I accidentally deleted a machince account from my AD Server. Now I
can't get the system re-joined.
I logged on lcally to the system as admin, moved it to a workgroup,
which went fine. Now if I join it to the domain again I get an "access
denied" failure.
I tried renaming the machine and rejoining, same failure..
I have a feeling something in the local machine is blocking me from
rejoining, but I am not sure what the issue is really.
Normally such problems are due to DNS issues (usually on
the client computer if others are authenticating/joined properly.)
However, your recent deletion of the computer account does seem
an unlikely coincidence. Advice: Don't overlook what might have
been pre-existing DNS issues.
(NetDiag for non-DCs and DCDiag for each DC are your friends
on this and some other issues.)
How did you do the deletion? We are imagining that you just
right clicked on the computer account in AD Users/Computers
to delete it.
Had you done that and then later recreated an account for the
machine (through the join dialog OR directly in AD Users and
Computers) then we would expect it to rejoin.
Certainly after you have taken the machine out of the domain
(to a workgroup) and rebooted it several times.
Check this: Does the computer account (whatever name you
are not using) exist in AD?
If so the right click and RESET this account and attempt to
join the computer to that account after the reset (you might
need to insert a reboot or two here.)
If not, then create an account for the computer and try again
after checking DNS thoroughly.
Main point for DNS: All internal client computers must
use STRICTLY the internal DNS server (set) which can
resolve all internal names.
Do NOT try to mix "ISP DNS" and internal DNS on the
clients -- that will never work RELIABLY.
