I've found a little bit of info on this googling, and the results I'm finding seem to be related to replication problems, lack of SP1, or other issues with DCs that need to be reinstalled (reason not identified). What's happening is that computer accounts are getting deleted - most of them are ones that can't update their passwords because they have been turned off, or in the case of a group of users, their computers have Deep Freeze running on them, and those computers update their passwords but apparently the computers reset when they are rebooted so the password is reset to the old one too. But the issues are not isolated to these accounts.
We do not have an automated process set up to delete these accounts. This is Server 2003, non-SP1 (that's scheduled for this Friday). There are no discovered replication errors, they have checked for those. We only have 6 DCs, two each for a root and two child domains, and this is happening in one of the child domains. Here is an example event that we are getting. If anyone has seen this before or has any ideas, we'll be most appreciative. Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 5723 Date: 1/16/2007 Time: 9:21:28 AM User: N/A Computer: CORPDC2 Description: The session setup from computer 'ACCT-95XDP11' failed because the security database does not contain a trust account 'ACCT-95XDP11$' referenced by the specified computer. USER ACTION If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem: If 'ACCT-95XDP11$' is a legitimate machine account for the computer 'ACCT-95XDP11', then 'ACCT-95XDP11' should be rejoined to the domain. If 'ACCT-95XDP11$' is a legitimate interdomain trust account, then the trust should be recreated. Otherwise, assuming that 'ACCT-95XDP11$' is not a legitimate account, the following action should be taken on 'ACCT-95XDP11': If 'ACCT-95XDP11' is a Domain Controller, then the trust associated with 'ACCT-95XDP11$' should be deleted. If 'ACCT-95XDP11' is not a Domain Controller, it should be disjoined from the domain. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 8b 01 00 c0 ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- "I love the smell of red herrings in the morning" - anonymous -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
