Return
-
Title
Users are able to login after the AD Computer account for the host has been deleted. -
Description
User login after computer object deleted. The computer object was deleted using Active Directory Users and Computer MMC
-
Cause
This is normal behaviour, if the computer account has been removed, users who have a disconnected cache entry will still be able to logon until the cache has expired.
-
Resolution
We recommend doing an /opt/quest/bin/vastool -u <admin> unjoin which will delete the computer object instead of deleting the object through Active Directory Users and Computer.
You could also issue the command /opt/quest/bin/vastool unconfigure which will unconfigure the PAM and NSS files.