Pros/Cons of computer account deletions

[Guest]

Hello,

Would someone be able to help me clarify something?

As far as I understand it, once you delete a computer account, it's deleted.
The reasons for deleting said account may be because the computer is not
longer being used or that it's being renamed. An MCT teacher told me that I
should un-join the computer from AD so that AD will automatically delete the
computer account itself. The network administrator told me that I should not
delete the account because it's being referenced elsewhere in the network
(ie. DHCP & DNS).

Would someone here be able to help me know and understand fully what happens
to a computer account once it's deleted, and hopefully something more than
just "It's deleted!"? What does it fully entail deleting a computer account?
Is it being referenced elsewhere in the network? Once deleted, would AD
remove/prune/adjust to the deletion elsewhere in the network? Will there be
adverse issues in deleting computer or user accounts from AD?

I would seriously and honestly appreciate any positive responses to my
question.

Thank you very much.

Mitchell B.

 

[rwh]

If you are using AD DNS and DHCP, you should delte any computer in your
AD if it is no longer to be used. If you rename the computer, at the
computer, no need to touch the AD account. But if you physically remove
the PC from the network, delete it's AD account from the OU. There is
no problem with doing so as it relates to DNS and DHCP.

"Un joining" the domain is another method, which will "delete" the
account from the domain. It is basically doing the same thing.

 

[Jorge_de_Almeida_Pinto]

Hello,

Would someone be able to help me clarify something?

As far as I understand it, once you delete a computer account,
it's deleted.
The reasons for deleting said account may be because the
computer is not
longer being used or that it's being renamed. An MCT teacher
told me that I
should un-join the computer from AD so that AD will
automatically delete the
computer account itself. The network administrator told me
that I should not
delete the account because it's being referenced elsewhere in
the network
(ie. DHCP & DNS).

Would someone here be able to help me know and understand
fully what happens
to a computer account once it's deleted, and hopefully
something more than
just "It's deleted!"? What does it fully entail deleting a
computer account?
Is it being referenced elsewhere in the network? Once
deleted, would AD
remove/prune/adjust to the deletion elsewhere in the network?
Will there be
adverse issues in deleting computer or user accounts from AD?


I would seriously and honestly appreciate any positive
responses to my
question.

Thank you very much.

Mitchell B.

Deleting computers accountd is just like deleting other objects in AD.
You delete them when not used anymore. It is as simple as that! When
unjoining a computer a box may be presented to enter credentials. If
those credentials have the correct permissions to delete the computer
account account, well the computer will be deleted. If the credentials
are not correct or does not have the correct permissions the computer
will be disabled. In the latter case some else with the correct
permissions should delete the computer account.

www.joeware.net has a great tool OLDCMP
(http://www.joeware.net/win/free/tools/oldcmp.htm) that can help you
determine users or computer accounts that are disabled or that are not
used anymore. Trust me, IT IS A GREAT TOOL! and the best is: IT IS
FREE!! ;-))

When an object is deleted it is tombstoned and moved to the deleted
objects container (can be viewed with LDP.EXE). That tombstone is
replicated to other DCs so they also know the object was deleted.
After the some period with the length of the tombstone lifetime period
another process called the garbage collection process on each DC
checks (among other things) which tombstones can be removed completely
from the AD DB. If you have W2K3 you can reanimate the tombstone to a
life object again it is was deleted mistakenly or after some time you
think you still need!