Resetting the Active Directory computer object and the computer object account
In Active Directory, computer objects are derived from user objects. Some attributes that are associated with a computer object cannot be restored when you restore a deleted computer object. The attributes can only be restored if the attributes were saved through schema changes before the computer object was originally deleted. Because computer object credentials change every 30 days, the credentials from the backup may not match the credentials that are stored on the actual computer.
|
Note:
|
To reset a computer object, you must use the Microsoft Active Directory Users and Computers application.
For more information on resetting a computer object, see your Microsoft Active Directory Users and Computers application documentation.
|
If a computer object’s userAccountControl attribute was not preserved before the object was deleted, you must reset the object’s account after you restore the object.
To reset the Active Directory computer object account
-
Remove the computer from the domain.
-
Re-join the computer to the domain. The SID for the computer remains the same since it is preserved when you delete a computer object. However, if the object’s tombstone expires and a new computer object is recreated, the SID is different.
Resetting the Active Directory computer object and the computer object account