One AD-account two computers - never logged in at the same time
Mission
I have one AD account that I, at different times, want to use at two phyiscal computers (referred to as computer1 & computer2). To be clear about the time aspeact, I never want to be logged in on both computers at a certain time.
Info
- In Computer1 Windows is installed and joined to the domain. I have
permission to do this myself - Software: Windows7 x64 SP1
- One constraint to my solution is that I will have to use the same
computer name.
Problem description
Now to the problem. On computer2 I install Windows and added computer2 to the domain as well. It worked well, but then when I logged out and tried to log in on computer1 I got a error message:
This computer is unable to establish a trust relationship with the server
Temporary Solution
The issue was quickly solved by removing computer1 from the domain and re-joining it again using my local admin account. However, I don´t want to do that each time I switch computer.
Thoughts and Questions
From what I´ve read on the internet one way to solve the issue might be to unplug the network adapter and login to disable Windows from checking with the AD server, and then re-connect the network cable again. Haven´t verified this solution.
I´ve also read about SIDs in various forms. One is something called "computer SID" or "machine SID" which seems to be string that is used to represent/identify the actual computer associated with an AD account. Just a theory, but if I can synchronize those SIDs between the two computers then would I be able to use them as I plan?
Are there any risk involved with using one AD account at two different computers? I don´t use the file share pushed out by the admins. But perhaps there are other things that I use in the background that may cause trouble?
I´m using Windows7, and I guess the functionality to remotely administrate my computer is built into the OS by now (compared to WinXP). What kind of reports are the admins able to get from me? Can they for example get a list of all the applications I´ve installed?
Even though it isn´t needed, I stil wonder what will happens if I log in on both computers at the same time?
And the final question, is it possible to solve my problem?
windows-7 active-directory windows-domain
edited Mar 14 '12 at 21:23
slhck
162k47448471
asked Mar 14 '12 at 21:21
user99447user99447
612
add a comment |
Mission
I have one AD account that I, at different times, want to use at two phyiscal computers (referred to as computer1 & computer2). To be clear about the time aspeact, I never want to be logged in on both computers at a certain time.
Info
- In Computer1 Windows is installed and joined to the domain. I have
permission to do this myself - Software: Windows7 x64 SP1
- One constraint to my solution is that I will have to use the same
computer name.
Problem description
Now to the problem. On computer2 I install Windows and added computer2 to the domain as well. It worked well, but then when I logged out and tried to log in on computer1 I got a error message:
This computer is unable to establish a trust relationship with the server
Temporary Solution
The issue was quickly solved by removing computer1 from the domain and re-joining it again using my local admin account. However, I don´t want to do that each time I switch computer.
Thoughts and Questions
From what I´ve read on the internet one way to solve the issue might be to unplug the network adapter and login to disable Windows from checking with the AD server, and then re-connect the network cable again. Haven´t verified this solution.
I´ve also read about SIDs in various forms. One is something called "computer SID" or "machine SID" which seems to be string that is used to represent/identify the actual computer associated with an AD account. Just a theory, but if I can synchronize those SIDs between the two computers then would I be able to use them as I plan?
Are there any risk involved with using one AD account at two different computers? I don´t use the file share pushed out by the admins. But perhaps there are other things that I use in the background that may cause trouble?
I´m using Windows7, and I guess the functionality to remotely administrate my computer is built into the OS by now (compared to WinXP). What kind of reports are the admins able to get from me? Can they for example get a list of all the applications I´ve installed?
Even though it isn´t needed, I stil wonder what will happens if I log in on both computers at the same time?
And the final question, is it possible to solve my problem?
windows-7 active-directory windows-domain
edited Mar 14 '12 at 21:23
slhck
162k47448471
asked Mar 14 '12 at 21:21
user99447user99447
612
The machine SID is only used for local accounts, and should be different between computers. Domain logins always use the domain SID for identification.
– grawity
Mar 14 '12 at 21:34
You do not mention Computer2 was ever on domain....
– ZaB
Mar 14 '12 at 22:00
Computer2 have never been in the domain historically, but I want to add it to the domain. The background is that I work from two geographically different locations and don´t want to carry my laptop all the time. That´s why I want to configure two computers, and have them permanently at two different locations, but use the same AD-creds. when I use them. Please let me know if my problem description still is unclear.
– user99447
Mar 15 '12 at 9:23
Is this correct, comptuer1 joined to domain with name X, computer2 joined to domain afterwards with name X also?? If I understand that correct, what causes the need to have the same name because that is the root of your issue.
– edusysadmin
Apr 24 '12 at 14:29
add a comment |
Mission
I have one AD account that I, at different times, want to use at two phyiscal computers (referred to as computer1 & computer2). To be clear about the time aspeact, I never want to be logged in on both computers at a certain time.
Info
- In Computer1 Windows is installed and joined to the domain. I have
permission to do this myself - Software: Windows7 x64 SP1
- One constraint to my solution is that I will have to use the same
computer name.
Problem description
Now to the problem. On computer2 I install Windows and added computer2 to the domain as well. It worked well, but then when I logged out and tried to log in on computer1 I got a error message:
This computer is unable to establish a trust relationship with the server
Temporary Solution
The issue was quickly solved by removing computer1 from the domain and re-joining it again using my local admin account. However, I don´t want to do that each time I switch computer.
Thoughts and Questions
From what I´ve read on the internet one way to solve the issue might be to unplug the network adapter and login to disable Windows from checking with the AD server, and then re-connect the network cable again. Haven´t verified this solution.
I´ve also read about SIDs in various forms. One is something called "computer SID" or "machine SID" which seems to be string that is used to represent/identify the actual computer associated with an AD account. Just a theory, but if I can synchronize those SIDs between the two computers then would I be able to use them as I plan?
Are there any risk involved with using one AD account at two different computers? I don´t use the file share pushed out by the admins. But perhaps there are other things that I use in the background that may cause trouble?
I´m using Windows7, and I guess the functionality to remotely administrate my computer is built into the OS by now (compared to WinXP). What kind of reports are the admins able to get from me? Can they for example get a list of all the applications I´ve installed?
Even though it isn´t needed, I stil wonder what will happens if I log in on both computers at the same time?
And the final question, is it possible to solve my problem?
windows-7 active-directory windows-domain
edited Mar 14 '12 at 21:23
slhck
162k47448471
asked Mar 14 '12 at 21:21
user99447user99447
612
Mission
I have one AD account that I, at different times, want to use at two phyiscal computers (referred to as computer1 & computer2). To be clear about the time aspeact, I never want to be logged in on both computers at a certain time.
Info
- In Computer1 Windows is installed and joined to the domain. I have
permission to do this myself - Software: Windows7 x64 SP1
- One constraint to my solution is that I will have to use the same
computer name.
Problem description
Now to the problem. On computer2 I install Windows and added computer2 to the domain as well. It worked well, but then when I logged out and tried to log in on computer1 I got a error message:
This computer is unable to establish a trust relationship with the server
Temporary Solution
The issue was quickly solved by removing computer1 from the domain and re-joining it again using my local admin account. However, I don´t want to do that each time I switch computer.
Thoughts and Questions
From what I´ve read on the internet one way to solve the issue might be to unplug the network adapter and login to disable Windows from checking with the AD server, and then re-connect the network cable again. Haven´t verified this solution.
I´ve also read about SIDs in various forms. One is something called "computer SID" or "machine SID" which seems to be string that is used to represent/identify the actual computer associated with an AD account. Just a theory, but if I can synchronize those SIDs between the two computers then would I be able to use them as I plan?
Are there any risk involved with using one AD account at two different computers? I don´t use the file share pushed out by the admins. But perhaps there are other things that I use in the background that may cause trouble?
I´m using Windows7, and I guess the functionality to remotely administrate my computer is built into the OS by now (compared to WinXP). What kind of reports are the admins able to get from me? Can they for example get a list of all the applications I´ve installed?
Even though it isn´t needed, I stil wonder what will happens if I log in on both computers at the same time?
And the final question, is it possible to solve my problem?
windows-7 active-directory windows-domain
windows-7 active-directory windows-domain
edited Mar 14 '12 at 21:23
slhck
162k47448471
asked Mar 14 '12 at 21:21
user99447user99447
612
edited Mar 14 '12 at 21:23
slhck
162k47448471
asked Mar 14 '12 at 21:21
user99447user99447
612
edited Mar 14 '12 at 21:23
slhck
162k47448471
edited Mar 14 '12 at 21:23
slhck
162k47448471
edited Mar 14 '12 at 21:23
slhck
162k47448471
162k47448471
asked Mar 14 '12 at 21:21
user99447user99447
612
asked Mar 14 '12 at 21:21
user99447user99447
612
asked Mar 14 '12 at 21:21
user99447user99447
612
612
The machine SID is only used for local accounts, and should be different between computers. Domain logins always use the domain SID for identification.
– grawity
Mar 14 '12 at 21:34
You do not mention Computer2 was ever on domain....
– ZaB
Mar 14 '12 at 22:00
Computer2 have never been in the domain historically, but I want to add it to the domain. The background is that I work from two geographically different locations and don´t want to carry my laptop all the time. That´s why I want to configure two computers, and have them permanently at two different locations, but use the same AD-creds. when I use them. Please let me know if my problem description still is unclear.
– user99447
Mar 15 '12 at 9:23
Is this correct, comptuer1 joined to domain with name X, computer2 joined to domain afterwards with name X also?? If I understand that correct, what causes the need to have the same name because that is the root of your issue.
– edusysadmin
Apr 24 '12 at 14:29
add a comment |
The machine SID is only used for local accounts, and should be different between computers. Domain logins always use the domain SID for identification.
– grawity
Mar 14 '12 at 21:34
You do not mention Computer2 was ever on domain....
– ZaB
Mar 14 '12 at 22:00
Computer2 have never been in the domain historically, but I want to add it to the domain. The background is that I work from two geographically different locations and don´t want to carry my laptop all the time. That´s why I want to configure two computers, and have them permanently at two different locations, but use the same AD-creds. when I use them. Please let me know if my problem description still is unclear.
– user99447
Mar 15 '12 at 9:23
Is this correct, comptuer1 joined to domain with name X, computer2 joined to domain afterwards with name X also?? If I understand that correct, what causes the need to have the same name because that is the root of your issue.
– edusysadmin
Apr 24 '12 at 14:29
The machine SID is only used for local accounts, and should be different between computers. Domain logins always use the domain SID for identification.
– grawity
Mar 14 '12 at 21:34
The machine SID is only used for local accounts, and should be different between computers. Domain logins always use the domain SID for identification.
– grawity
Mar 14 '12 at 21:34
You do not mention Computer2 was ever on domain....
– ZaB
Mar 14 '12 at 22:00
You do not mention Computer2 was ever on domain....
– ZaB
Mar 14 '12 at 22:00
Computer2 have never been in the domain historically, but I want to add it to the domain. The background is that I work from two geographically different locations and don´t want to carry my laptop all the time. That´s why I want to configure two computers, and have them permanently at two different locations, but use the same AD-creds. when I use them. Please let me know if my problem description still is unclear.
– user99447
Mar 15 '12 at 9:23
Computer2 have never been in the domain historically, but I want to add it to the domain. The background is that I work from two geographically different locations and don´t want to carry my laptop all the time. That´s why I want to configure two computers, and have them permanently at two different locations, but use the same AD-creds. when I use them. Please let me know if my problem description still is unclear.
– user99447
Mar 15 '12 at 9:23
Is this correct, comptuer1 joined to domain with name X, computer2 joined to domain afterwards with name X also?? If I understand that correct, what causes the need to have the same name because that is the root of your issue.
– edusysadmin
Apr 24 '12 at 14:29
Is this correct, comptuer1 joined to domain with name X, computer2 joined to domain afterwards with name X also?? If I understand that correct, what causes the need to have the same name because that is the root of your issue.
– edusysadmin
Apr 24 '12 at 14:29
add a comment |
2 Answers
2
active
oldest
votes
I was able to login using cached credentials, however I was still denied some resources.
I think this issue is tied to the computer name. Here is a citation from the Event Log
This computer could not authenticate with my.ds.net, a Windows
domain controller for domain XYZ, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator. SOURCE: NETLOGON
How does the authorization model work in AD? Can I come up with a new computer name all by my self, or is it tied to my domain account?
answered Mar 21 '12 at 7:34
user99447user99447
612
update, the denial of resouces was not related to the cited error message. I think the message is what you get if you use cached creditials. Anyhow, my trailing question is still interesting.
– user99447
Mar 21 '12 at 13:25
add a comment |
Each computer on the domain must have a different sid or like you have already experienced you will have problems. If you set up a user profile you can use any computer on the domain with the same credential and permissions. If you have a server running in the back ground you could make a network drive so you will have your files regardless of where on the domain you will log in.
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
I'm very confused by this answer. Can you explain it a bit better?
– bwDraco
Sep 14 '15 at 19:33
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f400821%2fone-ad-account-two-computers-never-logged-in-at-the-same-time%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I was able to login using cached credentials, however I was still denied some resources.
I think this issue is tied to the computer name. Here is a citation from the Event Log
This computer could not authenticate with my.ds.net, a Windows
domain controller for domain XYZ, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator. SOURCE: NETLOGON
How does the authorization model work in AD? Can I come up with a new computer name all by my self, or is it tied to my domain account?
answered Mar 21 '12 at 7:34
user99447user99447
612
update, the denial of resouces was not related to the cited error message. I think the message is what you get if you use cached creditials. Anyhow, my trailing question is still interesting.
– user99447
Mar 21 '12 at 13:25
add a comment |
I was able to login using cached credentials, however I was still denied some resources.
I think this issue is tied to the computer name. Here is a citation from the Event Log
This computer could not authenticate with my.ds.net, a Windows
domain controller for domain XYZ, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator. SOURCE: NETLOGON
How does the authorization model work in AD? Can I come up with a new computer name all by my self, or is it tied to my domain account?
answered Mar 21 '12 at 7:34
user99447user99447
612
update, the denial of resouces was not related to the cited error message. I think the message is what you get if you use cached creditials. Anyhow, my trailing question is still interesting.
– user99447
Mar 21 '12 at 13:25
add a comment |
I was able to login using cached credentials, however I was still denied some resources.
I think this issue is tied to the computer name. Here is a citation from the Event Log
This computer could not authenticate with my.ds.net, a Windows
domain controller for domain XYZ, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator. SOURCE: NETLOGON
How does the authorization model work in AD? Can I come up with a new computer name all by my self, or is it tied to my domain account?
answered Mar 21 '12 at 7:34
user99447user99447
612
I was able to login using cached credentials, however I was still denied some resources.
I think this issue is tied to the computer name. Here is a citation from the Event Log
This computer could not authenticate with my.ds.net, a Windows
domain controller for domain XYZ, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator. SOURCE: NETLOGON
How does the authorization model work in AD? Can I come up with a new computer name all by my self, or is it tied to my domain account?
answered Mar 21 '12 at 7:34
user99447user99447
612
answered Mar 21 '12 at 7:34
user99447user99447
612
answered Mar 21 '12 at 7:34
user99447user99447
612
answered Mar 21 '12 at 7:34
user99447user99447
612
612
update, the denial of resouces was not related to the cited error message. I think the message is what you get if you use cached creditials. Anyhow, my trailing question is still interesting.
– user99447
Mar 21 '12 at 13:25
add a comment |
update, the denial of resouces was not related to the cited error message. I think the message is what you get if you use cached creditials. Anyhow, my trailing question is still interesting.
– user99447
Mar 21 '12 at 13:25
update, the denial of resouces was not related to the cited error message. I think the message is what you get if you use cached creditials. Anyhow, my trailing question is still interesting.
– user99447
Mar 21 '12 at 13:25
update, the denial of resouces was not related to the cited error message. I think the message is what you get if you use cached creditials. Anyhow, my trailing question is still interesting.
– user99447
Mar 21 '12 at 13:25
add a comment |
Each computer on the domain must have a different sid or like you have already experienced you will have problems. If you set up a user profile you can use any computer on the domain with the same credential and permissions. If you have a server running in the back ground you could make a network drive so you will have your files regardless of where on the domain you will log in.
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
I'm very confused by this answer. Can you explain it a bit better?
– bwDraco
Sep 14 '15 at 19:33
add a comment |
Each computer on the domain must have a different sid or like you have already experienced you will have problems. If you set up a user profile you can use any computer on the domain with the same credential and permissions. If you have a server running in the back ground you could make a network drive so you will have your files regardless of where on the domain you will log in.
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
I'm very confused by this answer. Can you explain it a bit better?
– bwDraco
Sep 14 '15 at 19:33
add a comment |
Each computer on the domain must have a different sid or like you have already experienced you will have problems. If you set up a user profile you can use any computer on the domain with the same credential and permissions. If you have a server running in the back ground you could make a network drive so you will have your files regardless of where on the domain you will log in.
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
Each computer on the domain must have a different sid or like you have already experienced you will have problems. If you set up a user profile you can use any computer on the domain with the same credential and permissions. If you have a server running in the back ground you could make a network drive so you will have your files regardless of where on the domain you will log in.
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
answered Sep 14 '15 at 17:27
commandosqueakcommandosqueak
1
1
I'm very confused by this answer. Can you explain it a bit better?
– bwDraco
Sep 14 '15 at 19:33
add a comment |
I'm very confused by this answer. Can you explain it a bit better?
– bwDraco
Sep 14 '15 at 19:33
I'm very confused by this answer. Can you explain it a bit better?
– bwDraco
Sep 14 '15 at 19:33
I'm very confused by this answer. Can you explain it a bit better?
– bwDraco
Sep 14 '15 at 19:33
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f400821%2fone-ad-account-two-computers-never-logged-in-at-the-same-time%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
The machine SID is only used for local accounts, and should be different between computers. Domain logins always use the domain SID for identification.
– grawity
Mar 14 '12 at 21:34
You do not mention Computer2 was ever on domain....
– ZaB
Mar 14 '12 at 22:00
Computer2 have never been in the domain historically, but I want to add it to the domain. The background is that I work from two geographically different locations and don´t want to carry my laptop all the time. That´s why I want to configure two computers, and have them permanently at two different locations, but use the same AD-creds. when I use them. Please let me know if my problem description still is unclear.
– user99447
Mar 15 '12 at 9:23
Is this correct, comptuer1 joined to domain with name X, computer2 joined to domain afterwards with name X also?? If I understand that correct, what causes the need to have the same name because that is the root of your issue.
– edusysadmin
Apr 24 '12 at 14:29