I had my win server 2016 crash and was not able to recover.
So i set up the sever again. with the same domain.
I added the same user, but i’m wondering how i can re-join my account on my laptop to the domain.
For the laptop it self i re-join it by using a local account on the laptop to remove the laptop from the domain and rejoin it.
But with i login with my username/password, a new environment is created and i cannot us the old one any more.
I tried this on a test pc.
If i don’t remove the laptop from the domain, i get the message there i no trusted relation whit this pc. And cannot log in with my old account.
if i take the laptop offline, i can login an use my old account.
But there has to be away to re-join my old account i should think.
Could some one help me to re-join?
I don’t want to setup my complete environment, love to hear if /how to do this.
There’s probably a way to set the trust relationship with the computer. My only knowledge of AD comes from Samba so I don’t know how you would go about doing this. Alternatively, is there a way you can copy the contents of the old user into the new user? Or by editing registry to use the old user for the new domain?
Editing the registry is not something i’m comfortable with.
And yes i could copy past, but all the program will have to be re-installed or started en logged in or set variable or what.
That’s what i would like to prevent.
I like my working environment like it is.
Those would be on the laptop, but thinking about it I think I may have been wrong. Your problem is less the computer account SID not matching, and more that the recreated user account SID does not match the account still on your laptop. In theory an authoritive restore of the user account is what you need.
It’s not possible. Active Directory identifies its objects by ID. When you build another domain and users those might have the same name but in truth are totally different objects from the perspective of both the server and the clients.
What you should be looking at are tools to migrate the profiles from the old domain to the new domain. I think Windows Easy Transfer can do that but I’m not sure if Windows 10 is supported.
As for a way to prevent this from happening in the future you should had at least 2 AD servers.
I’m definitely not a pro at AD stuff, but I’ve had to fix a couple broken trust relationships at work. I work helpdesk at a medium size company.
Remove computer from domain via changing to workgroup, slightly rename computer. Reboot.
While computer rebooting, remove computer from container in AD. Sounds like you have a fresh AD controller, so maybe this step isn’t required? I’d check anyway.
Add the computer back to the domain, keeping it slightly renamed.
Move computer to correct container in AD controller.
Rename computer back to what you want. It should auto update in the controller.
Just quoting to underline the point.
If your PC looses trust to the Domain, or you reinstall the Domain Controller, you can rejoin your PC. But this will always create a new AD Object for you PC.
“Rejoining” a User is not possible, as it doesn’t exist outside of the Domain Controller (a PC is a physically existing thing, an account is not). Everything thats text or strings about an Account is irrelevant to you Domain Controller. Everything is identified by an SID. But the way for PCs and Accounts are different.
With PCs, your PC announces itself to the Domain Controller and then gets added. An account is announced by the Domain Controller and gets pushed to your PC on login. That’s why a PC can be added again (as it basically creates itself in AD) and an Account can not.