Sitemap

Amicuk Programming Answers

SCCM 2007 and Active Directory - On-boarding and Off-Boarding Process

-0001-11-30   Views:1

Advertisement

Currently, when a user resigns from our company, we rebuild their computer immediately and provide to another user. From a best practice perspective, should we delete the computername from AD and then rebuild and join to the Domain?  We also have SCC

Currently, when a user resigns from our company, we rebuild their computer immediately and provide to another user.
From a best practice perspective, should we delete the computername from AD and then rebuild and join to the Domain?  We also have SCCM 2007 in place.  Are there other best practices for SCCM 2007 and AD that we should be following for on-boarding
and off-boarding users?  Any suggestions would be greatly appreciated.  :-)

The replay answer
Advertisement
With respect to AD, it will be better to reset the account rather than deleting it. This way the SID is retained and all permissions (for DNS records etc) and AD group memberships will be retained. AD group memberships will be more significant, depending
on whether it is used for SCCM collection definition rules
In SCCM, if the record is not deleted, it will be identified as a known computer and OSD advertisement can be pushed on the client. Ideally task sequence should use same name as the SCCM resource record for naming the newly built computer. In case AD/SCCM
objects are deleted, duplicate records may get created depending on the timing of client registration and AD system discovery cycle. If SCCM client gets installed and registered before next AD system discovery cycle, there shouldn't be any issues.
But if AD discovery cycle runs before client registration, two records will show up in SCCM console and one will be obselete, which has to be deleted manually. This issue can be resolved by adjusting the frequency and schedule of AD system discovery cycle.
My suggestion will be to reset the computer account in AD and retain the SCCM resource in case of machine rebuild scenarios. In case of task sequence not retaining the computer name, custom steps can be added in TS to set variables as required.

Go to See the other 8 answers

SCCM 2007 and Active Directory - On-boarding and Off-Boarding Process

Category:DefaultRelease time:-0001-11-30Views:130

Currently, when a user resigns from our company, we rebuild their computer immediately and provide to another user. From a best practice perspective, should we delete the computername from AD and then rebuild and join to the Domain?  We also have SCC[More]

Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access

Category:DefaultRelease time:-0001-11-30Views:130

Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority General:  Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires A[More]

Active Directory Migration from 2003 to 2012 Process Flow

Category:DefaultRelease time:-0001-11-30Views:130

We are planning to migrate from Windows Server 2003 AD to Windows server 2012 Server for 6000 Users, Can any one suggest  on Following . 1)What is the Best and Safe Way to do Migration 2) What are the Precautions should take, 3) How much downtime it[More]

Active Directory Forests Publishing Status

Category:DefaultRelease time:-0001-11-30Views:130

Hello, I installed SCCM and my active directory Forest has Publishing Status: Insufficient access rights Any idea how I can fix this?  I searched on the internet and can not find it.  Thanks.You need to give your SCCM server computer account in AD pe[More]

SCCM 2007 to 2012 R2 Migration Data Gathering Error

Category:DefaultRelease time:-0001-11-30Views:130

  Hi guys , I am working on SCCM 2007 to 2012 migration and stucked at data gathering process. Following error i am getting while gartering data process.I have made the erroe details bold to easily find. Migmcctrl.log is showing this error:  [Worker][More]

Event ID 91 Could not connect to the Active Directory. Active Directory Certificate Services

Category:DefaultRelease time:-0001-11-30Views:130

Could not connect to the Active Directory.  Active Directory Certificate Services will retry when processing requires Active Directory access. Event ID:      91 Task Category: None Level:         Error Keywords:      Classic User:          SYSTEM Com[More]

Report on Active Directory User Attributes in SCCM 2012

Category:DefaultRelease time:2015-10-11Views:130

I need to output a list of all users in a collection, along with certain user attributes from Active Directory. I can get part of what I need with the following query: SELECT v_FullCollectionMembership.ResourceID, v_R_User.Windows_NT_Domain0, v_R_Use[More]

SCCM report to show last logged on user and the Active Directory department attribute of that user.

Category:DefaultRelease time:2015-10-11Views:130

I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.You problem is here. right join v_R_User USR on USR.ResourceID = CS.ResourceID USR.ResourceID != CS.[More]

Sccm 2012 extent the active directory schema error

Category:DefaultRelease time:-0001-11-30Views:130

Hello I am experiecing an issue when attempting to extend my AD Schema for SCCM 2012 <12-10-2014 20:04:33> Modifying Active Directory Schema - with SMS extensions. <12-10-2014 20:04:33> DS Root:CN=Schema,CN=Configuration,DC=,DC=com <12-10[More]

SCCM 2012 installation without integrating active directory

Category:DefaultRelease time:-0001-11-30Views:130

I will explain my scenario. I have one Active Directory, And different OU for different location, ie for US i have one OU, for UK i have another OU, for Dubai i have one OU. Now we have SCCM installed in US, It has a CAS server under which there are[More]

Migrate Active Directory 2003 to 2012 R2 and Exchange Server 2007 to 2013.

Category:DefaultRelease time:-0001-11-30Views:130

My question is which one need to migration first. Active Directory 2003 to 2012 R2 and FFL & DFL or Exchange Server 2007 to 2013. Md. Ramin HossainMy question is which one need to migration first. Active Directory 2003 to 2012 R2 and FFL & DFL or[More]

Hot
My macbook pro 2011 does not come with a recovery disc or any disc at all, my hard drive recently failed and i have no backup. i have replaced the hard drive but don't know how to install the operating system on the new hard drive.If it originally sh [More]
Hi experts, In order to change alternative account in a principal account, I have to post a lot of open item to zero. After changing the alternative account, I have to reverse this open item and display the original open item. How to post open item b [More]
I'm placing the Web Content Viewer on a custom site for free viewing of all articles in the folio. Is it possible to get a URL of individual articles that be links sent to people? So if there is an email blast, can  there be a URL that will lead a re [More]
I'm having great trouble with iSight recording. When I'm done with the recording, and press "stop", it will not upload the sequence to iMovie. In addition, the picture often freeze or is just black so I have to try many times. Any clue why this [More]
Hi All,    We have given a Search hlep for a parameter  in selection screen of a report,but now we are facing a issue, whlile executing the report user entering the data directly into  field instead of  selecting from F4 help.   Do anyone  know how t [More]
I talked with the computer teck at the bank and she assures me that the problem is not at their end and suggest that I contact Firefox to see why they are blocking this site.You can check who issued that certificate. You can retrieve the certificate [More]
Hi, I have to store a xml file in java cache so that I can resue it .The flow is like this : DAO layer reads database ,create an xml and sends to --> IBM MQ-->our java code should read this xml file over MQ and store it in a cache (preferably hashma [More]
My documents are printing in Asian font. I have HP officejet6310 all in one.   When I go into properties, then advanced, "Download Asian Fonts" is checked, but I'm unable to uncheck. Any ideas?Hi there cobb, To check for any software problems le [More]
The searches for:      o ring and      o-ring Return a different number of results. Should they be the same seeing that "-" is a non searchable character?If character "-" is not included in search characters, is that correct that " [More]
I routinely delete sent mail.  Last week my iPhone 5s shows 429 unread emails in my sent folder, but there aren't any.  How can I fix this problem?Hi there Howard C, You may want to try removing the effected account then adding it back again. Take a [More]