Resetting the Active Directory computer object account

In Active Directory, computer objects are derived from user objects. Some attributes associated with a computer object cannot be restored when you restore a deleted computer object unless the attributes were saved through schema changes when the computer object was originally deleted. Because computer object credentials change every 30 days, the credentials from the backup may not match the credentials stored on the actual computer.

When a computer object is restored it is disabled if the userAccountControl property was not preserved in the deleted object.

You must use the Microsoft Active Directory Users and Computers application to reset a computer object.

To reset a computer object's account

  1. Remove the computer from the domain.

  2. Re-join the computer to the domain. The SID for the computer remains the same since it is preserved when a computer object is deleted. However, if the tombstone expired and a new computer object was recreated, the SID will be different.

More Information

Recreating purged ADAM/AD LDS objects