappeared objects don't even exists in active directory recycle bin after removed. This is what we see as strange.
Please help us. -
Hello All,
we have created shared folder on multiple client machine in domain environment on different 2 OS like-XP,Vista, etc.
from some day's When we facing problem when we are access from host name that shared folder is accessible but same time same computer when we are trying to access the share folder with IP it asking for credentials i have type again and again
correct credential but unable to access that. If i re-share the folder then we are access it but when we are restarted the system then same problem is occurring.
I have checked IP,DNS,Gateway and more each & everything is well.
Pls suggest us.
Pankaj KumarHi,
According to your description, my understanding is that the same shared folder can be accessed by name, but can’t be accessed be IP address and asks for credentials.
Please try to enable the option below on the device which has shared folder:
Besides, check the Advanced Shring settings of shared folder and confrim that if there is any limitation settings.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
How can I uniquely identify computers on the same network/account specifically for airdrop use? When I change name on one computer under contacts it changes on all computers. I would like to change icon and name for each computer.
you would need to setup a VPN and tunnel into your office.
FYI..the default ports are 3283 and 5900. -
Dynamic DNS updates and issues with re-imaged / replaced machines with the same computer name
Our AD team gets asked frequently to delete bad DNS entries because a computer was replaced or VDI was re-created, and when it was joined to the domain it had the same computer name but different SID, so the DNS entry for that computer can no longer be updated
to a new IP address because the new computer doesn't have rights to update that object in DNS.
I recently saw a resolution to this was to set the security for DNS to allow updates from "Domain Computers" as described in the KB below.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2005210
Has anyone done this? Any negative implications from this?
ThanksGranting all domain computers write access to all records in the dns zone does solve the problem. On the negative side, DNS security is reduced significantly. For example, any user with admin rights locally on his/her computer will be able to sabotage
services in your domain by deleting or changing host records of domain controllers, servers or other client computers.
A more secure solution in this case will be configuring DHCP servers to update DNS on behalf of the client and granting DHCP servers appropriate access to DNS zone. Take a look at
Configuring Secure Dynamic Update for more info.
Gleb. -
Windows 7 Computer refuses to join 2003 Domain.
Hey guys, I'm having a slight problem over here on my end connecting two new windows 7 pro PC's to the 2003 R2 server downstairs.
What's happening is that the domain name 'Name.root' is not found by either computer, but if I type in 'Name' I get a prompt to join the domain with a valid username and password associated. I've tried every username I have and even created
one on the server for myself to test with, but it still gives me an error that the password/username is incorrect.
As far as I know, the server and clients are all using DHCP and the DNS suffix is pointing to the same name. I can even ping the server from the computers upstairs, but if I use NSLookup, it only shows the router that's being used.
There are other windows XP pro units that will all connect using the same exact settings, so at this time I'm completely stumped as to what my next steps are. Any help with this would be greatly appreciated.Hi,
To find out what's your network environment, please upload the ipconfig /all results from Windows 7 client and Windows server 2003 R2.
I recommend you to manually assign IP address and DNS for Windows clients and Windows server 2003 R2 instead of using DHCP.
Also, please check if SRV record is created in DNS manager.
You can refer to the article below:
http://support.microsoft.com/kb/816587
And recommend add such an entry: <FQND of domain> <server ip> to host file in windows client.
The path for host file is in %windir%\system32\drivers\etc\hosts.
Andy Altmann
TechNet Community Support -
Can i rejoin ny SCVMM 2012 server to domain with same name & IP address?
Dear all..
I am in situation where i have to rejoin my scvmm server to domain with same name & ip address.one of the fool admin has deleted my SCVMM's computer object from AD. I have recreated the object & tried to log on but no luck.. i have to rejoin
the server.
Does it have any risks involved or its just fine?Hi,
First the behavior is normal. If an computer accounts is deleted, you cannot continue using the server without rejoining.
SCVMM it's not depending (integration) on active directory in such way as Exchange.
So, if the computer accounts has been deleted, there is no issue in creating a new one and rejoin the server. As long as the application on the server is able to look up any required directory services, it should be happy again.
Best Regards,
Jesper Vindum, Denmark
Systems Administrator
Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.
Maybe you are looking for
-
EBS: Email XML publisher output, from After Report Trigger in Data Template
Here is what I'm trying to do: -- In EBS (11.5.10 CU2), I'm using XML publisher (5.6.2) data template and layout template to generate Output files (PDF, EXCEL etc) --In the Data Template's AfterReport Trigger, I'm using the Concurrent Request Id to l
-
Disk utility can't repair disk (1 partition) on external hard drive
I've search here some to try to find the answer to my scenario, but I really don't understand how Disk Utility got involved in my external hard drive to begin with, so here's my question. I have a 2TB Western Digital My Book Studio FW800 external tha
-
Error In BDC when uploading for tcode FS00
Hi Experts, problem in uploading BDC session method for tcode FS00. when i run my program it is giving apopup error message that (BDC_INSERT screen invalid) but my screen number is correct. i have checked this in recording program also. THere are s
-
my nokia E71 FM radio just doesn't work.anytime i try to connect to radio the only available option is the visual radio.i changed the auto-start service on the settings of the visual service to off but still the FM radio.does anyone have a solution?
-
I have 5 tables.i want to select one respective record from 5 table .But i will pass only one argument... what is the query for that..................