No announcement yet.

cannot access pc removed from AD

  • Filter
  • Time
  • Show
Clear All
new posts

  • cannot access pc removed from AD

    I have an issue.
    A computer object was deleted from AD. The pc is in remote location.
    When I try to login to the pc by rdp I recieve an error saying:
    the domain is not available or there is no computer account.
    I added computer with the same name. Server was restarted for applying patches.

    No luck.

    I cannot restart the remote machine with shutdown -r - m \\computer name
    It says you don't have rights. I try domain admin credentials.
    Local admin password is not available. It is abandoned (but suddenly important pc in the lab ).

    End of the story. What to do?
    Sorry, didn't mention. It is SBS 2003 AD. But I guess it doesn't matter in the situation.

    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: cannot access pc removed from AD

    Without the local administrator password you have limited options.

    1. You can delete the new computer account that you created (as this won't work anyway) and restore the original computer account using something like adrestore


    2. You can create a bootable Live CD (BartE, UBCD4WIN, Reatogo) that has a password reset tool and visit the machine in person and reset the local administrator account password and then rejoin the computer to the domain.


    • #3
      Re: cannot access pc removed from AD

      After deleting computer acount from AD you can't login to the workstation and in the options choosing domain.
      The only way to use RDP is to connect to local computer, but here you will need local admin password or user with administrative privelege password.
      To reset the password in simple workstation its very simple, you can use ERD, Hiren's CD (locksmith).
      If you have SCSI disks, here will be harder to reset the pasword, couse you will need to provide scsi drivers.


      • #4
        Re: cannot access pc removed from AD

        In Active Directory, when someone flags an object for deletion, Windows marks it with an indicator called a tombstone. The process doesn't actually delete the object from the AD database the object just lives on in this tombstoned state.
        You can still restore the deleted object. Download Sysinternals' free AdRestore utility from MS. That should do the trick. Either that or as already said visit the site with a sysinternals ERD (has a built in locksmith amongst a host of super cool tools and utilities) and reset the local admin password and add it back to the domain.
        Last edited by scurlaruntings; 28th May 2009, 10:31.


        • #5
          Re: cannot access pc removed from AD

          Do you have the opportunity to visit the PC in person at all? As Joe and scurlaruntings have said, you can use a password reset disk to reset the local admin account. Another option is to rejoin it to the domain (assuming it's either on a routed subnet that has communication with the SBS machine or that the machine has a VPN connection to the SBS network). If you have no physical access to it, you could create a temporary account in the domain with the rights to add computers to the domain, tell the remote user the username and password for that account and then walk them through adding the machine back to the domain. That would be easier than restoring the AD object. Once it's in the domain your domain admin account has privileges to access the machine and you can then reset the local admin password and do whatever else you'd like to it.
          Wesley David
          LinkedIn | Careers 2.0
          Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
          Vendor Neutral Certifications: CWNA
          Blog: || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
          Goofy kitten avatar photo from Troy Snow: