Resetting the Active Directory computer object and the computer object account

Article:HOWTO23299  |  Created: 2010-01-01  |  Updated: 2011-07-28  |  Article URL http://www.symantec.com/docs/HOWTO23299
Article Type
How To

Product(s)

Subject


Resetting the Active Directory computer object and the computer object account

In Active Directory, computer objects are derived from user objects. Some attributes that are associated with a computer object cannot be restored when you restore a deleted computer object. The attributes can only be restored if the attributes were saved through schema changes before the computer object was originally deleted. Because computer object credentials change every 30 days, the credentials from the backup may not match the credentials that are stored on the actual computer.

Note:

To reset a computer object, you must use the Microsoft Active Directory Users and Computers application.

For more information on resetting a computer object, see your Microsoft Active Directory Users and Computers application documentation.

If a computer object's userAccountControl attribute was not preserved before the object was deleted, you must reset the object's account after you restore the object.

See Recreating purged ADAM/AD LDS objects

To reset the Active Directory computer object account

  1. Remove the computer from the domain.

  2. Re-join the computer to the domain. The SID for the computer remains the same since it is preserved when you delete a computer object. However, if the object's tombstone expires and a new computer object is recreated, the SID is different.


Legacy ID



id-SF700117742_be2010_adm


Article URL http://www.symantec.com/docs/HOWTO23299


Terms of use for this information are found in Legal Notices