No announcement yet.

Disabled Computers after removing from domani

  • Filter
  • Time
  • Show
Clear All
new posts

  • Disabled Computers after removing from domani

    I have a question why are computers only disabled after removing them from the domain. Why does it not delete the account? I just noticed that we have a bunch of Old computers disabled on our Server 2003 AD. All these systems have been disjoined from the Domain and removed from service. I went ahead and deleted them but was curious if why AD disables the computer instead of deleting it?

  • #2
    Re: Disabled Computers after removing from domain

    The reason for the behavior is that if you disjoin a computer and join it back, you will retain the SID of the computer object in AD which might be used for granting permissions.

    If you unjoin a computer, delete its account and join the computer back, you will end up with a new computer account and will have to make sure the new account is granted all the required permissions and added to groups explicitly.

    It's up to admins to perform cleanup tasks and scavenge old accounts - AD can't know if you are planning to reuse the accounts and hence can not make the decision whether to delete the account or not.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"