Computer Account Management
What is a Computer Account?Located in Active Directory, the Computers container keeps entry records and manages all client machines connected to a server domain environment. Building on from our lesson in Windows Server User Account Management, Launch AD and expand the local domain tree > Select Computers container and notice there are currently no computers listed in the directory as shown below.
Joining Client Workstations to a Domain Server
There are multiple reasons why a network administrator would join a client computer to a domain environment. Central control of resources such as file shares, printers, applications, terminal services and security policies could be easily implemented across the entire network if the client computer is part of a single domain environment.
User account password management, group policy management and varying levels of resource allocations and permissions become easier to manage from a central location with full audit capabilities, provided the client work stations are connected to the domain.
To achieve this in your home lab setting, you will need at least one client operating system like Windows 7 Pro or Windows 10 Pro with a local administrator account. Bear in mind that not all versions of Windows operating system can be part of a domain environment. Windows Home editions for example do not have the capability of joining a domain environment.
The process for joining a Windows 10 Pro computer to a domain is similar to Windows 7 Pro. Log in as admin and access properties of My Computer.
Enter the domain Admin credentials and get a welcome prompt when you have successfully joined the domain. Click to restart the machine and prepare to log in with domain user account for the first time.
In Windows 10, you will have to Click Other User at the bottom left of your log in screen user access.
Finally log back into the domain controller server and notice two computers now appear in the Computer container, confirming the domain joining process has successfully completed.
Computer Lost Trust Relationship with Domain Environment
Sometimes, a user may log a support call with an administrator with an error, the computer has lost trust relationship with the domain environment which prevents a user from logging on.
This is due to the connection between client and server being corrupt and unable to authenticate.
To resolve this, access Active Directory Users and Computers and expand the computer container. Locate the exact computer in question by name and right click then Reset the connection.
You may also want to remove the computer from the domain by switching it to WORKGROUP and rebooting. Make sure a valid local administrator account is available on the workstation as failure to do so may result in total loss of control to that workstation.
After reboot, go through the process of re-joining the untrusted computer back onto the domain and power cycle the machine.
You may now successfully log into the computer using the user domain account credentials.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?