We have a Windows AD Domain running at 2003 Native Mode. We have 9 DC's, many Windows servers running 2003, 2008 and 2012 as well as 8000+ Windows 7 Professional Workstations. We use Norton Ghost GSS 2.5 for imaging our workstations and Sophos AV.
Today our help desk began receiving calls from users who could not log into their workstations. There are two main symptoms that users reported, the most common is that the Windows User Log in screen doesn't give the option to specify a Domain account. Then, when logged in with a local user account we see that the workstation is no longer a member of the Domain. The second symptom is that users are allowed to attempt to log in with their domain account, but receive the message that their user name or password is incorrect. When logged into these machines locally, we see that they are in a state where the workstation is waiting to be rebooted in order to complete a domain dis-join, after a reboot, they exhibit the first symptom.
In every case, the work group that the computers are joining, matches the name of our Domain minus it's domain extension. for example. Domain name was - uity.org, the name of the workgroup would be UITY.
Pertinent errors on our DC's are, Event ids: 5723, 5722 and 5805, all of which are NETLOGON errors and make reference to denied access or non existent trust accounts.
Workstation events include Event id 7320 and 7007. The first, 7320 effectively says that the workstation has been determined not to be in a site, and event id 7007 references a failure of periodic Group Policy Processing.
So far about 80 machines have dis-joined themselves from Active Directory. The fix seems to be logging in locally and re-adding the computer to the domain. But why did this happen, and why did it happen now. We continue to loose computers and can't keep up with the re-adding process. Any suggestions.
