Поделиться через


Delete a Computer Account

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Membership in Account Operators , Domain Admins , or Enterprise Admins , or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at https://go.microsoft.com/fwlink/?LinkId=83477.

Deleting a computer account

  • Using the Windows interface

  • Using a command line

To delete a computer account using the Windows interface

  1. To open Active Directory Users and Computers, click Start , click Control Panel , double-click Administrative Tools , and then double-click Active Directory Users and Computers .

    To open Active Directory Users and Computers in Windows Server® 2012, click Start , type dsa.msc .

  2. In the console tree, click Computers .

    Where?

    • Active Directory Users and Computers\ domain node \Computers

    Or, click the folder in which the computer is located.

  3. In the details pane, right-click the computer, and then click Delete .

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • If you disjoin a computer from a domain, the computer remains as a disabled account in Active Directory.

  • After a computer account is deleted, all permissions and memberships that are associated with that computer account are permanently deleted. Because the security identifier (SID) for each account is unique, a new computer account with the same name as a previously deleted computer account does not inherit the permissions and memberships of the previously deleted account. To duplicate a deleted computer account, you must recreate all permissions and memberships manually.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start , click Administrative Tools , and then click Active Directory Module for Windows PowerShell .

    To open the Active Directory module in Windows Server 2012, open Server Manager , click Tools and then click Active Directory Module for Windows PowerShell .

    For more information, see Delete a Computer Account (https://go.microsoft.com/fwlink/?LinkId=138386). For more information about Windows PowerShell, see Windows PowerShell (https://go.microsoft.com/fwlink/?LinkID=102372).

Additional references

To delete a computer account using a command line

  1. To open a command prompt, click Start , click Run , type cmd , and then click OK .

    To open a command prompt in Windows Server 2012, click Start , type cmd , and then click OK .

  2. Type the following command, and then press ENTER:

    dsrm computer <ComputerDN>
    
Parameter Description

<ComputerDN>

Specifies the distinguished name of the computer that you want to delete. The distinguished name specifies the directory location.

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

dsrm computer /? 

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • If you disjoin a computer from a domain, the computer remains as a disabled account in Active Directory.

  • After a computer account is deleted, all permissions and memberships that are associated with that computer account are permanently deleted. Because the SID for each account is unique, a new computer account with the same name as a previously deleted computer account does not inherit the permissions and memberships of the previously deleted account. To duplicate a deleted computer account, you must recreate all permissions and memberships manually.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start , click Administrative Tools , and then click Active Directory Module for Windows PowerShell .

    To open the Active Directory module in Windows Server 2012, open Server Manager , click Tools and then click Active Directory Module for Windows PowerShell .

    For more information, see Delete a Computer Account (https://go.microsoft.com/fwlink/?LinkId=138386). For more information about Windows PowerShell, see Windows PowerShell (https://go.microsoft.com/fwlink/?LinkID=102372).

Additional references