Actually, removing a computer from the domain on the client side (i.e. changing its domain membership to a workgroup) does NOT remove the machine account from AD (nor did it remove the account in NT4 domains). No domain rights are required to remove a machine from the domain - you can prove this by using the local admin account of a machine to remove it from the domain. Local admin has no domain rights, yet you can remove the machine from the domain.
The only action I know of which will remove the computer account automatically is running DCPromo to remove a DC. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Rich Milburn [mailto:[EMAIL PROTECTED] > Sent: Monday, December 29, 2003 9:32 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > Irwan forgive me if I read you wrong... > > I think what he's asking is about leaving the computer > accounts in AD or > deleting them. When you remove the computer from the domain > (like join it > to a workgroup) it removes the computer account from the > domain. Or you can > turn the computer off and delete the account forcefully with > ADUC or dsrm or > whatever. Or you can reset the account - something I've rarely used, > because I didn't know what the difference was from deleting > the account and > adding the new computer with the same name. > > Rich > > -----Original Message----- > From: Rick Kingslan [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 28, 2003 1:32 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > Irwan, > > I would concur that option two is the most successful method, from my > experience. For all intents and purposes, the Computer object is a > derivative of the User object and has a SID associated with > it. Simply > naming a computer the same as an existing object will not > yield the desired > result, and will often cause unpredicatble results. > > I might not be reading the options correctly, but I see > option one and three > as the same. > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > WebLog - www.msmvps.com/willhack4food > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Irwan Hadi > Sent: Sunday, December 28, 2003 7:29 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Upgrading computers and computer objects > > I'm curious what is the best practice or recommended way for > the following > case: > I have several computers that are joined to the domain, and > I'm going to > upgrade some of thse computers with a different computer > (newer), though the > UNC name of these computers will remain the same. > Should I: > 1. Remove the old computers from the domain, install the new > computers, and > join them to the domain? > 2. Since there are several computers, can I just delete the > corresponding > computer objects in the ADUC, install the new computers, and > join them to > the domain? > 3. Just put the new computers in place, and join them with > the same name? > > So far, I'm doing the second way, because I think it is the > cleanest way. > > Thanks > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > -------APPLEBEE'S INTERNATIONAL, INC. > CONFIDENTIALITY NOTICE------- > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in > this message or > any attachments. This information is strictly confidential and may be > subject to attorney-client privilege. This message is > intended only for the > use of the named addressee. If you are not the intended > recipient of this > message, unauthorized forwarding, printing, copying, > distribution, or using > such information is strictly prohibited and may be unlawful. > If you have > received this in error, you should kindly notify the sender > by reply e-mail > and immediately destroy this message. Unauthorized > interception of this > e-mail is a violation of federal criminal law. Applebee's > International, > Inc. reserves the right to monitor and review the content of > all messages > sent to and from this e-mail address. Messages sent to or > from this e-mail > address may be stored on the Applebee's International, Inc. > e-mail system. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
