none
Replacement computer renamed to old computers name is automatically moved to the Computers OU

    Question

  • We have an issue when renaming replacement computers. If a PC will be replaced (example: computer A) we build a new PC and name it, for example Computer B. Then remove the old PC from the network and remove it from AD. Then later in the day we rename Computer B to Computer A. This works fine except AD is moving the computer object from it's original OU to the Computers OU.

    I have done this at other companies and could do it within a few minutes, once the objects are completely gone from AD. So I don't think it is a timing issue. Plus I would be notified of a duplicate computer name.

    Anyone seen this before?

    Monday, February 13, 2017 4:50 PM

All replies

  • Hi,

    By default, newly created computer objects are automatically placed in "Computers" container. However, you can change the default container for computers.

    Type the following command on elevated command prompt. Change the values accordingly

    redircmp ou=<newcomputerou>,dc=<yourdomainname>,dc=com


    If this help, mark it as proposed answer.

    / Karim

    Monday, February 13, 2017 5:22 PM
  • These are not newly created objects. As noted in the post, these are computer objects that are renamed. Renamed on the computer. This only happens if you are reusing the name for computer A that was in use before even though that object has been removed from AD. If we give it any other name then it stays in the OU that it is currently in.
    Monday, February 13, 2017 7:45 PM
  • Hi,
    Have you checked if there are any scripts or group policies configured to move computer objects into specific OU?
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, February 14, 2017 8:51 AM
    Moderator
  • I have looked through everything and can find nothing in the way of scripts or GPs that would do this. Again this only happens when reusing an old name from a recently removed computer object. For some reason AD is deciding that 'oh, you want to reuse that name then I will consider you to be a completely new object and move you to the Computers OU'. If I were to use a different name then the object would stay where it currently is.
    Tuesday, February 14, 2017 5:55 PM
  • Hi,
    As the old computer is deleted, after a computer account is deleted, all permissions and memberships that are associated with that computer account are permanently deleted. Because the security identifier (SID) for each account is unique, a new computer account with the same name as a previously deleted computer account does not inherit the permissions and memberships of the previously deleted account. To duplicate a deleted computer account, you must recreate all permissions and memberships manually. Please see https://msdn.microsoft.com/en-us/library/cc754624
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 20, 2017 3:07 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 24, 2017 8:54 AM
    Moderator
  • Not really. Good attempts but the fundamental question is still not answered.
    If I remove a computer called C1 from OU 'OU1' by whatever method I should then be able to reuse that name on a different computer
    If I create a new machine from scratch and use that name then it should go to the Computers OU. That is correct behaviour
    What I am doing is taking a different computer in the same OU - 'OU1' and renaming it to C1. When I do that the newly renamed computer should stay in OU1 but it does not. It moves to the Computers OU. This is incorrect behavior based on my experience.
    This was normal practice for me before these 2012 R2 DC's when I was replacing a user PC or a server.

    Friday, February 24, 2017 5:25 PM
  • Hi,
    I have tested similar actions in my lab enviroment, but the same behavior is not produced, what I have done is:
    1. Delete a test computer(VM8) from test OU(client);
    2. Log on to another computer(VM10) which is in the same client OU;
    3. Change the computer name from VM10 into VM8 from system node of Control panel;
    4. Then VM8 are still located in the client OU
    Did you do the same action for the replacement? If not, please have a try.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 27, 2017 2:45 AM
    Moderator
  • This is exactly what I am trying to do and what I have been doing for years. For some reason in this network after t6he rename the machine is moved to the Computers OU
    Tuesday, February 28, 2017 7:22 PM
  • We have an issue when renaming replacement computers. If a PC will be replaced (example: computer A) we build a new PC and name it, for example Computer B. Then remove the old PC from the network and remove it from AD. Then later in the day we rename Computer B to Computer A. This works fine except AD is moving the computer object from it's original OU to the Computers OU.

    I have done this at other companies and could do it within a few minutes, once the objects are completely gone from AD. So I don't think it is a timing issue. Plus I would be notified of a duplicate computer name.

    Anyone seen this before?

    I have not seen this before, over many years. I have seen some interesting variations, where the pc is not connected to the network at the time of disjoin (the computer object status doesn't change), and when the pc *is* connected at the time of disjoin, the computer object is set to disabled status (if the disjoining user account has permissions).
    Also if the disjoining user account does have full permissions to the computer account object (eg is a DA or similar delegated permissions) that *might* cause the object to be deleted at the time of disjoin? (that's a guess on my part, since i'm not a DA in our production AD)

    Can you check, when you 'remove the old ComputerA from the network and remove from AD', at that point in time, before you 'later in the day rename ComputerB to ComputerA', what is the status and location of the account/object for ComputerA ?

    I'm wondering if the 'removal' of the old ComputerA is triggering the object for ComputerA to be deleted?
    And subsequently, when you rename ComputerB to be ComputerA, that's being seen as 'create a new object named ComputerA' which is landing in the default \Computers\ container?  (assuming that you are still using the default container and are not using an real OU, and also assuming that you've not used redircmp.

    You should also be able to track what's going on from the logs on the DC, and you can also examine the netsetup.log on the client machine since that local log is where netdom/djoin logs its activities.


    Don [doesn't work for MSFT, and they're probably glad about that ;]


    Tuesday, February 28, 2017 8:29 PM