7.7.6 Computer Accounts
You are the administrator for a small company that uses a Windows server to host a single domain. Mary Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use Active Directory Users and Computers and see the screen shown in the image. What can you do to allow Mary to log in?
Enable the computer account.
You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?
Move the computer accounts from their current location to the correct OUs.
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. A user named Mary Merone is working on location in Africa. She called to report that her laptop had failed. The hardware vendor replaced the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. You must ensure that the laptop is joined to the domain immediately, even if it cannot be physically connected to a domain controller. What should you do first?
Prepare the computer to perform an offline domain join by creating an Active Directory account for the computer using the Djoin /provision command. You should prepare the computer to perform an offline domain join by creating an Active Directory account for the computer using the Djoin /provision command. Since the computer cannot be connected to the Active Directory domain, you must perform an offline domain join. To perform an offline domain join, use the following steps: Use the djoin /provision /domain /machine /savefile .txt command to create an Active Directory account for the computer. This command must be run from an elevated command prompt on a computer that current has access to the domain. Copy the .txt file to the computer that will be joining the domain offline. Run the djoin /requestODJ /loadfile .txt /windowspath %SystemRoot% /localos command on the computer being joined to the domain. This command must be run from an elevated command prompt. Reboot the computer joining the domain. After the computer reboots, it will be joined to the domain. You must create the computer account using the Djoin command. You cannot use Active Directory Users and Computers to create the computer account because you need to export the information to the .txt file that will be copied to the new machine. Active Directory Users and Computers can be used to pre-stage computer accounts for computers who will be joined to the domain by contacting a domain controller at the time they are joined. The Djoin /RequestODJ command is used at the computer joining the domain to complete the offline domain join. However, this is not the first step in the process. You would not use the Netsh command to join the domain. Netsh is used to configure networking components from the command line including TCP/IPv4, TCP/IPv6, and the Windows firewall.
You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with Windows. You want the computer account for each new laptop to be added to the Developers OU in Active Directory. You want each programmer to join his or her new laptop to the domain. What should you do?
Prestage the computer accounts in Active Directory. Grant the programmers the rights to join the workstation to the domain.
You are the administrator for a large single-domain network. You have several Windows Server domain controllers and member servers. Your 3,500 client computers are Windows workstations. Today, one of your users has called for help. It seems that his computer is reporting that a trust cannot be established between his Windows computer and the domain controller. He is unable to log on to the domain. You examine the computer's account using Active Directory Users and Computers, and there is nothing obviously wrong. You need to allow this user to log on to the domain. What should you do?
Reset the computer account and rejoin the domain.
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?
Reset the computer account in Active Directory.
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. Which commands should you run?
netdom reset and then netdom join
