You can but beforehand delete the computer account from active directory then join the new computer to the domain.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
We have a fleet of machines (ec2) joined to an Active directory. Each time, the application is upgraded, we are creating an Image (AMI) baked with this upgraded application.
We wanted to deploy each time a new machine with the same hostname and join it to the Active Directory but we are facing issues.
So here my question : Could we replace a machine attached to a domain by another machine with the same ip and the same hostename?
Before adding my new machine, i'm trying to remove the existing AD Machine Account with this command:
Remove-ADComputer -Identity $ComputerName -Credential $Credential -Confirm:$false -Server "EU-FR-DCXX" -Verbose
but I get this error:
Add-Computer : Computer 'EC2AMAZ-LMCM016' failed to join domain 'eu.corp.xxxxxx.com' from its current workgroup 'WORKGROUP' with following error message: No mapping between
account names and security IDs was done
EDIT:
After executing diefferent commands. The error message changed, so I couldn't log to my machine. I get the following error message :
I fixed it by executing remotely this script :
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
So After resolving the nla error I get another error:
After checking in the AD, there is now an Account for my machine...
I thought, that my unjoining the machine from the AD it will resolve my issue but I was wrong:
Remove-Computer -ComputerName $ComputerName -UnjoinDomainCredential $credential -Force -PassThru
Remove-Computer : Failed to unjoin computer 'WWW-PP-WWW' from domain 'eu.xxxx.xxxx.com' with the following
error message: No mapping between account names and security IDs was done.
After removing the Account with the following command:
Remove-ADComputer -Identity "EUA-PP-TKR410" -Credential $Credential -Confirm:$false -Server EU-FR-DC51 -Verbose
And trying to join the Machine, I still get the error:
Add-Computer : Cannot add computer 'XX-PP-XXXX' to domain 'eu.corp.xxxx.com' because it is already in that domain.
Thanks.
You can but beforehand delete the computer account from active directory then join the new computer to the domain.
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Looks like you're trying to rename the computer twice. Might try what worked here.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/3750581d-ea45-489d-bac7-c8bc1135a126/addcomputer-with-newname-and-joinwithnewname-option?forum=winseverpowershell
--please don't forget to upvote
and Accept as answer
if the reply is helpful--
Hello @Aïssa Farid Daouadji
This is likely because the computer has still stale or orphaned objects in AD. By default AD recycle bin holds deleted objects for 180 days before permanently remove from the system.
You can check if there is still account information in the AD Recycle bin running the next cmdlet:
Get-ADObject -Filter 'isDeleted -eq $true -and Name -like "*DEL:*"' -IncludeDeletedObjects | Remove-ADObject -Confirm:$false
Hope this helps with your query,
-------
--If the reply is helpful, please Upvote and Accept as answer--
Based on the link DSPatrick provided above you should add a sleep 5
(or a longer wait time like 10 (10 seconds)) between line 1 and 2 of your script.
It should look like this than:
Rename-Computer -NewName $ComputerName
sleep 5
Add-Computer -DomainName $DomainName -Credential $Credential -OUPath $OUPath -force -Options JoinWithNewName,AccountCreate -Restart
# Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/3750581d-ea45-489d-bac7-c8bc1135a126/addcomputer-with-newname-and-joinwithnewname-option?forum=winseverpowershell
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten