Computers are listed in AD and can access all aspects of the LAN however...
-
Thursday, February 07, 2013 6:18 PM
I have never seen this before so I hope someone can shed some light on this issue I am having.
Windows XP computers, all are up-to-date on SP's and MS Updates and are in the domain (can be seen in AD)
When I right click My Computer/Manage/Users and Groups/Groups/Administrators and click on ADD, the "From this Location" it is set to the Local Computer and NOT to the Domain. When I click on "Locations" button I get the local computer name and "Entire Directory" I do not have the Domain under the "Entire Directory". I click on "Entire Directory" and it changes the "From this Location" to "Entire Directory". Click on "Advance" and "Find Now" and all the names come up and I choose the name I want and click OK and Ok and Apply. Everything looks good, the name appears in the Members list. Now when I reboot the computer and go back in to see if that name is still there, sometimes the name is there as it should be displayed (ie Domain Admins), sometime it comes up with a long name with S-1-5-21-3390.......... (too long to enter all the number)
We have a small network of about 24 PC's and 7 servers (2 of which are DC's), this is happening on only a handful of computers where the location is not set to the domain and the name is being displayed like S-1-5-21-3390......
My questions are:
1) What do I need to do/fix to make the location be the domain and not the local computer.
2) is the name being displayed like S-1-5-21-3390.... because the local computer name is set as the location and not the domain and if fixing the location to the domain will that fix the name being displayed?
Thank you very much.
Robin
All Replies
-
Monday, February 11, 2013 11:47 AM
Have you tried putting the computers back onto WORKSTATION and then rejoining them to the domain?
For your information the long name with S-1-5...... is the SID of the domain account SID = Security Idenifiter, in order for this to be converted into a name it has to do a SID lookup.
To check if the computer is able to do SID lookups on the domain controller you can try the following command to convert the domain admins group into there SID which should then match the number that gets left in computer manger when it does not display domain admins.
dsquery group -name "Domain Admins" | dsget group -sid
Hope this helps a little and gives you some more information on how the SID's and names work. Give rejoining to the domain a try and see if you get the same results.8B17
- Marked As Answer by luv2bike2 Wednesday, February 13, 2013 11:26 PM
-
Monday, February 11, 2013 7:18 PM
Thank you for your response. I will take one of the workstations out of the domain and add it to the workgroup and rejoin to the domain (of course after rebooting). and also looking up SID on the domain controller. I will post back tomorrow with the results. Thanks again
Robin
-
Wednesday, February 13, 2013 11:26 PMI took the computers out of the domain and into a workgroup, rebooted, add the computers to the domain , reboot and all is fine now. Thank you very much for your suggestion.
.png)
