Computer accounts are mysteriously disappearing from Active Directory, and we cannot recreate the computer's account.
**Please note that operating procedures in our environment require us to create computer accountsbefore a new computer is joined to the domain**
Within the last 2-3 months, we've noticed these symptoms:
- staff can no longer sign into a computer
- the computer account is missing from Active Directory
- you cannot recreate the computer account in AD, error message states: "Windows cannot create the new computer object because the pre-windows 2000 computer name [XXX] is already in use. Select another name, and then try again."
- we create a brand new computer account with that's one letter off, and join then we're able to join the domain.
==Side notes==
- My current goal is to find a computer that experiences the symptoms, and search the event logs on our DCs for EventID 4743. However, I have not been able to isolate a computer while it is happening, and our event logs don't go back very far. We have another Event log collector, and I'm currently search that (but it is very slow).
- Some of the missing computers may be related to EventIDs 5723 & 5722, but I cannot confirm that yet.
- The computer account might be tombstoned, but I need to test that theory.
- I found a tombstoned dnsNode object under Deleted Objects for one of the computers
Why can't I create the computer account with the name it previously had? Why am I getting this error: "Windows cannot create the new computer object because the pre-windows 2000 computer name [XXX] is already in use. Select another name, and then try again."
If a computer object were tombstoned, I should still be able to create a computer accounts with the same names, because it will have a different SID/objectGUID. Do I need to be worried about Garbage Collection or Scavenging?
Why is the computer falling off the domain in the first place? What's going on with Security Channel?