No announcement yet.

Reset a computer account

  • Filter
  • Time
  • Show
Clear All
new posts

  • Reset a computer account


    I am currently working on my 70-640 exam, and therefore I'm going through the MS training kit (second edition) . On page 235 I noticed the following:

    The author tells us in case the computer looses its secure channel with the domain, to not remove the computer from the domain, join it to a work group and then rejoin it to the domain. That might result in the computer account in AD being deleted (but does it? usually the computer account is disabled, when the computer is removed from the domain). But rather one should reset the computer account in AD. But then we are told to re-join the computer as step 3 on page 236.

    So what the author really wants to convey on page 235 is that you should not remove the computer from the domain, but rather FIRST reset the computer account in AD, and THEN remove it from the domain and rejoin the domain. Am I getting this right, or did I miss something? Weird that the author tells us to no tremove and rejoin on page 235, but then tells to do just that on page 236, without really elaborating.
    Last edited by Balthier; 11th June 2012, 12:30.

  • #2
    Re: Reset a computer account

    Remove the PC from the domain
    Reset the computer object in AD
    Re-join to the domain.

    This is the most advisable way of doing it, but in actual practice the first 2 steps aren't critical as to which comes first. As long as the AD object is reset BEFORE the re-join, you're OK.
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **


    • #3
      Re: Reset a computer account

      I agree with RicklesP.

      Just to note, it usually doesn't matter whether you delete the computer or reset it.

      The difference is when you reset the account and rejoin the computer to the domain, AD will assign the same SID to the computer. If there are applications on the computer that store application specific information in AD and it's a DR situation then you generally want to reset the account but be sure to check with the application documentation if it does store info in AD. (Exchange is an example of such an application)

      Network Consultant/Engineer
      Baltimore - Washington area and beyond