Machine un-joined but account not deleted?

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Hi Gerry

Local administrator doesn't have the appropriate rights on the domain to
perform the unjoin.

I'd recommend creating a security group on the domain and giving it rights
to create and delete computer objects in the OU(s) where you normally place
your workstation. Then, create an account in this group and use it when
rejoining the domain. I believe that if you log in as local admin and
supply this account's credentials, it will automatically remove the old
account and join the domain.

I haven't tested this. This is just my understanding of how it works. I
may be wrong -- it has been known :-).

Regards

Oli




"Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message
news PBszLRaEHA.4032@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> If I unjoin a machine from our Win2k AD domain, I get an error saying that
> although the machine unjoined correctly, the machine account could not be
> deleted.
>
> I've tried it both as local Administrator and also remotely using NetDom
> under domain admin account.
>
> I can't find anything in the KB about this.
>
> e.g.
>
> I want to replace a computer called WS123 with a new one. I can't just
> unplug the old machine and connect the new one because when I try to join
> it to the domain it says "duplicate account".
>
> So I usually unjoin the old one, delete it's account from AD, and then
> join the new one using the old name, but this is too time-consuming.
>
> --
> Gerry Hickman (London UK)

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Hi Oli,

I've tried it using a domain admin account for the whole domain! The
object still won't delete.

Oli Restorick [MVP] wrote:

> Hi Gerry
>
> Local administrator doesn't have the appropriate rights on the domain to
> perform the unjoin.
>
> I'd recommend creating a security group on the domain and giving it rights
> to create and delete computer objects in the OU(s) where you normally place
> your workstation. Then, create an account in this group and use it when
> rejoining the domain. I believe that if you log in as local admin and
> supply this account's credentials, it will automatically remove the old
> account and join the domain.
>
> I haven't tested this. This is just my understanding of how it works. I
> may be wrong -- it has been known :-).
>
> Regards
>
> Oli
>
>
>
>
> "Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message
> news PBszLRaEHA.4032@TK2MSFTNGP11.phx.gbl...
>
>>Hi,
>>
>>If I unjoin a machine from our Win2k AD domain, I get an error saying that
>>although the machine unjoined correctly, the machine account could not be
>>deleted.
>>
>>I've tried it both as local Administrator and also remotely using NetDom
>>under domain admin account.
>>
>>I can't find anything in the KB about this.
>>
>>e.g.
>>
>>I want to replace a computer called WS123 with a new one. I can't just
>>unplug the old machine and connect the new one because when I try to join
>>it to the domain it says "duplicate account".
>>
>>So I usually unjoin the old one, delete it's account from AD, and then
>>join the new one using the old name, but this is too time-consuming.
>>
>>--
>>Gerry Hickman (London UK)
>
>
>


--
Gerry Hickman (London UK)