Print Page | Close Window

Domain join but no computer object in ad

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Discription: User Profile Wizard questions, suggestions, comments and bug reports
URL: http://forum.ForensiT.com/forum_posts.asp?TID=1032
Printed Date: 15 Dec 2019 at 2:30pm


Topic: Domain join but no computer object in ad
Posted By: biomet
Subject: Domain join but no computer object in ad
Date Posted: 04 Apr 2014 at 4:58am
Hello all,

I've been working some time to get this solved, but everything works except looking into ad there is no computer object in ad.

i've been using a lookup file with "oldname,newname".
I can see that the system is joined but upon looking into in aduc simply no computer to be found with the new name.

Is there something i'm missing as the log file simpy says Joined Done.

See log file:


ForensiT User Profile Wizard v3.7.1190
Licensed to Biomet3i (50 Seats) Serial No. BEB0CB57
Copyright (c) 2002-2013 ForensiT Ltd
www.ForensiT.com

Finding Domain Controller for domain ******... Done.
Using Domain Controller: \\******.
Binding to Active Directory... Done.
Getting FQDN for user "******"... Done.
Getting Domain SID... Done.
SID is S-1-5-21-2233417852-4028248285-2824820072-14825
Checking for roaming profile...Done.
No roaming profile path set.
Setting Registry ACLs... Done.
Set Registry ACLs in 0.109 seconds.
Setting Profile ACL... Done.
Set Profile ACL in 1.419 seconds.
Creating Profile registry keys... Done.
Joining to domain "******" ... Done.
Adding domain account to local groups... Done.
Setting ****** as default logon... Done.
Migration Complete!




Replies:
Posted By: Support
Date Posted: 04 Apr 2014 at 6:58am
If the system is joined to the domain and you can logon with the new domain account, there must be a computer object in AD.

Do you have multiple DCs? If so, may be you have an AD replication issue.


Posted By: biomet
Date Posted: 04 Apr 2014 at 8:52am
we do have multiple dc's yes.
But when i just simply join the system myself it nicely appears in ad.
so no domain replication problems nor issues.

we have setup a 2 way trust between 2 domains and need to migratie the user accounts as well the workstations the user accounts are not having any problem but when it comes to the workstations they simply do not appear nor does the workstation get's it's new name.

as i explianed i'm using a lookup file to rename and join the workstations.


Posted By: Support
Date Posted: 04 Apr 2014 at 11:57am
If you look at the System Properties, is the machine joined to the new domain?


Posted By: biomet
Date Posted: 07 Apr 2014 at 2:03am
Yes it does show it's joined.
but no dns entry or ad object, even when forcing replication between al dc's.


Posted By: biomet
Date Posted: 08 Apr 2014 at 4:14am
Any thoughts as we really need to start migrating and it's not working for us. as we also have created test machines in different sites and no computer abject is created while it saying joined to domain.

manual join works without any problem.


Posted By: Support
Date Posted: 08 Apr 2014 at 5:28am
If a machine is joined to a domain and you can logon with an account from that domain, there must be a computer account object in Active Directory.

As there is a two-way trust, the source domain can authenticate user accounts from the target domain, and that would explain why you can logon with a user account from the target domain. However, for this to work the machine (I believe) must still be joined to the source domain.

We have never seen a situation where User Profile Wizard (using Microsoft's standard network APIs) joins a machine to a domain, the machine reports it is joined to that domain, but it is not.

Try setting the <ProtocolPriority> value in Profwiz.config to LDAP.




Posted By: biomet
Date Posted: 09 Apr 2014 at 3:53am
Domain Join does work now, but it seems that the wizard isn't reading the csv or notepad file to renmane the system and it does not get joined to the correct ou, instead it puts it into the computers ou.


Posted By: Support
Date Posted: 09 Apr 2014 at 4:22am
Did it work setting the <ProtocolPriority> to LDAP? If the computer account already exists in the target domain, User Profile Wizard cannot move it.


Posted By: biomet
Date Posted: 09 Apr 2014 at 5:00am
Yes, that did the trick.
and i didn't precreate the computer account, i just gave the old name and new name in a csv/txt file.
But it doenst seem to want to read it same for old username and new username.


Posted By: biomet
Date Posted: 10 Apr 2014 at 8:22am
Hi,

Any settings i still can try in xml file?
To force the computer object to be created in the correct ou as defined during setup?


Posted By: Support
Date Posted: 10 Apr 2014 at 8:43am
If you need this level of support you need to purchase maintenance and support and email support@ForensiT.com so that we can look at your configuration and log files.


Posted By: biomet
Date Posted: 10 Apr 2014 at 11:04am
Hi,

Is there another setting i can try or do you have a na idea why it isn't joining the computer object into the correct ou?

As in the setup you specify the correct ou but doesn't get joined.
but could it be that it doesn't read the txt/csv files?



Print Page | Close Window