locked
How to handle a Server that has unjoined and rejoined Domain ? RRS feed

  • Question

  • Hi,

    We need to unjoin and then rejoin a Server from Domain.

    After we unjoined the Server from Domain, we have deleted that Server in AD.  Do we need to remove it from WSUS Computer Group as well before we rejoin it to Domain ?

    Thanks

    Monday, March 9, 2020 9:59 PM

Answers

  • Hi,

    Shouldn't need to remove the computer from the WSUS computer group, you might be required to reset the "SUSClientID" on the server that was unjoined and rejoined to the domain:

    Reset SusClientID

    1. Run the following command in a Command Prompt: net stop wuauserv

    2. Delete the value of the following registry keys: "PingID", "AccountDomainSid", "SusClientId", "SusClientIDValidation" which are located here: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

    3. Run the following command in a Command Prompt: net start wuauserv

    4. Run the following command in a Command Prompt: wuauclt.exe /resetauthorization /detectnow


    Here's also a script for this:
    Reset WSUS Authorization and get new WSUS SID

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Proposed as answer by Fabian Niesen [MCT] Tuesday, March 10, 2020 6:01 AM
    • Marked as answer by TonyJK Tuesday, March 10, 2020 9:28 AM
    Monday, March 9, 2020 10:49 PM

All replies

  • Hi,

    Shouldn't need to remove the computer from the WSUS computer group, you might be required to reset the "SUSClientID" on the server that was unjoined and rejoined to the domain:

    Reset SusClientID

    1. Run the following command in a Command Prompt: net stop wuauserv

    2. Delete the value of the following registry keys: "PingID", "AccountDomainSid", "SusClientId", "SusClientIDValidation" which are located here: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

    3. Run the following command in a Command Prompt: net start wuauserv

    4. Run the following command in a Command Prompt: wuauclt.exe /resetauthorization /detectnow


    Here's also a script for this:
    Reset WSUS Authorization and get new WSUS SID

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    • Proposed as answer by Fabian Niesen [MCT] Tuesday, March 10, 2020 6:01 AM
    • Marked as answer by TonyJK Tuesday, March 10, 2020 9:28 AM
    Monday, March 9, 2020 10:49 PM
  • Dear Leon,

    Thanks for your advice.

    I can only find both "SusClientId", "SusClientIDValidation but no "PingID", "AccountDomainSid". 

    Is it correct ?

    Thanks

    Tuesday, March 10, 2020 12:24 AM
  • Hi,
       

    If the client joins the original domain after de-domaining, you do not need to delete the computer entry in the WSUS console.
       

    After the client deregistered, it joined other domains. I performed some tests in this part. If two domains use one WSUS server, you do not need to delete the original computer record in the WSUS console. WSUS will automatically change the new FQDN information of the computer and maintain the original update reporting status.
       

    Hope the above can help you.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 10, 2020 3:05 AM
  • Dear Yic,

    We just unjoin the server from Domain to become a Workgroup member (Not joining another Domain).

    Thanks

    Tuesday, March 10, 2020 5:47 AM
  • Dear Leon,

    Thanks for your advice.

    I can only find both "SusClientId", "SusClientIDValidation but no "PingID", "AccountDomainSid". 

    Is it correct ?

    Thanks

    That’s not a problem, the reset might only be requires if you encounter any issues after domainjoining the same computer again, but might also not be necessary.

    Blog: https://thesystemcenterblog.com LinkedIn:

    Tuesday, March 10, 2020 7:02 AM