Recreate computer account in active directory ?

  • Thread starter Stuart Mackie [MCP, MSP]
  • Start date
S

Stuart Mackie [MCP, MSP]

Ulf B. Simon-Weidner said:
Stuart Mackie says...
Hi Stuart,

that's not a issue - since you created a new AD it does not remember your
computer accounts, and the credentials of the computer account are not used for
a lot of stuff, mainly if filtering of GPOs is necessary.

So you just can take them back into the domain and provide the credentials on
the client side, you'd be able to precreate the accounts in AD and have the
users join the doman, or you are able to use scripting or the commandlinetool
netdom to join the domain.

Gruesse - Sincerely,

Ulf B. Simon-Weidner
Click to expand...


Thanks for the quick reply. I'm still a little confused hehe :)

So do I just add new entries for each workstation into active directory e.g.
workstation001 workstation002 (we do have a better naming policy :) ) ? I
thought that when a user then tried to log in to the domain on the
workstations, that the domain credentials contained within the workstation
from the previous domain install, would not match the new domain credentials
stored in the new AD install ?

Thanks again,
Stuart.
 
S

Stuart Mackie

This is probably a very dumb question, but I need to ask :)

I installed a Windows 2000 Server sometime ago and it had to be reinstalled
without any backups of the directory. There is only a small number of users
and computers but I'm not completely sure on how we add computers into the
new directory. I presume if we add the computers in the new directory by
hand then the credentials on the original workstation installs won't match
the new ones in the directory.

Do we demote the workstations from being in a domain to a workgroup, and
then move them back into the domain ? or is there a 'correct' way of
doing it :)

Thanks for any help,
Stuart.
 
U

Ulf B. Simon-Weidner [MVP]

Stuart Mackie says...
This is probably a very dumb question, but I need to ask :)

I installed a Windows 2000 Server sometime ago and it had to be reinstalled
without any backups of the directory. There is only a small number of users
and computers but I'm not completely sure on how we add computers into the
new directory. I presume if we add the computers in the new directory by
hand then the credentials on the original workstation installs won't match
the new ones in the directory.

Do we demote the workstations from being in a domain to a workgroup, and
then move them back into the domain ? or is there a 'correct' way of
doing it :)

Thanks for any help,
Stuart.
Click to expand...
Hi Stuart,

that's not a issue - since you created a new AD it does not remember your
computer accounts, and the credentials of the computer account are not used for
a lot of stuff, mainly if filtering of GPOs is necessary.

So you just can take them back into the domain and provide the credentials on
the client side, you'd be able to precreate the accounts in AD and have the
users join the doman, or you are able to use scripting or the commandlinetool
netdom to join the domain.

Gruesse - Sincerely,

Ulf B. Simon-Weidner
 
U

Ulf B. Simon-Weidner [MVP]

Stuart Mackie [MCP, MSP] says...
Thanks for the quick reply. I'm still a little confused hehe :)

So do I just add new entries for each workstation into active directory e.g.
workstation001 workstation002 (we do have a better naming policy :) ) ? I
thought that when a user then tried to log in to the domain on the
workstations, that the domain credentials contained within the workstation
from the previous domain install, would not match the new domain credentials
stored in the new AD install ?

Thanks again,
Stuart.
Click to expand...
Hello Stuart,

Users have their credentials in Active Directory (as long as they are domain
users). Computers have their credentials in Active Directory. You have to
rejoin your computers to Active Directory, which will change the credentials of
the computer account since it's based on the new domain. The user account is
also stored in the domain and holds his own credentials whose are not dependant
on the credentials of the computer.

To be able to log on without a domain controller, the user needs local or
cached credentials. Then he'll be able to join the domain if he has the rights
to do so. When you create Computeraccounts in Active Directory you can tell the
wizard which user/group should be able to join the computer to this account.

Your problem is that you need to make sure that each user is able to log on
locally or with cached credentials. Joining the domain afterwards is quite
easy. Just tell the computer account created to be used by authenticated users,
or create a user who has just the right to join computers to the domain and
instruct the users this account when using the join domain wizard.

Or what I'd prefer, do the whole thing remote using netdom - no issue if you
know the local administrator account and the domain account you'll use to join.
Just check out the parameters of netdom.

Hope this helps.

Gruesse - Sincerely,

Ulf B. Simon-Weidner
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Server What can Active Directory Do? 6
DNS on Active Directory 3
Account Replication between two Different Active Directory Domains 1
Deleted computer account 14
Active Directory / Policies questions 2
Join computer to domain remotely 3
Active Directory, Active Directory Federation Services and Microsoft Integration Identiy Server 0
What to expect? Removing Active Directory. 1

Top