Rejoining a Domain - oh how I think I am screwed ...

[GCS]

So here is the scoop.

Main data server is running Windows 7 as are all other Workstations including mine.

SBS2008 server in the network for exchange purposes.

All systems are part of a domain XXX.local

We have issues with some software we are running that appears to have a conflict with Windows Firewall. Well none of the machines can disable the firewall for Domains so I researched what to do on the server to correct this .. well I did that (ie turning Windows Firewall off for the network from the SBS2008 machine).

From the rest of my research it was determined I needed to unjoin the domain and the rejoin the domain for this to take effect allowing us to turn off the firewall for domains.


Well I have done this but I CANNOT rejoin the domain at all. I get the error

The join operation was not successfule. This could be because and existing computer account having name XXXXXX was previously created using a different set of credentials. Use a different computer name, or contact your administrator to remove any stale conflicting account. Access Denied


Ok so now I am up a creek and cannot get back into the domain (where I need to be). If I do what is suggested I and delete the account I am concerned that all my settings, email etc and everything will be gone since deleting a user account deletes said items.

So I guess now what do I do.

Greg

 

[Lifted]

1) You don't want to remove then add computers from a Windows domain willy nilly, especially with SBS. SBS automates so many things (trying to make them easier or foolproof) that it can be a bitch to get the SBS admin tools working 100% after going about things in a manner that isn't the SBS way to do things (using SBS tools).

2) Running gpupdate and reboot does the trick when applying new policies to a user or computer. A policy is what disables the firewall on workstations - which you should always do on a LAN if you want to keep your sanity (as you've already found out with that piece of software that started this). Depending on the settings being modified, a reboot may be required for the changes to take effect. A couple (or 3) reboots will do the trick as well since the computer gets the latest policies upon booting, but may require another restart for the policy to kick in (seen this most with software installations).

3) The original computer object may still exist in AD, which you should be able to find pretty easily in SBS. Either the SBS server admin tool or Active Directory Users & Computers will get you there. If it's still there then disable it. Does the computer you're trying to rejoin need the same name? Can you just name the computer AcmeWorkstation07 instead of AcmeWorkstation06? If it NEEDS to be the same name for whatever reason, then your only option is to delete the existing account from AD and you should be good to go. I've never tried removing then rejoining a computer with the same name before, but I can't imagine why the user profiles would vanish. When in doubt, back it up. Clone the HDD as well. You may also want to back any relevant folders on the server if you are using folder redirection as well... not sure what may happen once you rejoin the domain with this new computer and login to the domain with a user that has an existing local profile AND a roaming profile or folder redirection. There's a first time for everything.

The ideal solution would be to try this all first in a lab environment, but that will take a ton of time which I'm sure you don't have.

Good luck, and be safe - BACKUP first - break it second.

 

[theevilsharpie]

Find the computer account in Active Directory Users and Computers and then reset that account.

 

[Lifted]

Find the computer account in Active Directory Users and Computers and then reset that account.

Nice catch. :thumbsup:

Totally forgot about that. I had to did this once or twice 7 or 8 years ago, probably back in XP RTM days.