At least once a week, an admin in our company will successfully join a computer (NT 4.0, Win2K, WinXP) to our AD domain, and upon reboot receives "the computer account in its primary domain is missing" error message. We assume this happens because we have two DC's in every site, the five minute intrasite replication hasn't happened, and the newly added computer is simply authenticating with the other DC. But even when we wait fifteen minutes and then reboot again, we still get the error message. Our techs have been using the take to workgroup, re-add to domain method until it's successful.
One time I actually verified the existence of the computer account on both local DC's at a particular site, and yet the computer could still not login to the domain. Using replmon, I forced a sync of the domain partition from one of the local DC's out to every other DC in our environment. Immediately the workstation could login. What gives? Does every DC or a particular DC (PDC Emulator?) need to know about newly added computer accounts before they can be used? Do I need to train our techs to pre-populate computer accounts with ADUC and sync the domain before using them? A similar complaint is that sometimes the computer account simply disappears, but I haven't seen that yet personally. Any advice would be much appreciated. Thanks. -Rick Dayton __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
