Announcement

Collapse
No announcement yet.

Computer account issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Computer account issue

    Hi all,

    I have an argument with someone about an issue he has on a Winodws 2003 domain.

    He created a bonch of computer accounts on a domain and later joined the computers to the domain.
    lately he had strange problems with some of the computers, and i found out that the issue is a result of a wrong computer account - i figured out that when he replaces a computer that was allready a member of the domain - he does it without removing the old computer from the domain nor deleting the old computer account manually from the domain.
    The new computer of course is given the same name as the old one.

    - I said that since the new computer has the old computer name without removing it's account first (by disjoin the old one from the domain or delete the account manually) causes strange behaviour of the new one.
    - He said that it's not the reason cause he can log in to the network with the new computer even the domain contains a old computer account.

    * Which of us is right ?
    * how can i show him he's wrong ? (is there a way to see that the computer account in AD is not associated to the new one or has wrong properties).

    Thank You

  • #2
    Re: Computer account issue

    The "old" computername doesn't need to be deleted if you are going to re-use it again.
    Just resets it's password and rejoin the system.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Computer account issue

      Instead of trying to prove your colleague wrong, ask him why the accounts should be pre-created. He might have a good reason.

      There are at least two common reasons for pre-creating computer accounts. First off, by creating the account in advance you can set the OU it resides. Thus all the group policies are applied automatically as per the OU. On-demand accounts are created in the Computers container, which may or may not contain sensible GPO objects.

      The second reason is to allow non-domain-admin accounts to join computers into the domain. As per default, ordinary user can join up to 10 computers into domain. In image-based installs, one often uses separate setup account for domain joins. By creating the accounts beforehand and allowing the setup account to join the computers on the domain, you do not need to tweak the 10 account limit nor give the install account special rights to create computer accounts in the domain.

      -vP

      Comment

      Working...
      X