A computer account is normally reset if the computer has been taken offline and completely reinstalled. Resetting the account allows the (rebuilt) computer to rejoin the domain using the same name. If the computer account is reset whenever the computer has not been reinstalled, the computer cannot authenticate in the domain.
To reset a computer account, right-click the account, and click Reset Account. This command resets the computer account password. The Reset Account command is not available on domain controller accounts: resetting the password for domain controllers using this method is not allowed.
Adding a computer account to a group enables you to assign permissions to all computer accounts in the group, and to filter Group Policy settings on all accounts in the group.
To add computer accounts to groups, select the accounts, right-click the selection, and click Add to a Group. This displays the Select Objects dialog box where you can select the groups to which you want to add the accounts (see Adding user accounts to groups earlier in this document).
You can also add a computer account to groups by modifying the group membership list on the Member Of tab in the Properties dialog box. To display the Properties dialog box, right-click the computer account and click Properties.
The Member Of tab lists the groups to which the computer account belongs, as shown in the following figure. If the Show nested groups check box is selected, the list also includes the groups to which the computer account belongs because of group nesting.
The Temporal Membership Settings button can be used to specify the date and time when the computer should be added or removed from the selected groups. For more information about this feature, see Using temporal group memberships earlier in this document.
Figure 20: Adding computer accounts to groups
On the Member Of tab, you can manage groups directly from the list of groups: right-click a group and use commands on the shortcut menu.
You can add the computer account to groups by clicking Add on the Member Of tab. This displays the Select Objects dialog box, allowing you to select the groups to which you want to add the computer account.
|NOTE: When you select multiple computer accounts, the Member Of tab lists the groups to which all the selected accounts belong. If one of the accounts does not belong to a given group, that group does not appear in the list.|
To add a computer account to a group
- In the console tree, locate and select the folder that contains the computer account.
- In the details pane, right-click the computer account, and then click Add to a Group.
- Use the Select Objects dialog box to locate and select the group to which you want to add the computer account (you can select more than one group to add the account to).
- You can add multiple computer accounts to a group at a time: Select the accounts, right-click the selection, and click Add to a Group. To select multiple accounts, press and hold down CTRL, and then click each account.
- You can also add or remove computer accounts from groups by using the Properties dialog box: Select one or more accounts, right-click the selection, click Properties, and go to the Member Of tab in the Properties dialog box.
- By adding a computer to a group, you can assign permissions to all of the computer accounts in that group and filter Group Policy settings on all accounts in that group.
- You can use the Find function of Active Roles in order to locate the computer accounts you want to add to a certain group. Once you have found the computer accounts, you can proceed as follows: Select the accounts in the list of search results, right-click the selection, and click Add to a Group.
To remove a computer account from groups, right-click the account, click Properties, and go to the Member Of tab. On the Member Of tab, select groups from the list and click Remove.