Discussion:
Joining workstation to domain when computer object with same name already exists there
(too old to reply)
TwistedPair
2006-08-20 21:09:00 UTC
Permalink
All,
I have delegated the right to join computers to a domain to a particular
user group and it works fine. Occasionally however, it becomes necessary
for members of that group to join a computer to the domain with the same
computer name it had before. They get an "access is denied." I checked the
event-viewer and didn't find any errors related to any of this.

Thanks,
-P
Jorge de Almeida Pinto [MVP - DS]
2006-08-20 21:41:29 UTC
Permalink
reset the computer account prior to joining if you reuse the name
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Post by TwistedPair
All,
I have delegated the right to join computers to a domain to a particular
user group and it works fine. Occasionally however, it becomes necessary
for members of that group to join a computer to the domain with the same
computer name it had before. They get an "access is denied." I checked the
event-viewer and didn't find any errors related to any of this.
Thanks,
-P
aa
2006-08-20 22:18:45 UTC
Permalink
did you remove the old computer account from AD before trying to readd
it?
TwistedPair
2006-08-20 23:21:39 UTC
Permalink
Actually I forgot to mention that administrators can do this because they a
specific right somewhere. What right would that be and how can I set it up
on unprivileged accounts?

-P

"Jorge de Almeida Pinto [MVP - DS]"
Post by Jorge de Almeida Pinto [MVP - DS]
reset the computer account prior to joining if you reuse the name
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Post by TwistedPair
All,
I have delegated the right to join computers to a domain to a particular
user group and it works fine. Occasionally however, it becomes necessary
for members of that group to join a computer to the domain with the same
computer name it had before. They get an "access is denied." I checked the
event-viewer and didn't find any errors related to any of this.
Thanks,
-P
Paul Bergson
2006-08-21 12:19:26 UTC
Permalink
My guess is they don't have the right to delete the old computer account.
In order to re-add a name it requires deleting the old account before adding
the new one.
--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by TwistedPair
Actually I forgot to mention that administrators can do this because they
a specific right somewhere. What right would that be and how can I set it
up on unprivileged accounts?
-P
"Jorge de Almeida Pinto [MVP - DS]"
Post by Jorge de Almeida Pinto [MVP - DS]
reset the computer account prior to joining if you reuse the name
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Post by TwistedPair
All,
I have delegated the right to join computers to a domain to a particular
user group and it works fine. Occasionally however, it becomes necessary
for members of that group to join a computer to the domain with the same
computer name it had before. They get an "access is denied." I checked the
event-viewer and didn't find any errors related to any of this.
Thanks,
-P
Paul Williams [MVP]
2006-08-21 18:24:10 UTC
Permalink
Guessing (as there may be one or two little bits that happen under the
covers that I've not mentioned) I'd say they need to be able to reset the
password on the object.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
TwistedPair
2006-08-22 01:25:44 UTC
Permalink
K, I'll check it out and report back.

Thanks!
-P
Post by Paul Williams [MVP]
Guessing (as there may be one or two little bits that happen under the
covers that I've not mentioned) I'd say they need to be able to reset the
password on the object.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Loading...