Reset computer account

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,
I understand add, move and delete computer account. I do not understand the
purpose of reset computer account in AD and when to use it. I will be
appreciated your information and tips.

Thank you in advance,

Johnny Chow

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thank you all with good explaination but I am still confused which scenario
should I use reset instead of add/delete (cleaner job) computer in IT
environment.

For an example, I had a computer join to the domain yesterday and it ran
fine until this morning that I was trying to login as administrator account
with right domain name (not local user) and it prompt me that it can not
find DC (DC is in same subnet). I was able to logon second computer in the
same subnet as DC and domain. Therefore, I removed/rejoined the computer
account to the domain, and it was running fine now. Correct me if I am
wrong, would this be a good scenario to reset the computer.

Thanks again,

Johnny Chow


"Johnny Chow" <jchow10@yahoo.com> wrote in message
news:OM8W4FPUFHA.548@tk2msftngp13.phx.gbl...
> Hi,
> I understand add, move and delete computer account. I do not understand
> the purpose of reset computer account in AD and when to use it. I will
> be appreciated your information and tips.
>
> Thank you in advance,
>
> Johnny Chow
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Johnny,

There are user account objects just like there are computer account objects.
The computer account objects have a secure channel with a Domain Controller.
Over this secure channel the workstation and the Domain Controller
communicate. In WIN2000 the computer account objects change their secret
password every 30 days ( in WINNT 4.0 it was seven days ). Sometimes this
secure channel gets flubbed up...for whatever reason. So, based on what I
just wrote you can see how this can create a little bit of a problem. So,
in order to resolve the problem of the flubbed up secure channel you
Microsoft gives us the ability to reset that secure channel.

I *think* that this should clear up any misunderstandings.

For all others, have I properly explained how this works?

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Johnny Chow" <jchow10@yahoo.com> wrote in message
news:OM8W4FPUFHA.548@tk2msftngp13.phx.gbl...
> Hi,
> I understand add, move and delete computer account. I do not understand
> the purpose of reset computer account in AD and when to use it. I will
> be appreciated your information and tips.
>
> Thank you in advance,
>
> Johnny Chow
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Johnny Chow wrote:
> Hi,
> I understand add, move and delete computer account. I do not understand the
> purpose of reset computer account in AD and when to use it. I will be
> appreciated your information and tips.

Think about reseting of computer account simply like about reseting the
computers password in domain. Each computer account has password
associated with it and computer is using this account to authenticate
itself in a domain.

that's very brief description in few words

--
Tomasz Onyszko [MVP]
http://www.w2k.pl

 

[steve]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In that scenario I would reset the Computer account first before trying the
remove/add to domain. This works for me 99% of the time, the 1% usually
require the remove/add method.

Steve

"John Chow" wrote:

> Thank you all with good explaination but I am still confused which scenario
> should I use reset instead of add/delete (cleaner job) computer in IT
> environment.
>
> For an example, I had a computer join to the domain yesterday and it ran
> fine until this morning that I was trying to login as administrator account
> with right domain name (not local user) and it prompt me that it can not
> find DC (DC is in same subnet). I was able to logon second computer in the
> same subnet as DC and domain. Therefore, I removed/rejoined the computer
> account to the domain, and it was running fine now. Correct me if I am
> wrong, would this be a good scenario to reset the computer.
>
> Thanks again,
>
> Johnny Chow
>
>
> "Johnny Chow" <jchow10@yahoo.com> wrote in message
> news:OM8W4FPUFHA.548@tk2msftngp13.phx.gbl...
> > Hi,
> > I understand add, move and delete computer account. I do not understand
> > the purpose of reset computer account in AD and when to use it. I will
> > be appreciated your information and tips.
> >
> > Thank you in advance,
> >
> > Johnny Chow
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In an operational environment where uptime is measured with 5 9s how exactly do
you explain to management that everytime the machine password is reset that the
passwords end up getting out of sync because the member server doesn't have
access to the domain controller to tell the DC what the new password is and
within a short period of time the member server no longer can authenticate
people because it complains that it either can't find itself in the directory or
it can't bind to the directory anymore

And with us resetting the machine account password made things worse to the
point we had to rejoin the machines to the domain.

What misconfiguration can cause that situation?

thanks

"Cary Shultz [A.D. MVP]" wrote:

> Johnny,
>
> There are user account objects just like there are computer account objects.
> The computer account objects have a secure channel with a Domain Controller.
> Over this secure channel the workstation and the Domain Controller
> communicate. In WIN2000 the computer account objects change their secret
> password every 30 days ( in WINNT 4.0 it was seven days ). Sometimes this
> secure channel gets flubbed up...for whatever reason. So, based on what I
> just wrote you can see how this can create a little bit of a problem. So,
> in order to resolve the problem of the flubbed up secure channel you
> Microsoft gives us the ability to reset that secure channel.
>
> I *think* that this should clear up any misunderstandings.
>
> For all others, have I properly explained how this works?
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
> "Johnny Chow" <jchow10@yahoo.com> wrote in message
> news:OM8W4FPUFHA.548@tk2msftngp13.phx.gbl...
> > Hi,
> > I understand add, move and delete computer account. I do not understand
> > the purpose of reset computer account in AD and when to use it. I will
> > be appreciated your information and tips.
> >
> > Thank you in advance,
> >
> > Johnny Chow
> >