Cannot log onto domain after setting up workgroup?

[RagingBITCH]

Alright, so the basic premise is: CEO buys new laptop, asks me to set it up and transfer all the files off his old laptop onto the new one. I setup a small workgroup called LAPTOP and network the two via a router. (Works fine)

Sh1t hits the fan here when we find out our domain name wasn't re-registered, (expired a few days ago) so I've been busy getting that fixed. I try to change my bosses old laptop back to our domain (walkthetalk) and everytime I put in his username, password, and domain, I get an error:

"Authorization denied"

I've tried other logins and I get the same error. If I type in the password wrong, it says "Invalid password/username", so I know it's at least trying to authenticate. I have no idea why it will not let me change it back to the domain. It will let me change it to a different workgroup name but it will not let me change it to a domain.

His comp is a P3-1ghz, 512MB RAM, running WinXP Professional. NIC is built in, and it logged into the domain just fine before I changed it to a workgroup.

I tested this out with a different XP Pro computer and I was able to change it from the domain, to the workgroup, back to the domain with no problems. I'm really freaking out here

I'm at wits end and the info on his comp is pretty important. Anyone know how to fix it? Thanks in advance!

(A very appreciative)
Melvin

 

[Sideswipe001]

My first thought would be, are you logged in with administrator rights into the laptop? And are you using an account with domain admin rights to rejoin it?

It's really odd that it won't let you rejoin, if you are. All firewall and other software disabled?

 

[spidey07]

delete the old computer account from the domain or make sure the computer has a different computer name?

I'm not much on MS stuff but I thought when a computer account is created in a domain it is linked directly to a single machine. if another machine tries with the same computer name then it won't let you join (not unique)

 

[RagingBITCH]

Originally posted by: Sideswipe001
My first thought would be, are you logged in with administrator rights into the laptop? And are you using an account with domain admin rights to rejoin it?

It's really odd that it won't let you rejoin, if you are. All firewall and other software disabled?

Well that's the thing - when it asked me what username/password I had wanted to use with the workgroup, I left it blank I think. Under Control Panel -> Users it shows the account I use to login with as an Administrator. Maybe I screwed up when I left it blank, but as far as I know, the user/password should be the actual administrator info.

 

[Sideswipe001]

Try to make a new account with Administrator rights (add it to the local Administrators group) and log in with that account, then try again. I would also suggest what spidey said. Delete the computer account from the domain.

 

[RagingBITCH]

Originally posted by: spidey07
delete the old computer account from the domain or make sure the computer has a different computer name?

I'm not much on MS stuff but I thought when a computer account is created in a domain it is linked directly to a single machine. if another machine tries with the same computer name then it won't let you join (not unique)

spidey/Sideswipe001 - doods that worked. (The computer name linked directly to a single machine) Thank you so much! I didn't know that it was linked directly to a single machine. That's fantastic. If you guys accept paypal, I'll paypal you over some $$ for helping me out. Seriously - that was a lifesaver. I was crapping bricks the size of my hand.

:beer::beer: to you both!

 

[spidey07]

glad I could help with a MS question and I'm clueless about MS networking.

:beer:

I'm not sure how it works with AD but in the NT domain model when you join the domain a SID (secure ID i think) is created and uniquely identifies that computer and computer name. Its a file or a KEY created on the machine and domain controllers. Try to use that computer name on a different computer and well that's taking away some of the security of being in a domain. You're asking the domain "hey let me join, forget about that other key we exchanged before here's a different one."

domain controller "screw you dude"

Glad it worked out for you. All I ask is a beer.

Just be wary that when you delete a computer account it can take up to an hour to fully replicate with all domain controllers. You can't just delete a computer account and then immediately try to create one with the same name. And if you try too many times then the computer account is disabled (fun, fun)

this network forum is full of great folks, check back in for good stuff.

spidey