| Author |
Message |
Janusz Romanowski
Guest
|
 Posted:
Wed Jan 12, 2005 8:29 pm Post subject:
Unable to join Win2k3 domain after pre-creating computer acc |
|
|
I am migrating several thousands of Windows XP workstations into a new
Win2k3 domain. I am pre-creating the computer accounts into specific OUs.
When I try joining the workstation to the domain (even when using a domain
admin credentials) I get an error that the account already exists! If I do
not pre-create the computer objects I have no problem joining the domain but
that puts the computer objects into the domain's default Computers OU. I
also tried pre-creating the computer object in that OU but am getting the
same "account already exists" error. Has anybody seen this?! Any help would
be greatly appreciated. |
|
| Back to top |
|
 |
Glenn L
Guest
|
| Posted:
Thu Jan 13, 2005 6:29 am Post subject:
Re: Unable to join Win2k3 domain after pre-creating computer |
|
|
This is probably a permissions issue.
After you pre-create the account, execute DSACLS against it and post the
results here.
DSACLS cn=computername,ou=orgunit,dc=domainname
Substitute your DN path to the computer.
Also, what account are you using when you join the workstation?
We will see if this account has the necessary parms based on the DSACLs
output.
Incidentally, NETDOM supports specifying the target OU when you join the
workstation.
NETDOM ADD machine /Domain:domain [/UserD:user] [/PasswordD:[password | *]]
[/Server:server] [/OU:ou path] [/DC]
--
Glenn L
CCNA, MCSE 2000/2003 + Security
"Janusz Romanowski" <jromanow@alliance.csc.com> wrote in message
news:Oi6ceML%23EHA.1264@TK2MSFTNGP12.phx.gbl...
| Quote: | I am migrating several thousands of Windows XP workstations into a new
Win2k3 domain. I am pre-creating the computer accounts into specific OUs.
When I try joining the workstation to the domain (even when using a domain
admin credentials) I get an error that the account already exists! If I do
not pre-create the computer objects I have no problem joining the domain
but
that puts the computer objects into the domain's default Computers OU. I
also tried pre-creating the computer object in that OU but am getting the
same "account already exists" error. Has anybody seen this?! Any help
would
be greatly appreciated. |
|
|
| Back to top |
|
|
Rebecca Chen [MSFT]
Guest
|
| Posted:
Thu Jan 13, 2005 3:52 pm Post subject:
Re: Unable to join Win2k3 domain after pre-creating computer |
|
|
Hi Janusz ,
Yes, the New user accounts, computer accounts, and security groups will
initially be created in the CN=Users and CN=Computers containers until they
are moved by the administrator or an administrator-defined script. However,
you can use the script to change the default OU.
You can also Redirecting CN=Computers to an Administrator-Specified
Organizational Unit, thus, when you join a client to the domain, the
computer account will be added in the OU you desirabled.
For more details, please refer to the following article:
Redirecting the users and computers containers in Windows Server 2003
domains
http://support.microsoft.com/?id=324949
HTH!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
Janusz Romanowski
Guest
|
| Posted:
Thu Jan 13, 2005 7:33 pm Post subject:
Re: Unable to join Win2k3 domain after pre-creating computer |
|
|
Glenn,
Thank you for replying, I've found out what the problem was. Since I was
changing the workstation's name as well as domain membership, and
pre-creating the accounts I needed first to disjoin the workstation from the
old NT 4.0 domain into a workgroup and then join the new Win2k3 domain. I am
assuming that there was a mismatch in the machine's domain password as I was
trying to go straight from NT 4.0 to Win2k3; and yes I used NETDOM to
pre-create the accounts into specific OUs, thanks for letting me know
though.
| Quote: | Glenn L<the.only delete @gmail dot com> 01/12/05 6:29:35 PM
This is probably a permissions issue. |
After you pre-create the account, execute DSACLS against it and post the
results here.
DSACLS cn=computername,ou=orgunit,dc=domainname
Substitute your DN path to the computer.
Also, what account are you using when you join the workstation?
We will see if this account has the necessary parms based on the DSACLs
output.
Incidentally, NETDOM supports specifying the target OU when you join the
workstation.
NETDOM ADD machine /Domain:domain [/UserD:user] [/PasswordD:[password | *]]
[/Server:server] [/OU:ou path] [/DC]
--
Glenn L
CCNA, MCSE 2000/2003 + Security
"Janusz Romanowski" <jromanow@alliance.csc.com> wrote in message
news:Oi6ceML%23EHA.1264@TK2MSFTNGP12.phx.gbl...
| Quote: | I am migrating several thousands of Windows XP workstations into a new
Win2k3 domain. I am pre-creating the computer accounts into specific OUs.
When I try joining the workstation to the domain (even when using a
domain
admin credentials) I get an error that the account already exists! If I
do
not pre-create the computer objects I have no problem joining the domain
but
that puts the computer objects into the domain's default Computers OU. I
also tried pre-creating the computer object in that OU but am getting
the
same "account already exists" error. Has anybody seen this?! Any help
would
be greatly appreciated. |
|
|
| Back to top |
|
|
Janusz Romanowski
Guest
|
| Posted:
Thu Jan 13, 2005 7:38 pm Post subject:
Re: Unable to join Win2k3 domain after pre-creating computer |
|
|
Rebecca,
Thank you for replying, I've found out what the problem was. Since I was
changing the workstation's name as well as domain membership, and
pre-creating the accounts I needed first to disjoin the workstation from
the
old NT 4.0 domain into a workgroup and then join the new Win2k3 domain. I
am
assuming that there was a mismatch in the machine's domain password as I
was
trying to go straight from NT 4.0 to Win2k3
| Quote: | Rebecca Chen [MSFT]<v-rebc@online.microsoft.com> 01/13/05 3:52:28 AM
Hi Janusz , |
Yes, the New user accounts, computer accounts, and security groups will
initially be created in the CN=Users and CN=Computers containers until they
are moved by the administrator or an administrator-defined script. However,
you can use the script to change the default OU.
You can also Redirecting CN=Computers to an Administrator-Specified
Organizational Unit, thus, when you join a client to the domain, the
computer account will be added in the OU you desirabled.
For more details, please refer to the following article:
Redirecting the users and computers containers in Windows Server 2003
domains
http://support.microsoft.com/?id=324949
HTH!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
Rebecca Chen [MSFT]
Guest
|
| Posted:
Fri Jan 14, 2005 8:10 am Post subject:
Re: Unable to join Win2k3 domain after pre-creating computer |
|
|
Glad to know you have found the root cause! :)
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in