The computer and user account has been created and existed in a Windows 2003 domain Active Directory (AD) where a domain controller (DC) running Microsoft Windows 2003 Server operating system. However, you may encounter the following error message when a domain user tries to authenticate and logon to the domain from a workstation which can be running on Windows XP (with or without SP2) operating system or any other OS:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear contact your System Administrator for assistance.

The symptom or error may appear when a PC is replaced with another computer with the same computer name without first deleting the duplicate computer name from the domain Active Directory service before joining the new workstation to the domain with that duplicate name. The symptom may appear immediately or after a few successful log-ons. The cause of the error will probably due to security identifier (SID) issues. Another possible cause for the error is that the computer account for the workstation is accidentally deleted.

The resolution and workaround to solve the above error in above condition is as below.

  1. Login to the Windows 2003 domain controller, and delete the computer account object from the Active Directory by using Microsoft Management Console (MMC) which you can always access from “Manage Your Server”.
  2. Log-in to the PC workstation as local administrator. If you cannot logon as local administrator, try to unplug the network cable and logon to the computer by using a domain administrator user that used to logon on the PC before, by using cached logon credentials feature.
  3. Go to Control Panel, then click on System icon, then go to Computer Name tab.
  4. Unjoin the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select (Click) on “Workgroup” to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).
  5. Click OK to exit.
  6. Restart the computer (optional)
  7. Go back to the Control Panel, launch System properties and then go to Computer Name tab, and click on “Change”.
  8. Rejoin the domain by uncheck the Workgroup button and select (check) Domain button, and put in the domain name noted above into the text box.
  9. Click OK to exit.
  10. Reboot the PC.

This should solve the unable to logon to domain error, without changing or losing the user profiles on AD.