Delete computer account from AD vs Removing it from Domain


My supervisor says it is better to remove a computer from the domain instead of deleting it from Active Directory when the PC is only going to be rebuilt under a new name anyways.  Is this correct, or does it make no difference?  I ask only because sometimes a PC gets rebuilt before it is removed from the domain, and by that point it is too late anyways.  He also says that when a PC is removed from the domain, all information about the PC account is removed more cleanly vs just deleting the account.  Is this correct as well?

Who is Participating?
That's really only true to say for a Domain Controller (and in that case, it's very true).  If you're destroying the entire OS of the domain member and rebuilding with the same name, then I'd suggest neither disjoining nor deleting ... simply rebuild and rejoin on top of the old account (you'll need sufficient privileges to do so).  If you're going to install it under a new name then simply delete the computer account from AD and perform the reinstall.

Note that the computer account may have been made a member of a group or been given permission to a resource, deleting it from AD will lose that configuration even if you recreate a new computer account with same name.
Brian PiercePhotographerCommented:
It makes no difference whatsoever in real terms. Romeoving the computer from the domain has the advantage to removing the trust relationship on both client and server in the same operation but that is about the only advantage
I don't know of any difference between the two methods.
... don't forget, computers also receive permission to resources either directly or via group membership (it's the computer's domain-account-SID that we're interested in preserving).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.