Can't rejoin server to domain after deleting it from DC
- Disconnect the computer from the network.
- Log in with either a local or cached domain account.
- Make sure you know the password for an enabled local account. You'll need it later, and this will be your last chance to create one or reset a password.
- Change the computer to workgroup. It will ask you for a username and password for a domain admin. Fill in whatever you want; it doesn't matter because it's going to fail anyway because you're not connected to the network.
- Reboot as directed.
- Connect the computer to the network.
- Log in with a local account and join the computer to the domain. A cached domain account won't work. You must log in with a local account.
Related videos on Youtube
Charles Burge
Updated on September 18, 2022Comments
-
Charles Burge almost 2 years
I have a Windows 2012 R2 Server Core machine that I was using for testing. I thought I was done with it, so I deleted the associated object from Active Directory Users and Computers. I didn't touch the machine itself. Now I've decided I want to use the machine for more testing, but I can't get it joined to the domain again. What I've tried so far:
- Boot it while connected to the network, log in with domain account. It says "The security database on the server does not have a computer account for this workstation trust relationship." (That was predictable, but I included it for thoroughness).
Boot it while connected to the network, log in with local admin account
2a. If I just run through the process of joining the domain in sconfig (option 1), it says "The machine is already joined to a domain".
2b. If I try to join a workgroup, it says "Machine is currently joined to a domain. Do you want to remove this computer from the current domain now?" I click yes, and after I give credentials, it says "Failed to join domain."
2c. If I try to rename the computer, it says "Failed to join domain."
- Boot the computer while disconnected from the network. I can then log in with domain credentials. After that I connect it to the network again. I can ping the domain controller, but I still get the same errors detailed above.
In short the computer thinks it's still a member of the domain, but the domain controller has no knowledge of it, and I seem to be stuck in a catch-22. Sure, I could just reinstall Windows from scratch, but there's gotta be a better way.
-
Charles Burge over 7 yearsIt wasn't clear if in step 2 you meant log in with a local account, or a cached domain account. I tried both. In both cases, I get this error after step 4: "The specified domain either does not exist or could not be contacted." Clearing the message just sends me back to sconfig. It does not ask for a workgroup name or prompt a reboot.
-
Charles Burge over 7 yearsI had been using the menu in sconfig. I tried the command just now and it worked. Thanks!