Domain issue

[EDL123]

Our network has a policy for moving PC's not seen on the network for a given amount of time into an OU labelled "Inactive Computers" and the machine account disabled.

If the PC remains in this OU for a certain amount of time it is eventually rolled off the network completely (the machine account gets deleted).

We see this with our field techs with laptops who fail to follow policy of connecting the laptop to the domain at least once per month.

So, on occasion we have a field tech with a laptop that he/she is unable to log onto the domain with.

With laptops running Windows XP this isn't an issue if the machine account has been deleted from AD. We just create a new machine account for that PC name and they are back on the network.

Unfortunately, we've run into a problem with Windows 7 machines. Once the machine account has been deleted, recreating it still won't allow the PC onto the network and we have to re-domain it from the PC.

Is there a way to get a Windows 7 PC back on the domain by creating a new machine account without having to get hands on the PC?

 

[kegobeer]

What server OS are you running? I have access to both 2008 and 2008 R2 at work, so I can check into that issue for you.

 

[EDL123]

2008 r2

 

[kegobeer]

I believe this is caused by TTL. In XP, there was no time limit imposed with domain/GPO policies. However, starting with Vista a time limit was associated. There is a finite time allowed before you must leave and rejoin the domain for the SID. There might be a setting in R2 where you can disable TTL so the ID never expires, but I haven't had a chance to look at the different policies in R2.