Clone a domain machine, rename the PC, join to the domain error

MrPeachyPenguin

1/3/24, 7:58 PM

I have a question about renaming a computer and joining it to a domain. Quick story.

We are running a machine on our domain"PC01" and we want to clone it, rename it and join it to the domain.

We restored "PC01" to a virtual machine off the domain and renamed the machine to "PC02".
We want PC01 & PC02 running on the same domain. But when I try to
join PC02 to the domain I get the error below.

"The join operation was not successful. This could be because an existing computer account having the name (NAME) was previously created using a different set of credentials. use a different computer name, or contact your administrator to remove any stale conflicting account. The error was: access is denied."

I'm not entirely sure if this is a machine issue, or a domain controller issue. But I can't find the best way to resolve this. Anyone have any ideas?

I've verified that the registry has the correct computer names for the machines. HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName

2254

1 + 1

active-directory

domain

windows-10

Greg Askew

1/4/24, 1:48 PM

`I have a question about renaming a computer and joining it to a domain.` Generally, this should *never* be done. Either wipe it, or run sysprep, which has *always* been required. More information: https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--system-preparation--overview

Score:2

Server

bjoster

1/3/24, 8:08 PM

Windows is using machine IDs (the "SID") to join other security contexts, not (only) the name.

Windows uses SIDs to represent not just machines, but all security principals. Security principals include machines, domain computer accounts, users and security groups. Names are simply user-friendly "representations" for SIDs, allowing you to rename an account and not have to update access control lists (ACLs) that reference the account to reflect the change.

A SID is a variable-length numeric value that consists of a structure revision number, a 48-bit identifier authority value, and a variable number of 32-bit subauthority or relative identifier (RID) values.

The supported way to create a "unique" Windows installation from a clone (or restore) is to prepare the system by running the \Windows\System32\Sysprep\sysprep.exe tool.

This is called "generalizing" the image, because when you boot an image created using this process, Sysprep specializes the installation by generating a new machine SID, triggering plug-and-play hardware detection, resetting the product activation clock, and setting other configuration data like the new computer name.

One upon a time there was a tool namend newsid to "just" update the machine SID, but it has been retired.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Clone a domain machine, rename the PC, join to the domain error

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.