locked
Manually Create a Computer Account in AD before join it to AD RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello team,

    Here are my questions for you.

    1: The question is, if you just disjointed a computer from the Domain , does the computer account automatically deleted or remove from AD?

    2: What is the difference between manually going to AD to add a computer account versus just join the computer to the Domain from the workstation “System Properties\Change Settings\Change ” tab? This is windows Vista Enterprise version in a Windows 2k3 and 2k8 Domain environment.

    3: if you just disjointed the computer from the Domain, should the computer account remain in AD without any problem?

    4: If you need to rejoin this computer to the Domain again , do you have to go to AD to manually remove or delete this computer account before rejoin it to AD?

    Your response is very much appreciated.

     

    Thanks

    Himrod

    Thursday, January 20, 2011 12:15 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    1. I'd not count on this - even though according to http://technet.microsoft.com/en-us/library/cc754624.aspx this should be the case.

    2. Creating computer account in AD does not actually result in this computer being joined to the domain. It simply creates a computer object - which can be utilized afterwards as long as the person performing the join has appropriate permissions.

    3. This goes back to 1.

    4. You should reset the computer account before you do so

    hth
    Marcin

    Thursday, January 20, 2011 12:24 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    in addition to what is said by marcin you should add manualy computer object only for prestaged situation that's mean create n numbers of computer object (without real pc) in a Organizational unit or different OU so when you join a pc it goes to that ou directly 
    Thursday, January 20, 2011 12:44 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    1. in the last years when i disjoin a computer form the domain, i have never seen that it was deleted in ADUC. It was always changed to a disabled computer account, this is up to Windows server 2008 R2, just the icon changes but in each OS version the unjoined account was shown as disabled but not deleted.

    2. as Marcin said you have just added an object in AD UC when precreating it. This will not prevent you joining the machine manual or automated. The precreation is mostly used to have an OU chosen without moving the machine or if you like to bind specific machines to a name with RIS/WDS

    3. see 1 and there is no problem if the name stays in AD UC

    4. not required but resetting the computer account is a good idea. Personal i prefer to remove machines complete if they should no longer exist in the network, even if need to built a new one short time later using the same name

    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, January 20, 2011 8:32 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    1. I'd not count on this - even though according to http://technet.microsoft.com/en-us/library/cc754624.aspx this should be the case.

    2. Creating computer account in AD does not actually result in this computer being joined to the domain. It simply creates a computer object - which can be utilized afterwards as long as the person performing the join has appropriate permissions.

    3. This goes back to 1.

    4. You should reset the computer account before you do so

    hth
    Marcin

    Thursday, January 20, 2011 12:24 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    in addition to what is said by marcin you should add manualy computer object only for prestaged situation that's mean create n numbers of computer object (without real pc) in a Organizational unit or different OU so when you join a pc it goes to that ou directly 
    Thursday, January 20, 2011 12:44 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for your prompt reply. I understand your point and I should be more precised in wording the question.

    The question is, if you remove or disjoint a computer from AD, does the computer account automatically delete or remove from AD?

    Someone told me it should be deleted automatically when remove or disjoint a computer from AD.

     

    thanks

    Himrod

     

    SHimrod
    Thursday, January 20, 2011 8:19 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    1. in the last years when i disjoin a computer form the domain, i have never seen that it was deleted in ADUC. It was always changed to a disabled computer account, this is up to Windows server 2008 R2, just the icon changes but in each OS version the unjoined account was shown as disabled but not deleted.

    2. as Marcin said you have just added an object in AD UC when precreating it. This will not prevent you joining the machine manual or automated. The precreation is mostly used to have an OU chosen without moving the machine or if you like to bind specific machines to a name with RIS/WDS

    3. see 1 and there is no problem if the name stays in AD UC

    4. not required but resetting the computer account is a good idea. Personal i prefer to remove machines complete if they should no longer exist in the network, even if need to built a new one short time later using the same name

    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, January 20, 2011 8:32 PM