problem with pc on domain

[Ish]

Hi

I deleted a pc from the list of computers in AD.

How can I add the pc back on to the domain?

When I try and logon the pc says The security database on the server does not have a computer account for this workstation trust relationship and won't logon and if I try to logon as a local user on the pc I don't have access rights to remove and add the pc back to the domain. The local admin account is also disabled.

It's a WIn7 desktop pc.

Help!

 

[brendy]

quickest way is to configure the pc back onto a workgroup then reboot and set it back to join the domain (system properties).

 

[Ish]

The problem is when I logon as the local user the options to remove the pc from the domain are greyed out and it says only an administrator can change them.

 

[ChrisD.]

The problem is when I logon as the local user the options to remove the pc from the domain are greyed out and it says only an administrator can change them.

You've answered your own question.

You need to logon as local admin to do this.

 

[Ish]

I can't log on as local admin as the local admin account is disabled. It's like all the GPO's are still active.

is there a way to remove GPO's from the machine if it is no longer on the domain?

 

[smargh]

1. Use something like ntpasswd to enable & reset the local admin account password.

2. Then enable the local admin account & reset the password & set the non-expiry flag on all your other PCs.

 

[PAz]

http://technet.microsoft.com/en-us/library/cc788074(WS.10).aspx

 

[LizardKing]

Create a local user and at it to the administrators group. then you can do what needs to be done

Failing that you can use the following tool to undelete the computer account
http://blogs.microsoft.co.il/blogs/guyt/archive/2007/12/15/adrestore-net-rewrite.aspx

 

[Trojan]

As others have said, reset the local admin account using a utility like Kon-Boot or Active@Password, log on as the local admin, then remove from the domain and re-add.

 

[Ish]

Thanks, I will give the password reset utility a go.

 

[Sin_Chase]

Trinity Rescue Kit can also re-enable and reset a local account.

 

[Ish]

Did the admin password reset, logged in as local admin, removed and added machine back to domain. All working now.

Thanks

 

[MuttsNutts]

Should you really be messing in AD if you can't fix this without posting on here for help.

Log on as local admin if it's disabled then boot to a command promt then whack in
net user administrator /active:yes

boot the PC back into windows normal mode with the NIC cable unplugged this will then fail to process Group Policy so the account will stay enabled, Add PC to a temp workgroup reboot then log on again as local admin plug nic cable in add to domain and reboot, job done in 2 mins

pleanty of other ways to do this too BTW.
The fact the local admin is disabled it good as this is default but the fact that there is not even a second local admin user account that's generic for the whole company this is bad groups policy can control and set this so i don't see why it's not been done.

I always change the local Administrator account name to $admin!!! instead of administrator set the password then disable the account then setup a new local admin account called LocalAdminUser set a password and leave this enabled - all done via Group policy - makse things so much easier if things go wrong with the domain or domain trusts.......

IT support & IT manager roles work best when you look at preventing issues rather than fixing them when they arise

 

[NiCkNaMe]

Should you really be messing in AD if you can't fix this without posting on here for help.

:

I always change the local Administrator account name to $admin!!! instead of administrator set the password then disable the account then setup a new local admin account called LocalAdminUser set a password and leave this enabled - all done via Group policy - makse things so much easier if things go

Thanks for that info - what company do you work for again ?