Re: Deleted computer Account
- From: Brian <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 26 Jul 2006 11:11:02 -0700
Here's the whole story. An ex-employee set up our Certificate heirarchy CA1
(root) and CA2 (subordinate). I believe most all certificates were issued
from CA1. I'm not sure if CA2 has issued any current certificates. Before
this employee left he turned off CA2 and said that we should never need it
again. This has been months ago and we haven't seen any problems. Well a
couple of weeks ago we promoted a new DC and it was getting errors that it
could not auto enroll a certificate from CA2 because the server could not be
contacted. So I turned CA2 back on. That is when I discovered that I could
not log on to the domain and that the server's computer account was missing
from the domain. I have no real idea when the account was deleted and I
don't know for sure which OU the server was in. I also don't know why the
DC's are trying to contact CA2 or if it has issued any current certificates.
Everything was working fine with it turned off untill we promoted/created the
new DC.
So my real problem is to fix the DC error message???? And secondly now what
do I do with CA2?
"Jorge de Almeida Pinto [MVP]" wrote:
why dont you want to do an auth restore of the object?.
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brian" <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BF71FCCD-4471-428E-A72E-726DA147A1E9@xxxxxxxxxxxxxxxx
Thanks for the info. Can you tell me more about the undelete computer
account? I've never heard of that feature. I've also searched TechNet
and
did not come up with anything.
"Jorge de Almeida Pinto [MVP]" wrote:
and if you do an auth restore... make sure you do
restore subtree "<dn of computer account>"
instead of
restore object "<dn of computer account>"
why?
because computer accounts might contain leaf objects and the first
command
would restore those too in one step! (the second would not)
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:OeB3MLDsGHA.1296@xxxxxxxxxxxxxxxxxxxxxxx
you can:
* do an auth. restore of the computer account (brings all properties
back)
* undelete the computer account (brings only the mandatory properties
back
and is only available on a w2k3 DC)
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brian" <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7E3A04F7-A2E4-417E-9D43-6693A7C68CAA@xxxxxxxxxxxxxxxx
Someone deleted the computer account for one of my subordinate CA
Servers.
Any idea how to recover without doing a AD restore. I can't just
remove
the
computer from the domain and add it back in because Cert Server is
installed.
Should I uninstall Cert Server first and then add the server back to
the
domain? What other options or suggestions do you have.
- Follow-Ups:
- Re: Deleted computer Account
- From: Jorge de Almeida Pinto [MVP]
- Re: Deleted computer Account
- References:
- Re: Deleted computer Account
- From: Jorge de Almeida Pinto [MVP]
- Re: Deleted computer Account
- From: Jorge de Almeida Pinto [MVP]
- Re: Deleted computer Account
- From: Brian
- Re: Deleted computer Account
- From: Jorge de Almeida Pinto [MVP]
- Re: Deleted computer Account
- Prev by Date: Re: Home Folder Owner
- Next by Date: Re: PC pointing to DC in other locations
- Previous by thread: Re: Deleted computer Account
- Next by thread: Re: Deleted computer Account
- Index(es):
Relevant Pages
|
