troubleshooting Question
Reuse a computer object in Active Directory
asked on
Because of the way a certain program functions, when replacing a PC with this program installed we name the new PC the same as the old PC.
We image and build a replacement PC with the same name as the old machine but with and "R" appended to the name so we don't have issues with duplicate names, and leave it off the domain.
To put the new PC in place we remove the old PC from the domain and delete the object from AD, wait an hour for replication to take place, then rename the new machine to the same name as the old one and join it to the domain, reboot, logon, run "set" from a command prompt and see what the logonserver is, connect to that DC and see if the computer is in the default "computers" container, or the OU that the old PC was in. If it's in the default computers container all is good. If it's in the OU that the old PC was in then it's picked up the old computer object and problems will eventually arise. Usually the objects "Computer name (pre-Windows 2000):" will have "(duplicate)" in the name or just random garbage. Eventually the computer will lose it's trust to the domain and users will be unable to logon, but this is not until after various other trust issues between programs and files arise.
The only way we've found to be certain we don't run into issues is to keep removing the new PC from the domain, deleting the object from the DC it's showing up on in the old PC OU and rejoining to the domain. This continues until it shows in the default computers OU. The most we've had to do this is 4 times (remove/join to domain).
This is a large organization with hundreds of locations across the country and hundreds of DC's.
My question is....is there an easier way to do this, or is it possible to reuse the same computer object? Disassociate the old computer and associate the new one?
We are currently at a Server 2003 functional level.
Thanks!
We image and build a replacement PC with the same name as the old machine but with and "R" appended to the name so we don't have issues with duplicate names, and leave it off the domain.
To put the new PC in place we remove the old PC from the domain and delete the object from AD, wait an hour for replication to take place, then rename the new machine to the same name as the old one and join it to the domain, reboot, logon, run "set" from a command prompt and see what the logonserver is, connect to that DC and see if the computer is in the default "computers" container, or the OU that the old PC was in. If it's in the default computers container all is good. If it's in the OU that the old PC was in then it's picked up the old computer object and problems will eventually arise. Usually the objects "Computer name (pre-Windows 2000):" will have "(duplicate)" in the name or just random garbage. Eventually the computer will lose it's trust to the domain and users will be unable to logon, but this is not until after various other trust issues between programs and files arise.
The only way we've found to be certain we don't run into issues is to keep removing the new PC from the domain, deleting the object from the DC it's showing up on in the old PC OU and rejoining to the domain. This continues until it shows in the default computers OU. The most we've had to do this is 4 times (remove/join to domain).
This is a large organization with hundreds of locations across the country and hundreds of DC's.
My question is....is there an easier way to do this, or is it possible to reuse the same computer object? Disassociate the old computer and associate the new one?
We are currently at a Server 2003 functional level.
Thanks!
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 4 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.