Questions

Answer for:

Computers are listed in AD and can access all aspects of the LAN however...

Message 2 of 3

View entire thread
+
0 Votes
gechurch

I'm not sure on the answer to question 1. It's not a setting I look at often, but just checking on one domain-joined computer now its 'From this location' is set to the domain by default, so I suspect there is an issue. I assume you are logging on to the computer using a domain account?

The long name you are seeing starting with "S-1-5" is a user account SID. This is an ID that uniquely represents a user account. Lets say you have a domain account called "Jane Doe". When you add "domain\Jane Doe" to the local administrators group what gets stored behind the scenes is actually the SID of Jane Doe's account. That way when Jane gets married and you rename her account to "domain\Jane Smith" the local computer will be able to keep track and know that Jane Smith is a local admin on the PC.

When everything is working correctly, when you look at the local admin group the SID is read (S-1-5-21-3390...whatever). Then a lookup is performed - the PC asks the domain controller "hey, here's a SID. Can you please tell me the name of this account?". The DC looks up the SID, finds that the account belongs to "domain\Jane Smith" and that's what gets displayed. As you've probably figured out by now, if this lookup fails for some reason the local PC ends up displaying the SID because that's all it can display. So it sounds like your PCs are not talking to the DC properly sometimes. Taking a look in the event log for DC-related errors is a good place to start troubleshooting the problem.