active directory

Posted on 2014-12-01
Medium Priority
Last Modified: 2014-12-03
I have worked with active directory, and made OU's and things like that, however, I know I could learn A LOT more about it. One thing that I noticed and haven't figured out is, when I am joining a computer to the domain, if the computer is already setup on domain1 and I have to join it to domain2, if I just go to system properties on the computer and under the computer name tab, if I click the "change" button, and change the domain name, after I put in my credentials it gives an error stating
"The join operations was not successful. this could be because an existing computer account having name "computer1" was previously created using a different computer name, or contact your administrator to remove any stale conflicting account. The error was: Access is denied. "
So if I go into Active Directory Users and Computers, and add the computer, then change the domain, it joins the domain without a problem.
When I build a new computer ( we use SCCM ) I don't create a computer account in Active Directory. Through SCCM, I just name the computer and it gets joined to the domain through the imaging process.
So I don't understand why I have to manually add the computer in the first scenario?
Question by:JeffBeall
LVL 85

Accepted Solution

David Johnson, CD, MVP earned 2000 total points
ID: 40475149
That is because of part of your task sequence in SCCM it does the domain join and the computername doesn't exist.  In the current scenario AD already has a computer name that is the same and it is flagging it as a potential error. In reality you should be removing it from domain1 and then joining it to domain2 otherwise it will be in both domains which is probably not what you want.

Author Closing Comment

ID: 40478442
thank you.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question