Announcement

Collapse
No announcement yet.

Rejoining a computer to the Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rejoining a computer to the Domain

    Rejoining a computer to the Domain should be simple, but it’s not.
    In our IT department we constantly reimage Laptop. According to corporate policy we use assets tags as computer name.
    This is the process we follow.
    • Reimage the computer
    • Delete the computer object from the computer OU
    • Join the computer to the domain... prompted “welcome to the domain”
    • Logon to the domain as a domain user, all the drives are mapped, DNS suffix is correct.
    • Everything looks good but the computer object does not appear in the computer OU.
    • I removed the computer from the domain and ran a tool called “New Sid” that changed the Sid, joined it to the domain.
    • I did DC replication and did a complete directory search for the computer object... still nothing
    I have removed the computer object from the domain and rejoined several times with same results
    Any suggestions would be appreciated. Thanks

  • #2
    Re: Rejoining a computer to the Domain

    Why are you removing the AD object instead of resetting it's password.
    Much simpler. (And yes, computer accounts do have a password too.)
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Rejoining a computer to the Domain

      Why noit sysprep your image and set the setup to ask for the computer name on install rather than doing it that way.

      You are sysprepping them aren't you???

      Comment


      • #4
        Re: Rejoining a computer to the Domain

        Replying to the 2 questions.

        Q- 1 Why are you removing the AD object instead of resetting it's password
        The computer is reimaged for a different user, reimaging a computer is done to give the new user a clean machine.

        Q-2 Are we sysprepping the systems?
        We have 3 models from Dell with same hardware we have syspreped and ghosted an image for each model that we restore as per the model, so yes, every images is syspreped.

        PS, New Sid is a tool from Sysinternals… it will completely change the SID on a XP system, it does same job as sysprep.

        Comment


        • #5
          Re: Rejoining a computer to the Domain

          Originally posted by samjacob View Post
          Replying to the 2 questions.

          Q- 1 Why are you removing the AD object instead of resetting it's password
          The computer is reimaged for a different user, reimaging a computer is done to give the new user a clean machine.

          Q-2 Are we sysprepping the systems?
          We have 3 models from Dell with same hardware we have syspreped and ghosted an image for each model that we restore as per the model, so yes, every images is syspreped.

          PS, New Sid is a tool from Sysinternals… it will completely change the SID on a XP system, it does same job as sysprep.
          Yes i know what newsid does.

          What i don't get is why you have to delete the account from the domain.

          If your sysprepping properly you should either be asked to join the domain along with a computer name or it should be done from an answer file (i think).

          I would never image a machine that was joined to the domain unless it was to restore that specific machine.

          How is your AD structure setup??

          How many DC's do you have???

          How long are you leaving things to replicate throughout the domain???

          Comment


          • #6
            Re: Rejoining a computer to the Domain

            Hi samjacob,

            I have done this a number of times.

            If you remove the computer object from the OU you will not be able to find it back in the OU.
            It will show up under the default OU -> Computers, which you'll then move the object to a different OU if you wish.

            If you are using the same object name for the re image laptop - leave the object name as everyone suggested.


            Let us know how did you go

            Thanks
            Last edited by Avi; 3rd August 2010, 08:33.

            Comment


            • #7
              Re: Rejoining a computer to the Domain

              Thanks for all the replies

              We only have one Computer OU all the computers objects are in it.

              Since we use the dell tag number as computer name, after reimaging we have to keep the same computer name, since the same name all ready resides in AD we have delete the existing object in the AD. to add the new one

              Our sysprep image is a generic image; we add other applications as per user’s needs.

              I can force replication

              10 DC in a mesh topology

              Comment


              • #8
                Re: Rejoining a computer to the Domain

                Surely you can re-image, rejoin and pick up the existing computer account?
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Rejoining a computer to the Domain

                  What app do you use to "ghost" the new image?
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    Re: Rejoining a computer to the Domain

                    Originally posted by Ossian View Post
                    Surely you can re-image, rejoin and pick up the existing computer account?
                    This will be the best option and the fasted.
                    Image the laptop
                    Change to workgroup
                    Change the name back to the one on the AD if it is the dell tag number it should be the same
                    Then just join the domain and if you didn't right it will let you know that a name is already ...

                    If you can't do that then you may want to re-think your procedure

                    Cheers
                    Avi

                    Comment


                    • #11
                      Re: Rejoining a computer to the Domain

                      When you rename the machine to an existing name, doesn't it state there is another computer with the same account ?

                      Hence why he is deleting it and then re-naming it to the same name.

                      I could be wrong.


                      Originally posted by Avi View Post
                      This will be the best option and the fasted.
                      Image the laptop
                      Change to workgroup
                      Change the name back to the one on the AD if it is the dell tag number it should be the same
                      Then just join the domain and if you didn't right it will let you know that a name is already ...

                      If you can't do that then you may want to re-think your procedure

                      Cheers
                      Avi

                      Comment


                      • #12
                        Re: Rejoining a computer to the Domain

                        hi samjacob,

                        Can you please let us know why do you need to delete the name from the AD and then use the same name.

                        Reimage
                        Change to workgroup
                        Connect to the network and joine the domain with what evername you need.
                        any other changes per user or dep' etc


                        Let us know

                        Thanks
                        Avi

                        Comment

                        Working...
                        X