Machine un-joined but account not deleted?

[Gerry Hickman]

Hi,

If I unjoin a machine from our Win2k AD domain, I get an error saying
that although the machine unjoined correctly, the machine account could
not be deleted.

I've tried it both as local Administrator and also remotely using NetDom
under domain admin account.

I can't find anything in the KB about this.

e.g.

I want to replace a computer called WS123 with a new one. I can't just
unplug the old machine and connect the new one because when I try to
join it to the domain it says "duplicate account".

So I usually unjoin the old one, delete it's account from AD, and then
join the new one using the old name, but this is too time-consuming.

 

[Oli Restorick [MVP]]

Hi Gerry

Local administrator doesn't have the appropriate rights on the domain to
perform the unjoin.

I'd recommend creating a security group on the domain and giving it rights
to create and delete computer objects in the OU(s) where you normally place
your workstation. Then, create an account in this group and use it when
rejoining the domain. I believe that if you log in as local admin and
supply this account's credentials, it will automatically remove the old
account and join the domain.

I haven't tested this. This is just my understanding of how it works. I
may be wrong -- it has been known .

Regards

Oli

 

[Gerry Hickman]

Hi Oli,

I've tried it using a domain admin account for the whole domain! The
object still won't delete.