ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - Domain join but no computer object in ad
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Domain join but no computer object in ad

 Post Reply Post Reply Page  12>
Author
Message
biomet View Drop Down
Newbie
Newbie


Joined: 04 Apr 2014
Location: Netherlands
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote biomet Quote  Post ReplyReply Direct Link To This Post Topic: Domain join but no computer object in ad
    Posted: 04 Apr 2014 at 4:58am
Hello all,

I've been working some time to get this solved, but everything works except looking into ad there is no computer object in ad.

i've been using a lookup file with "oldname,newname".
I can see that the system is joined but upon looking into in aduc simply no computer to be found with the new name.

Is there something i'm missing as the log file simpy says Joined Done.

See log file:


ForensiT User Profile Wizard v3.7.1190
Licensed to Biomet3i (50 Seats) Serial No. BEB0CB57
Copyright (c) 2002-2013 ForensiT Ltd
www.ForensiT.com

Finding Domain Controller for domain ******... Done.
Using Domain Controller: \\******.
Binding to Active Directory... Done.
Getting FQDN for user "******"... Done.
Getting Domain SID... Done.
SID is S-1-5-21-2233417852-4028248285-2824820072-14825
Checking for roaming profile...Done.
No roaming profile path set.
Setting Registry ACLs... Done.
Set Registry ACLs in 0.109 seconds.
Setting Profile ACL... Done.
Set Profile ACL in 1.419 seconds.
Creating Profile registry keys... Done.
Joining to domain "******" ... Done.
Adding domain account to local groups... Done.
Setting ****** as default logon... Done.
Migration Complete!

Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 04 Apr 2014 at 6:58am
If the system is joined to the domain and you can logon with the new domain account, there must be a computer object in AD.

Do you have multiple DCs? If so, may be you have an AD replication issue.
Back to Top
biomet View Drop Down
Newbie
Newbie


Joined: 04 Apr 2014
Location: Netherlands
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote biomet Quote  Post ReplyReply Direct Link To This Post Posted: 04 Apr 2014 at 8:52am
we do have multiple dc's yes.
But when i just simply join the system myself it nicely appears in ad.
so no domain replication problems nor issues.

we have setup a 2 way trust between 2 domains and need to migratie the user accounts as well the workstations the user accounts are not having any problem but when it comes to the workstations they simply do not appear nor does the workstation get's it's new name.

as i explianed i'm using a lookup file to rename and join the workstations.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 04 Apr 2014 at 11:57am
If you look at the System Properties, is the machine joined to the new domain?
Back to Top
biomet View Drop Down
Newbie
Newbie


Joined: 04 Apr 2014
Location: Netherlands
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote biomet Quote  Post ReplyReply Direct Link To This Post Posted: 07 Apr 2014 at 2:03am
Yes it does show it's joined.
but no dns entry or ad object, even when forcing replication between al dc's.
Back to Top
biomet View Drop Down
Newbie
Newbie


Joined: 04 Apr 2014
Location: Netherlands
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote biomet Quote  Post ReplyReply Direct Link To This Post Posted: 08 Apr 2014 at 4:14am
Any thoughts as we really need to start migrating and it's not working for us. as we also have created test machines in different sites and no computer abject is created while it saying joined to domain.

manual join works without any problem.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 08 Apr 2014 at 5:28am
If a machine is joined to a domain and you can logon with an account from that domain, there must be a computer account object in Active Directory.

As there is a two-way trust, the source domain can authenticate user accounts from the target domain, and that would explain why you can logon with a user account from the target domain. However, for this to work the machine (I believe) must still be joined to the source domain.

We have never seen a situation where User Profile Wizard (using Microsoft's standard network APIs) joins a machine to a domain, the machine reports it is joined to that domain, but it is not.

Try setting the <ProtocolPriority> value in Profwiz.config to LDAP.


Back to Top
biomet View Drop Down
Newbie
Newbie


Joined: 04 Apr 2014
Location: Netherlands
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote biomet Quote  Post ReplyReply Direct Link To This Post Posted: 09 Apr 2014 at 3:53am
Domain Join does work now, but it seems that the wizard isn't reading the csv or notepad file to renmane the system and it does not get joined to the correct ou, instead it puts it into the computers ou.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 09 Apr 2014 at 4:22am
Did it work setting the <ProtocolPriority> to LDAP? If the computer account already exists in the target domain, User Profile Wizard cannot move it.
Back to Top
biomet View Drop Down
Newbie
Newbie


Joined: 04 Apr 2014
Location: Netherlands
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote biomet Quote  Post ReplyReply Direct Link To This Post Posted: 09 Apr 2014 at 5:00am
Yes, that did the trick.
and i didn't precreate the computer account, i just gave the old name and new name in a csv/txt file.
But it doenst seem to want to read it same for old username and new username.
Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.094 seconds.