Hello SAP experts,

our SAP servers are running on Windows 2008 R2 64 bit (English) and are connected to a Microsoft Active Directory.

The SAP domain is a child of our cooperate domain with a trust relationship.

The SAP domain has two domain controllers, all running on Windows 2008 R2 with same patch level.

Last weekend we applied Microsoft Patches to all our SAP servers and than rebooted the servers.

Our production ECC central instance (SAP + Oracle) was not able to logon to the domain anymore.

The trust relationship was not valid anymore for the computer account in the domain.

We resolved the issue, by recreating the computer account of server in the domain (by leaving/joining domain again + delete computer account + move new computer account to tree in domain ...).

Now the big question is, how can we find out, if the computer account in the domain stays connected?

We found already several objects in active directory, like lastLogonTime, etc. but this information is related to the user account.

I totally understand this is a Microsoft issue. But as the domain relation is very important, to run an SAP system, I was wondering if you have ideas, how we can check, if the relationship is valid for computer account/client in the domain ...

In case there exists an event on OS level or command to be checked, I can enable an alert, so we can get proactive an notification ...

Thanks a lot for your help.

Best regards

Carlos Behlau