Tag Archives: Active Directory

Computer has lost trust relationship with the Domain – KB10391592


Error “Security database does not have a computer account for this trust relationship”

Description:  Client cannot log into their computer and get an error about trust relationship with the domain.

Common customer description: I can’t log into my computer.

Probing questions:

Were you able to log in before?
When did this start?

Steps to isolate: If the computer has lost its trust relationship the easiest way to verify is to check Active Directory (Computers) and see if the computers hostname is listed.  If it isn’t listed then follow the next steps.

Steps to resolve:

1: Have the client unplug the network cable.
2: Have the client log into the computer with the network cable unplugged.
3: Once the client is logged in have them reconnect the network cable.
4: Get connected to the clients computer via G2A or LogMeIn
5: After getting connected make sure a user account has a local administrators account.

(Steps to add a user account to local administrators group)
1: Go into control panel
2: Open Administrative Tools
3: Double click Computer Management
4: Expand Local Users and Groups
5: Click on Users
6: Right mouse click in an open area and left mouse click New User
7: Add a user account with a password
8: After added right mouse click on the new user and left mouse click on Properties
9: Click on Member Of tab
10: Click on Add and in the new box type in Administrators (Please note you will need to type out the entire name) and click Ok
11: Feel free to add Remote Desktop Users as well (Please note you will need to type out the entire name)
12: Close all windows you opened.

(Finish up removing and adding the computer to the domain)
6: Right mouse click on Computer and left mouse click on Properties.
7: Click on Change Settings.
8: Under the Computer Name tab click on Change.
9: Record the domain name the computer is trying to connect to.
10: Switch it from Domain to Workgroup and type in Workgroup.
11: Use the new user account credentials when prompted.
12: Reboot the computer when prompted.
13: Tell the client NOT to log into the computer and let you log in as the new user.
14: After you have logged in remove the computer from the Workgroup and place it back on the domain.
15: Reboot when prompted.
16: Have the client log in after the computer reboots and verify everything is working as it normally should.

Additional considerations: If this still does not allow the computer back onto the domain you can try all the steps mentioned above once again.  But after you have placed the computer on the Workgroup and rebooted try changing the computer name.  Example: Bobs-pc change to Bobs-pc1

Then try placing the computer back on to the domain.  Sometimes Active Directory locks out the original computer name but this rarely happens.


IP Address Conflict – KB1039980


Description:  Alert that there is an duplicate IP Address listed

Common customer description: I get a message that their is an IP Address conflict somewhere?

Probing questions: When did this alert appear? was this recent?

Do you have a lot of iPhones, Android phones, iPads, or any other personal devices on the network?

Steps to isolate: Check Active Directory in the Reverse Lookup zone

Check Service Center to see if we have a record for it

Steps to resolve:

1. Ping the IP Address of the device that is in question. Is it up or down?

2. Normally, these alerts are for desktops and if it is, suppress the alert forever.

  • Clients would call into the helpdesk for this issue

3. If it’s for a server, consult with a Tier 2 tech

Additional considerations: Remember, if it’s for a desktop — suppress the alert forever.

New user setup on an Active Directory domain – Procedural KB103986


Description:  New user setup on an Active Directory domain (Procedural)

Common customer description:  “I have a new user starting and we need to have a login for them.”

“I need to have a new user setup.”

Probing questions:  Get approval from main contact if account requires admin/domain admin permissions.

Is there anyone we can copy with the same or similar permissions?

What password for the account?

Any rules for the password? (does it expire, user cannot change password, etc)

Are there any groups that they need to be a part of?

How do you spell their name?

What is the account name going to be? (i.e. firstinitial.lastname, firstname.lastname, etc)

Do they need an email address?

What is the email address?

Verify this is for a domain account.

Steps to resolve:

Go to Start -> Run -> dsa.msc.

If a user can be copied, right click on domain.local (the 3 computers icon) -> find -> type name -> enter.

Right click on user name -> copy.


Also in Active Directory (dsa.msc), Find location of user accounts (i.e. Active Directory Users and

Computers -> domain.local -> MyBusiness -> Users -> SBSUsers), go to Action -> New -> User.

Type in new user’s information.

Type in password and apply any password rules.

If they have Exchange 2003, choose whether they need an Exchange account.

If they have Exchange 2007 or later, you will have to add the email account through Exchange.

Important – Check spam filter in spam filter tab. Add user email account to spam filter.

Make sure the account can receive email through OWA.

Email or call main contact on completion.

Additional considerations: If you cannot login to OWA, check to be sure that the password is not set to change on next login.