Rejoin Machine same name - no authentication

[thankgodfortektips]

Hi All,

I have a client that has a user that thinks he knows all about everything. He recently re-installed 2 of the machines on the network (From server to xp)

We have a windows 2003 domain and he should not have admin rights on the domain. When asked how he managed to rejoin the machines to the domain he said because he kept them the same name he didn’t require to authenticate.

I have never heard of this. Firstly, does anyone have any documentation that I can use to prove this is not possible? Second, is there a way for me to check with active directory to show what user rejoined the machine to the domain?

Thanks in advance...

 

[WhoKilledKenny]

A user can add up to 10 machines - XP, wether they are the same name or not. This can be changed in the domain policy. It is the Server account that makes me wonder... Is he part of the Account Operators group in AD. If so, he can add any machine, with the acception of a Domain Controller on your network.

is there a way for me to check with active directory to show what user rejoined the machine to the domain?

Look for the follwing event ID's in your Security Log on each domain controller.
Event ID: 645 - Computer Account Created.
Event ID: 646 - Computer Account Changed.
Event ID: 647 - Computer Account Deleted.

If you want to search these events and log them, check out

http://www.logparser.com

 

[IllogicallyLogical]

I thought this was a little crazy when I first heard about it, but it definitely is the default. Check out thread83-1336584.

Joey
A+, Network+, MCP