RE: [ActiveDir] Access Denied error when joining the domain

[Grillenmeier, Guido]

perfect error description in the question: imaging, which is obviously performed without changing the machine SID => very bad idea!  Computers in AD are security identifiers (like users and groups)... - so the machine SID needs to be unique in a domain! (which is why you can add the client just fine to another domain)   Solution: usually you'd use SYSPREP to prepare a machine for imaging, so that a new SID and other things are generated after a machine that was created from that image boots the first time...   If you're past that point, you should certainly re-create the image for future use, using SYSPREP.  For those machines that already exist you can use NEWSID from www.sysinternals.com  Not sure if it's supported (i.e. if the OS will be supported after you use it), but it works quite nicely.   /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Montag, 9. Januar 2006 11:42 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Access Denied error when joining the domain When trying to join PCs to domain, Access Denied error message is displayed. There are no entries in Event Viewer logs. PCs can ping DC by name & IP address. Also there are no duplicate machines in AD. These PCs were part of bunch of PCs that were imaged and sent to remote site. Some are joining ok and some are getting this error. The problematic PCs can join another child domain without a problem though. Should the SID of PCs be changed to resolve the problem and if so which tool can be used?   TIA   Alex Alborzfard