?
Solved

Delete computer account from AD vs Removing it from Domain

Posted on 2007-10-11
4
Medium Priority
?
2,606 Views
Last Modified: 2011-08-18
Hello,

My supervisor says it is better to remove a computer from the domain instead of deleting it from Active Directory when the PC is only going to be rebuilt under a new name anyways.  Is this correct, or does it make no difference?  I ask only because sometimes a PC gets rebuilt before it is removed from the domain, and by that point it is too late anyways.  He also says that when a PC is removed from the domain, all information about the PC account is removed more cleanly vs just deleting the account.  Is this correct as well?

Thanks,
Mike
0
Comment
Question by:miket71
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 500 total points
ID: 20061205
That's really only true to say for a Domain Controller (and in that case, it's very true).  If you're destroying the entire OS of the domain member and rebuilding with the same name, then I'd suggest neither disjoining nor deleting ... simply rebuild and rejoin on top of the old account (you'll need sufficient privileges to do so).  If you're going to install it under a new name then simply delete the computer account from AD and perform the reinstall.

Note that the computer account may have been made a member of a group or been given permission to a resource, deleting it from AD will lose that configuration even if you recreate a new computer account with same name.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 500 total points
ID: 20061259
It makes no difference whatsoever in real terms. Romeoving the computer from the domain has the advantage to removing the trust relationship on both client and server in the same operation but that is about the only advantage
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 20061315
I don't know of any difference between the two methods.
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20061334
... don't forget, computers also receive permission to resources either directly or via group membership (it's the computer's domain-account-SID that we're interested in preserving).
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question