Re: Member server rejoining domain

Hi Andy, I've read some great things in this thread but I'd like to point
your attention to Q325850. The article describes how the machine account
password is maintained and used. And if you are restoring a machine where
password has been changed beyond the two stored a password reset may be
needed. You can do this with netdom /resetpwd and if you need a new server
installation to assume the domain account of an existing system, use the ADUC
to reset the compter account.

--
Scott A. Cooper


"Andy1974" wrote:

The restore process is suppose to maintain the SID however it is going to
lose it's domain token trust. If I leave the exisiting machine account in
active directory should it rejoin and maintain it's SID\AD account?

"Marcin" wrote:

Andy,
just to clarify, note that my comments apply to the scenario in which you
delete the original computer account...

hth
Marcin

"Marcin" <marcin@xxxxxxxxxxxxxxxx> wrote in message
news:OMXmBESyJHA.480@xxxxxxxxxxxxxxxxxxxxxxx
Andy,
I'm not sure if I'm following the process you are describing, but removing
a computer from the domain and subsequent rejoining it will result in a
different account (along with its attributes, including its SID/GUID).
This could have a number of implications - which is either dependent on
GUID/SID attributes or any action that is not applied by default as part
of the domain join process (e.g. membership in a group other than Domain
Computers, SPNs, etc.)

hth
Marcin

"Andy1974" <Andy1974@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1FBD1D9F-E0AB-4576-B0EE-3728369F5859@xxxxxxxxxxxxxxxx

I am using Symantec BAckup Exec System Recovery to take images of our
servers in case of disaster recovery. As part of the restore process the
member server is removed from the domain and then you have to rejoin it
to
the domain when you reintroduce it to the domain environnment.

At this point the old server is no longer on the domain. INstead a
restored
version of the new server exists wit the same SID.

My question is is it a problem to unjoin and then rejoin a member server
to
a domain? Do I have to delete the leftover machine account from the old
server in active directory first?








.

Relevant Pages

  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... Client computer must use STRICTLY the INTERNAL DNS server which can ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Re: Same question, still no answer!!!
    ... Sounds then like we are all paying for a feature set only large companies ... The "proxy server" pc is actually an older box stuffed ... Expectation #1) keep the ethernet more or less as is. ... The kids account would be ...
    (microsoft.public.windowsxp.basics)
  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... This would be on the DNS server 172.20.100.2 ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Sending email to mydomain.com
    ... server will appear as undeliverable. ... This happens because you are using the POP3 connector... ... an NDR when an account doesn't exist). ... >different from the user account names for the exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... Everytime I attempt to login under Basic Authentication, ... IUSR_blah account. ... the anonymous user impersonated by the IIS Server is the ... > Event Viewer Security log. ...
    (microsoft.public.inetserver.iis.security)
Loading