question

MdRubiatHaque-0645 avatar image
0 Votes"
MdRubiatHaque-0645 asked DaisyZhou-MSFT commented

Workstations are not found in Active directory Users and Computers

Hi,

I am Rubiat. I have been facing a problem for few days. I couldn't find some workstation in active directory users and computers. Also, not found their DNS entry in DNS Manager. They are already joined with my domain. One thing is that, all of these workstation is out of my office network. I couldn't find them in my AD console but they are joined to my domain. After huge analysis, at last I solved this issue by rejoin them. So now my issue has fixed but my concern is that, what is the root cause of this issue? Why they were not found in my AD console. Why their DNS entry was automatically missing? Have anyone any idea about this issue, then please explain me in details. It is urgent to me.

Thank You
Md. Rubiat Haque

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @MdRubiatHaque-0645,

Thank you for posting here.

Here are the answers for your references.

What is the root cause of this issue? Why they were not found in my AD console.
A1: From the description, it sounds like the computer objects in AD were disjoined by someone.

If you have enabled audit policy before the computer objects were deleted, you can check Security logs ( Event 4743 and Event 5141) on DCs. If you have more DCs in the domain, please check DC one by one, because we do not know the computer objects were delete on which DC.

Here is a similar thread for your reference.
Advanced audit Policy Events Missing
https://social.technet.microsoft.com/Forums/Lync/en-US/604418f6-0b0a-428a-9b66-2b815491d87e/advanced-audit-policy-events-missing?forum=winserverDS


Why their DNS entry was automatically missing?
A2: If you have enabled audit policy before the DNS entries were deleted, you can check Security logs on DCs. If you have more DCs in the domain, please check DC one by one, because we do not know the DNS entries were delete on which DC.

How to enable audit policy, please refer to link below.
How to Monitor Deletion of DNS Records
https://social.technet.microsoft.com/wiki/contents/articles/32542.how-to-monitor-deletion-of-dns-records.aspx

Here is a similar thread for your reference.
Missing DNS record
https://social.technet.microsoft.com/Forums/windows/en-US/ed32a8a0-2d17-4654-9e6a-25ca7cfbed60/missing-dns-record?forum=winservergen


Note:

If you have not enabled these audit policy before the objects were deleted, you can not see the security log, and do not know why.

Advanced audit policies: Computer Configuration\Windows settings\security settings\Advanced Audit Policy Configuration.
Legacy audit policies: Computer Configuration\Windows settings\security settings\local policies\audit policy.

1-Advanced audit policies will overwrite all legacy audit policy settings by default).
2-If you have never configured any advanced audit policy before, then you configure the legacy audit policy.
3-If you have configured any advanced audit policy before, then you have configured the advanced audit policy.


Hope the information above is helpful to you.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MdRubiatHaque-0645 avatar image
0 Votes"
MdRubiatHaque-0645 answered DaisyZhou-MSFT commented

Hi Daisy,

Thanks for your feedback. The policy has not been configured. Could you please tell me about any event ID which is generated on workstations?

Thank You
Md. Rubiat Haque

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @MdRubiatHaque-0645,

Thank you for your update.

As far as I know, there is no related event ID generated on workstations to explain "Why workstations are not found in Active directory Users and Computers" and "Why their DNS entry was automatically missing".

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·
MdRubiatHaque-0645 avatar image
0 Votes"
MdRubiatHaque-0645 answered DaisyZhou-MSFT commented

Hi @DaisyZhou-MSFT ,

Thanks for your feedback. My problem has already resolved by only rejoin them. But my concern is, why they are automatically vanished from ADUC console and why there DNS entry was missing? They were joined with domain, every group policy was properly deployed on them, they authenticated properly but only problem is that I was not found them on my ADUC and DNS console. Do you have any idea why this was occurred? If someone disjoined them then my workstations will be Workgroup but they were domain joined. I just want to know what was the reason behind this scenario? So, please if possible then provide me the reason only.

Thank You
Md. Rubiat Haque

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @MdRubiatHaque-0645,

Thank you for your update.

Do you have any idea why this was occurred? If someone disjoined them then my workstations will be Workgroup but they were domain joined.

If so, they may be deleted from the Domain.

After you rejoin them, are they in the Default Computers container or the containers they used to be?


Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·