Remove From My Forums

Restore Computer Account AD 2003

Question
0

Sign in to vote

Hi everyone.

I figured I would see if anyone had anything for the following:

Screnario - AD 2003 - 100 Computer accounted deleted but are still on the wire.

Is there anyway that I can restore the Comptuer accounts in AD and re-establish the trust relationship between the Server and domain without haveing to reboot or visit the computer.

I've tried the following:

ADrestore & LDP but didn't re-establish the trust relationship.

I know that I can make a schema change to store the computer password but this change was not in place prior of the deletion.

Does anyone have anyway that I can get these machine talking to AD without visiting the computers?

Friday, June 8, 2012 3:46 PM

Answers

0

Sign in to vote
You can use ADRestore with below article to restore the computer objects with secure channel in place. Joe has just released new cool tool to reset machine's secure channel password, avoiding the need of dis join & rejoin of the machine.

http://edmckinzie.wordpress.com/2008/02/06/how-to-restore-deleted-machine-accountsactive-directory-adrestoreunicode-pwdsearchflag/

http://blog.joeware.net/

Awinish Vishwakarma - MVP - Directory Services
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Meinolf Weber Friday, June 8, 2012 5:37 PM
- Marked as answer by 朱鸿文 Monday, June 11, 2012 4:30 AM
Friday, June 8, 2012 4:19 PM
0

Sign in to vote
Yes, you are correct. The searchFlag attribute on the Unicode-pwd schema object has to be set from 0 to 8 prior of the object deletion.
Best Regards,

Abhijit Waikar.
MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Marked as answer by 朱鸿文 Monday, June 11, 2012 4:31 AM
Friday, June 8, 2012 4:58 PM
0

Sign in to vote
Hello,

please see http://blog.joeware.net/2012/06/07/2513/ to restore a broken secure channel.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Abhijit Waikar Saturday, June 9, 2012 9:05 AM
- Marked as answer by 朱鸿文 Monday, June 11, 2012 4:31 AM
Friday, June 8, 2012 5:38 PM

All replies

0

Sign in to vote
You can use ADRestore with below article to restore the computer objects with secure channel in place. Joe has just released new cool tool to reset machine's secure channel password, avoiding the need of dis join & rejoin of the machine.

http://edmckinzie.wordpress.com/2008/02/06/how-to-restore-deleted-machine-accountsactive-directory-adrestoreunicode-pwdsearchflag/

http://blog.joeware.net/

Awinish Vishwakarma - MVP - Directory Services
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Meinolf Weber Friday, June 8, 2012 5:37 PM
- Marked as answer by 朱鸿文 Monday, June 11, 2012 4:30 AM
Friday, June 8, 2012 4:19 PM
0

Sign in to vote

I read that article but it seems that you have to have the Schema change ("Unicode-pwd schema object from 0 to 8") in place prior of the object beign deleted. This way it stores the computer password in the tombstone when it gets deleted. Is this correct or am i missing something? Is there any other way that i can restore the computer account 100%?

Friday, June 8, 2012 4:38 PM
0

Sign in to vote
Yes, you are correct. The searchFlag attribute on the Unicode-pwd schema object has to be set from 0 to 8 prior of the object deletion.
Best Regards,

Abhijit Waikar.
MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Marked as answer by 朱鸿文 Monday, June 11, 2012 4:31 AM
Friday, June 8, 2012 4:58 PM
0

Sign in to vote

So there is no other way of getting these machines talking to AD without a visit or rejoining to the domain?

Friday, June 8, 2012 5:18 PM
0

Sign in to vote
Hello,

please see http://blog.joeware.net/2012/06/07/2513/ to restore a broken secure channel.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Abhijit Waikar Saturday, June 9, 2012 9:05 AM
- Marked as answer by 朱鸿文 Monday, June 11, 2012 4:31 AM
Friday, June 8, 2012 5:38 PM
0

Sign in to vote

Hi,

As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

Best Regards

Kevin
TechNet Community Support

Monday, June 11, 2012 4:30 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Restore Computer Account AD 2003

Question

Answers

All replies