|
Home > Archive > 70-216 > January 2003 > Deleting computers from AD
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Deleting computers from AD
|
|
| John Wilson 2003-01-17, 4:34 am |
| If I was to delete computers from a AD OU.
Would it show up again if the computer was rebooted?
If so where??
Thanx... | |
|
| Here is a quote from Microsoft Support:
Delete a Computer Account
Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
In the console tree, click Computers under the domain node, or click the folder in which the computer is located.
In the details pane, right-click the computer, and then click Delete.
Once the computer object is deleted. It is gone. If you need to recover something that has been deleted by accident and Active Directory has already replicated to the other domain controllers, you can do an authoritative restore for the object to get it back. | |
| John Wilson 2003-01-19, 4:09 pm |
| So there is no way for the object to every show up again except for a restore.
What about a rename of the object??
I don't know what objects have been deleted and there is now quick way of finding them because the network has over 4000 pc's. | |
|
| No way that I know of it. That's why you have to be so sure you want to delete an account in AD. Each object is assigned a GUID that stays with it. So if you delete an object and then recreatee it, it will have a different GUID.
MS recommends to disable an account rather than to disable it. The disabled account can be renamed and still have all the permissions/accesses/group memberships as the original account. For instance if Sarah is leaving the company, you want to disable her account immediately to keep her from accessing AD. If you KNOW you will be replacing Sarah, then you can just type the new person's name over her name, change the address and telephone info, and batta boom, batta bing, the newly hired person has all the same security settings as Sarah had.
If you rename the account, all traces of the first name are removed (except on your backups, of course). So if someone went into AD and maliciously renamed or deleted accounts, you have no idea of what they have done unless you activate auditing on the Active Directory. A good administrator will have auditing turned on and audit privileged use, among other things to keep a track of who changed what and when.
If you know that everything was okay at a specific time (say a month ago), you could back up to a DC that was off-line and painstakingly go through the AD accounts/groups/memberships/objects to see if things are the same now. Don't restore to a DC on-line, though, or AD replication will just over write it. Or if you do an authoritative restore, that will over write the current stuff and you don't necessarily want that because you could lose a bunch of stuff and really mess up people. | |
|
| quote:
Originally posted by John Wilson
If I was to delete computers from a AD OU.
Would it show up again if the computer was rebooted?
If so where??
Thanx...
maybe your dns "put" the computers on the AD containers..... delete the computer on the AD and all references to this hosts on the DNS. | |
| jeff_j_black 2003-01-21, 8:39 am |
| I think the question Joh is asking is how to get the deleted computer object back into the directory?
Try moving the computer from domain to workgroup, then join the domain again. The computer objects that have not been manually moved to other OU, should be in the 'Computers' container by default. | |
| John Wilson 2003-01-23, 4:44 am |
| quote:
Originally posted by jeff_j_black
I think the question Joh is asking is how to get the deleted computer object back into the directory?
Try moving the computer from domain to workgroup, then join the domain again. The computer objects that have not been manually moved to other OU, should be in the 'Computers' container by default.
It is what I'm asking but the problem is there is over 100 sites and it isn't possable to know what PC's are missing.
But I know there are some missing but don't know which ones and I don't have enough time to go through them all. |
|
|
|
|