Old Computer Accounts in Active Directory

Posted on 2011-10-18
Last Modified: 2012-05-12
I've been adding a few new computers onto my domain & when I do I will remove the old computer from teh domain & set the IP to DHCP. I have a Windows 2008 Domain with Windows Vista & Windoes 7 clients. My question is, how long does it take for the computer account to be automatically removed from active diretcory? At this time, the ones that have left the domain have a arrow pointing down next to them. I have one old computer account that I removed about a month ago & it is still there....Is AD malfunctioning? I also have the old DNS records in the DNS forward zone...I thought they were supposed to be automatically removed as well with the computer I wrong? Please advise...thanks
Question by:wantabe2
    LVL 57

    Accepted Solution

    Did you actually go in and delete the computer account and it is still there?   Verify that replication is happening.

    Generally when an account is deleted it goes into a "Tombstone State"  but you shouldn't see it in ADUC.  After the tombstone lifetime period has passed it will be deleted more on that subject here

    By default computer accounts don't get deleted on there own.  That is where free cleanup tools like oldcmp or ad tidy can help

    DNS records will be removed if you have scavenging enabled.


    LVL 13

    Expert Comment


    When you disjoin a workstation from the domain, it won’t automatically delete the computer account from the Domain. You need to manually delete it.
    LVL 23

    Expert Comment

    by:Stelian Stan
    Yes, you have to manually remove AD object (computer). After removing a computer from the domain you will see a red X on that computer in ADUC.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now