Learn how to a build a cloud-first strategyRegister Now


AD Computer to the domain.

Posted on 2009-12-16
Medium Priority
Last Modified: 2012-05-08
Hi all,
i need help to add a computer object on AD.
Yesterday em remove the machine from the domain -> with sucess.
The object did not disapear from the computer objects, so i deleted.
On my next step i add the computer to the domain with the same name from the previous deleted computer, with sucess, but on AD the computer name don´t appear in the default Computer, so i created the computer manualy.
Every time we try to acces a share,  the machine report this error:
The trust relationship between this workstation and the primary domain failed.

Since then i can´t access the computer wiht the domain user´s.
There is anyway to force the creation of this object without reboot the system ?
And pass to the all the steps to remove and join to the domain again.

Thank you all for your support.
Question by:David Paris Vicente
  • 4
  • 2
LVL 10

Expert Comment

ID: 26062864
When you deleted the computer object from AD, you have joined it from client computer > it must allowed to AD and no need to add it manually in AD.

Remove from domain from the client computer, remove it from AD.

Simply join it from client.. it should work. Try once again now.
LVL 27

Expert Comment

ID: 26062900
By rights if you had deleted the account from AD after disjoining the machine, then when you re-join a new account should be re-created in the 'Computers' container.

Do you have more than one DC? Could it be that you're experiencing replication issues? The new account could possible have been created on one DC and you manually created one on another. Run DCDIAG tests on the DCs to see if you get any errors and let us know.

Unfortunately once a secure channel is broken for a member/workstation, utils like netdom and nltest will not fix it. The only real fix is to disjoin/rejoin.

Let us know about your DCDIAG results.

LVL 12

Author Comment

by:David Paris Vicente
ID: 26063881
We have 2 DC´s and both are working fine.
I believe that the problem was this, i delete the machine from my first DC, and re-join the machine seconds after, and probably my second DC don´t have time to sync when i deleted the machine.
Maybe this was the problem.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 12

Author Comment

by:David Paris Vicente
ID: 26063929
My principal concern is this machine, is responsible for the DB of Our PBX and make all the steps again to re-join the machine is gone cause downtime and that is a problem.
LVL 27

Accepted Solution

bluntTony earned 2000 total points
ID: 26064305

I'm afraid if the security channel is broken, then you will need to disjoin the machine, then ensure you've deleted the account from AD (you can reset/enable the account you just disjoined, but i think in your case it'll be better to delete it). Then ensure both DCs are aware of the delete, then rejoin.

Then check the computer account has been created in the defalt container and move it to it's OU.

If all is well with your DCs then it should work.

Also, if both DCs are in the same site, I doubt you will have had time to do what you said, as replication takes approx 15 secs.

LVL 12

Author Comment

by:David Paris Vicente
ID: 26065145
I´m gone do the re-join of the server.
I will keep you posted.
Thank you
LVL 12

Author Comment

by:David Paris Vicente
ID: 26081112
The re-join solved the problem.
Thank you all

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question