Wow. Never saw that before. I'll have to play with my crashbox a bit later. Maybe its just because I usually rebuild the box then worry about the domain account later...
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Rich Milburn [mailto:[EMAIL PROTECTED] > Sent: Monday, December 29, 2003 11:02 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > Just tried it, XP SP1 on a 2003 domain, Network > Identification, switched > from domain member to workgroup member: > > Enter the name and password of an account with permission to > remove this > computer from the domain. > > User name: > > Password: > > This is while logged in as a domain admin. It seems to be fairly new > behavior, I can't recall if AD 2000 did this or not. It > might be an XP > thing. > > Rich > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: Monday, December 29, 2003 9:41 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > I've only been prompted for credentials when joining a > domain, not when > leaving one. And those are always for the new domain, not the old. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Rich Milburn [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 29, 2003 10:38 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > > > > You know... it's one of those things I rarely bother to do > > because I do #2 > > below, and the couple of times I have done it, I've never > > checked to see if > > the account was gone. Seems like you _should_ need domain > > privs to remove a > > computer from the domain, and it _should_ delete the computer > > account... now > > that you mention it I have "removed" computers from the > > domain without being > > able to contact the DC. What's the point of asking for an > > account that can > > remove it from the domain, if you have to be an admin to get > > that far in the > > first place? (though I've never tried switching to workgroup > > as a non-admin > > account so maybe it will let you try to remove the computer > > from the domain > > as a regular user and just ask for an admin account?) > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 29, 2003 8:58 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > > Actually, removing a computer from the domain on the client > side (i.e. > > changing its domain membership to a workgroup) does NOT > > remove the machine > > account from AD (nor did it remove the account in NT4 > > domains). No domain > > rights are required to remove a machine from the domain - you > > can prove this > > by using the local admin account of a machine to remove it > > from the domain. > > Local admin has no domain rights, yet you can remove the > > machine from the > > domain. > > > > The only action I know of which will remove the computer account > > automatically is running DCPromo to remove a DC. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Rich Milburn [mailto:[EMAIL PROTECTED] > > > Sent: Monday, December 29, 2003 9:32 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > > > > > > > Irwan forgive me if I read you wrong... > > > > > > I think what he's asking is about leaving the computer > > > accounts in AD or > > > deleting them. When you remove the computer from the domain > > > (like join it > > > to a workgroup) it removes the computer account from the > > > domain. Or you can > > > turn the computer off and delete the account forcefully with > > > ADUC or dsrm or > > > whatever. Or you can reset the account - something I've > > rarely used, > > > because I didn't know what the difference was from deleting > > > the account and > > > adding the new computer with the same name. > > > > > > Rich > > > > > > -----Original Message----- > > > From: Rick Kingslan [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, December 28, 2003 1:32 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > > > > Irwan, > > > > > > I would concur that option two is the most successful > > method, from my > > > experience. For all intents and purposes, the Computer > object is a > > > derivative of the User object and has a SID associated with > > > it. Simply > > > naming a computer the same as an existing object will not > > > yield the desired > > > result, and will often cause unpredicatble results. > > > > > > I might not be reading the options correctly, but I see > > > option one and three > > > as the same. > > > > > > Rick Kingslan MCSE, MCSA, MCT > > > Microsoft MVP - Active Directory > > > Associate Expert > > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > WebLog - www.msmvps.com/willhack4food > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of > Irwan Hadi > > > Sent: Sunday, December 28, 2003 7:29 AM > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] Upgrading computers and computer objects > > > > > > I'm curious what is the best practice or recommended way for > > > the following > > > case: > > > I have several computers that are joined to the domain, and > > > I'm going to > > > upgrade some of thse computers with a different computer > > > (newer), though the > > > UNC name of these computers will remain the same. > > > Should I: > > > 1. Remove the old computers from the domain, install the new > > > computers, and > > > join them to the domain? > > > 2. Since there are several computers, can I just delete the > > > corresponding > > > computer objects in the ADUC, install the new computers, and > > > join them to > > > the domain? > > > 3. Just put the new computers in place, and join them with > > > the same name? > > > > > > So far, I'm doing the second way, because I think it is the > > > cleanest way. > > > > > > Thanks > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > List info : > > > http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > -------APPLEBEE'S INTERNATIONAL, INC. > > > CONFIDENTIALITY NOTICE------- > > > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in > > > this message or > > > any attachments. This information is strictly confidential > > and may be > > > subject to attorney-client privilege. This message is > > > intended only for the > > > use of the named addressee. If you are not the intended > > > recipient of this > > > message, unauthorized forwarding, printing, copying, > > > distribution, or using > > > such information is strictly prohibited and may be unlawful. > > > If you have > > > received this in error, you should kindly notify the sender > > > by reply e-mail > > > and immediately destroy this message. Unauthorized > > > interception of this > > > e-mail is a violation of federal criminal law. Applebee's > > > International, > > > Inc. reserves the right to monitor and review the content of > > > all messages > > > sent to and from this e-mail address. Messages sent to or > > > from this e-mail > > > address may be stored on the Applebee's International, Inc. > > > e-mail system. > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > -------APPLEBEE'S INTERNATIONAL, INC. > > CONFIDENTIALITY NOTICE------- > > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in > > this message or > > any attachments. This information is strictly confidential > and may be > > subject to attorney-client privilege. This message is > > intended only for the > > use of the named addressee. If you are not the intended > > recipient of this > > message, unauthorized forwarding, printing, copying, > > distribution, or using > > such information is strictly prohibited and may be unlawful. > > If you have > > received this in error, you should kindly notify the sender > > by reply e-mail > > and immediately destroy this message. Unauthorized > > interception of this > > e-mail is a violation of federal criminal law. Applebee's > > International, > > Inc. reserves the right to monitor and review the content of > > all messages > > sent to and from this e-mail address. Messages sent to or > > from this e-mail > > address may be stored on the Applebee's International, Inc. > > e-mail system. > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > -------APPLEBEE'S INTERNATIONAL, INC. > CONFIDENTIALITY NOTICE------- > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in > this message or > any attachments. This information is strictly confidential and may be > subject to attorney-client privilege. This message is > intended only for the > use of the named addressee. If you are not the intended > recipient of this > message, unauthorized forwarding, printing, copying, > distribution, or using > such information is strictly prohibited and may be unlawful. > If you have > received this in error, you should kindly notify the sender > by reply e-mail > and immediately destroy this message. Unauthorized > interception of this > e-mail is a violation of federal criminal law. Applebee's > International, > Inc. reserves the right to monitor and review the content of > all messages > sent to and from this e-mail address. Messages sent to or > from this e-mail > address may be stored on the Applebee's International, Inc. > e-mail system. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
