removing computer account from domain

  • Thread starter Thread starter Peter Bygden
  • Start date Start date
P

Peter Bygden

Hi,
I'm using unattended installation for all workstations and
i have no problem adding a new computer to the W2K domain.
However if we would like to re-install a computer and use
the same name the service account we use for adding
computer needs to be a member of domain administrators.

I have found how to deligate controll to add computers to
domain without the need to be a domain administrator but
how do i configure for rename(remove) a computer account
without the need of beeing an domain administrator?

Is that possible?

Regards
/Peter
 
I have found how to deligate controll to add computers to
domain without the need to be a domain administrator but
how do i configure for rename(remove) a computer account
without the need of beeing an domain administrator?
Click to expand...

In an NT4 domain, there are two poorly documented rules:

- A computer account created by an account operator can only be
deleted by that same account operator or by a domain admin.

- A computer account created by a domain admin can only be deleted by
a domain admin.

I don't know if the same rule apply for AD, but it should be easy to
test once you know what to test for.
 
Back
Top