Product Knowledge Base Article ID: 230210 - Last Review: 2010-02-23 - Revision: 1

    A computer object created with NNS ADix is not trusted by the domain
  On this page:
 

SYMPTOMS

If you create a computer object using NNS ADix, the computer object will be created but is not trusted by the domain where the computer objects resides.

.top

CAUSE

If an Active Directory computer object was created without setting the attribute userAccountControl to a value of 4096,  the computer object will be not trusted by the domain.

.top
 

WORKAROUND

When importing computer objects, use the attribute userAccountControl in the import file and set it's value to 4096. This will create computer objects which are trusted by the domain. See the MORE INFORMATION section to get more information about the attribute userAccountControl.

Example:

The following example creates a computer object named 'pc0001' which will be trusted by the domain:

path;class;sAMAccountName;userAccountControl
LDAP://cn=pc0001,cn=computers,dc=dom,dc=com;computer;pc0001$;4096

.top

STATUS

This behaviour is by design. We will update the NNS ADix help topics to reflect this issue.

.top
 

MORE INFORMATION

The attribute userAccountControl will be used to set various Account options on user or computer accounts (See the Microsoft KB305144 - How to use the UserAccountControl flags to manipulate user account properties for more information).

The values or flags for the attribute userAccountControl are cumulative. E.g. to create a disabled computer object which will be trusted by the domain, set the userAccountControl attribute to 4098 (2 + 4096).

.top
 

APPLIES TO

  • NNS ADix v3

.top