Thanks Dave - pitty the thread hasn't been answered. It might pay for me to log a call and see what VMware has to say.

Yes that is what I have been doing up until now - haven't had any issues. Have you had this problem? I've only had it on the development domain.

Not that there's an issue, per se. Are you manually creating an object first? Or are both accounts visible after a template deployment only? Does this happen for template deployment, and is the object that has a SID with it the same SID every time?

I've actually seen this type of issue in the physical world when I've had a server joined to a domain. Then reimage, and rejoin the domain. Obviously, now there's two ad objects with different SIDs. I've also seen this when there are multiple domain controllers, and ad is out of sync, or replication is slow, so you may want to check that too.

-KjB

No I don't manually create the computer object first - both accounts are only visisble somtimes after a template deployment..... it's not consistent. The SID is different everytime. I've checked the replication logs and they seem OK too. We only have two DC's in this domain - and it's the only domain in the forrest. I'll run some AD checks against the DC's and see what is reported.

I have noticed this same thing after creating a VM that was joined to the domain, cloning it to a template, and then continuing to run the original VM. After creating new VM from that template, when it first comes up it thinks it is still the machine that the template was created from and some sort of name collision occurs. To avoid this, I've adopted the practice making sure that a VM is in a workgroup before cloning it to a template. I suppose that converting a VM to a template instead of cloning it to one would also work.