rameuniver wrote:
Hi,
We are running Active Directory and DNS Server on the Same Windows Server 2008 R2 as Virtual Machine on vSphere 5 Platform. Since it is for College environment every
month we have to delete or create 1000 users. Recently iSCSI based Storage which is used to store the Virtual Machines (Includes Active Directory VM also) is
corrupted. Then we have restored the Active Directory Server from the Clone image (of Active Directory) which was taken in Dec 2012. But now all the client machines
are unable to authenticate through Active Directory. If we rejoin the client machines to Active Directory, then the authentication successful. But in this way we have
to rejoin the 5000 Client machines which will take more than 10 days to complete.
1) Is there any alternative solutions to make Client machines authenticated through Active Directory without rejoining to domain?
2) Why there is a change in a client machines behavior even after restoring the Clone of the existing Active Directory VM?
The reason why authentication is failing is because the workstations have reset their machine passwords more recently than the backup that you have of Active Directory. Active Directory has whatever the machine account passwords would have been in December, and authenticaion is failing. When this happens, the workstation loses its trust relationship with the domain, and that computer has to be readded to the domain.
Sorry... I don't think you have any recourse.
Here is an article from the Active Directory team that goes into a little more detail about how computers periodically reset their machine credentials:
http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx