Active Directory Computer Objects
Last response: in Business Computing
Here is a legitimate question for all you people that work with Acvite Directory on a daily basis.
Computer object JBLOW is deleted from Active Directory and the machine is powered off. User Joe Blow receives a pc upgrade which is renamed to give him the same hostname as he had before, "JBLOW". All is well, the pc is joined to the domain without a problem (because we deleted his old computer object previously). But there is a problem, someone accidently powers up the replaced pc and it disjoins the newly added machine from the domain (since they both have the same hostname). You still get the typical "domain trust relationship" error before log in, so why does it kick the newly added pc off?
This scenario can be avoided, and is on most cases (by renaming the old pc or disjoining it as it is replaced). But, my concern is I thought that Active Directory was more concerned with a GUID rather than a hostname. So how would an old pc that no longer has a GUID record in a domain have authority over the new computer object (which has a new GUID)?
I would think that the PC that no longer has a GUID associated with a computer object in the domain would simply give you the "domain trust relationship" error and that be the end of it.
But this is not the case in Server 2008.
Any insight?
Computer object JBLOW is deleted from Active Directory and the machine is powered off. User Joe Blow receives a pc upgrade which is renamed to give him the same hostname as he had before, "JBLOW". All is well, the pc is joined to the domain without a problem (because we deleted his old computer object previously). But there is a problem, someone accidently powers up the replaced pc and it disjoins the newly added machine from the domain (since they both have the same hostname). You still get the typical "domain trust relationship" error before log in, so why does it kick the newly added pc off?
This scenario can be avoided, and is on most cases (by renaming the old pc or disjoining it as it is replaced). But, my concern is I thought that Active Directory was more concerned with a GUID rather than a hostname. So how would an old pc that no longer has a GUID record in a domain have authority over the new computer object (which has a new GUID)?
I would think that the PC that no longer has a GUID associated with a computer object in the domain would simply give you the "domain trust relationship" error and that be the end of it.
But this is not the case in Server 2008.
Any insight?
More about : active directory computer objects
Do you have AD Recycle Bin enabled? If so, you may need to delete the computer object from the Recycle Bin. By default it stores the object up to 180 days.
It shouldn't kick the new system off the domain though. You would likely end up with a duplicate name exists on the network, or your DNS server is allowing Dynamic updates and the system is updating the DNS record, confusing the two systems.
By deleting the computer object and leaving the computer still joined, it would try to connect still. Likely issue is because both systems have the same name they both are kicked off. The computer that was deleted, yet still thinks it is connected, should not be able to connect to the domain. If so, you would be connecting under user credentials and not with the computer object itself.
It shouldn't kick the new system off the domain though. You would likely end up with a duplicate name exists on the network, or your DNS server is allowing Dynamic updates and the system is updating the DNS record, confusing the two systems.
By deleting the computer object and leaving the computer still joined, it would try to connect still. Likely issue is because both systems have the same name they both are kicked off. The computer that was deleted, yet still thinks it is connected, should not be able to connect to the domain. If so, you would be connecting under user credentials and not with the computer object itself.
Related ressources:
- ForumSeraches/Filters on Active Directory Objects
- Forumvirtual computer object in active directory
- ForumHow to remove exchang 2000 server's objects in active dire..
- ForumActive Directory Object Location
- ForumHide Active Directory User Object Fields
- ForumActive directory problem
- ForumXP Computer Description in 2000 Active Directory
- ForumCreating Active Directory Computer Accounts
- ForumRemove ADC computer from server " Active Directory Users an..
- ForumRun time error 75 in active directory user for windows 7
- Forumremoving user from Active directory
- ForumHow do I permanently remove from Active Directory , a packa..
- ForumDHCP Authorization in active directory .
- ForumActive Logons in Active Directory
- ForumActive Directory Migration Tool v.2.0
- ForumImporting Users and Active Directory
- ForumActive Directory / Policies questions
- ForumActive Directory Groups
- ForumBenefits of cloud computing
- ForumAny one know why the computer infected by Security Shield 2012?
- More resources
Read discussions in other Business Computing categories
!
