Server Computer Account has been deleted in AD - How do I recreate if I can no longer login to the domain?

The most important server in my network (the one that has my Dispatching Database on it) computer account has been deleted from Active Directory Computers and Users. Since I now cannot login to the domain how can I unjoin (or whatever) the domain and then rejoin the domain? Or what is my best course of action?
Thanks in advance,
Darren
dcroneIT GuyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
If you set it up, AD has a recycle bin.

If you didn't set up and enable the recycle bin, even domain joined machines have local (non-domain) admin accounts. If you don't have local admin accounts documented....things get dicey. Should be part of your disaster recovery plan....
0
Tom CieslikIT EngineerCommented:
You can use Domain Administrator to login to your computer. You've said computer account was deleted but I assume it wasn't domain admin.
You can log on as domain admin.
If domain admin account still exists on DC then login to DA Users and Computers and recreate user you've just lost.
0
dcroneIT GuyAuthor Commented:
Cliff, how do I check if there is an AD recycle bin? There probably isn't because I setup this server 10+ years ago. Tom, I didn't lose a user account, I lost the computer account ie. RSDISPATCH03 under computers listing in AD Users and Computers. Can I manually add a computer account in AD?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Nagendra Pratap SinghDesktop Applications SpecialistCommented:
You can defintely add the machine to the domain again. You need to have domain join rights. Domain Admin account will work in this case. Actually any user can join upto 10 computers to a domain unless set otherwise.
0
Tom CieslikIT EngineerCommented:
So login to local profile and remove computer from domain.
Then login again ad add it again.

I assume you know local user and password.
0
dcroneIT GuyAuthor Commented:
Okay, how do I add the machine to the domain again? Using Active Directory Users and Computers?
0
Nagendra Pratap SinghDesktop Applications SpecialistCommented:
0
Tom CieslikIT EngineerCommented:
dcrone....
If you login as LOCAL USER to affected computer you going to be able remove computer from domain.
Then after restart you going to be able ADD this computer to domain back using domain admin account
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mal OsborneAlpha GeekCommented:
1. If the machine account has been deleted or corrupted, you cannot login as a domain admin. (as you have probably determined)
2. You need to know the local admin account credentials.
3. You cannot add a machine using ADUC, this needs to happen on the target box itself.
4. If you have lost the local account credentials, there are some utilities that may allow you to reset it. I have a link to one below. This is a little risky and can be complex, particularly if your machine has an unsupported RAID card.
5. It is a trivial matter to reset local account passwords on machines that you cna still log onto as a network admin. Go around and do this ASAP, to prevent geting into this mess again.

http://pogostick.net/~pnh/ntpasswd/
0
Kevin StanushApplication DeveloperCommented:
You don't need to have the Recycle Bin enabled in order to undelete a directory object.  I wrote an article about this here:

https://www.experts-exchange.com/articles/28870/Undeleting-Objects-in-Active-Directory.html

While a restored user will have its SID and password restored, a computer might be a different story, as the secure channel password that the computer sets every 30 days or so might not be restored.  If you are planning to recreate the computer account anyway, its worth a try.  Or, you can delete a non-critical computer account that is known to work, then verify that its off the domain, then restore it, and see if its then able to access the domain.

You can always use the local account as others have suggested, and if you don't have that, there are still workarounds if you have physical access to the machine.  But try the undeletion first.
0
Shaun VermaakTechnical Specialist IVCommented:
Restoring an account from tombstoned state will not restore group memberships AFAIR but the secure channel password will be restored. I mention this because I utilize computer groups quite a bit and others might too.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.