I'm interested to know how they got into this state..
How many LDAP servers do you have and do they have child domains?
Sounds like you have the EE login dialog enabled, right?
Also sounds like you have administrator recovery enabled, so the only way
Is to do 2 machine recoveries, one for preboot and then another for
The EE logon dialog.
Then once in the OS, do a policy enforcement.
Actually, if you are able to connect to the epo server. After the first
Administrator recovery, just send a wake up agent to the machine to re-assign
Hope that makes sense (typing on a iPhone)
We use our domain name as the LDAP server path, so it'll find the closest DC. The ePO server has the user accounts there, they just didn't get down to the client.
Since McAfee is controlling the user login, how would I do a recovery there to allow me into Windows?
Ah I think that the credential provider was changed recently, so not sure but there used to be a recovery option on the EE Logon dialog (similar to that shown in preboot) to allow for administrator recovery.
If that isn't there, then once the machine is in the OS and the machine can connect to the ePO server. Then you should just be able send a 'Wakeup Agent'. This will then send down the users, please allow enough time for the events to be sent and processed.
On the EEPC logon window, select the Options button then Recovery.