When disjoin a computer from the domain the computer account is automatically “Disabled”, we have to delete from the domain before rejoin the same computer back the domain, computer account will only be disabled if you use an account with sufficient permission to remove this computer from the domain (credentials of a user that has “Read and write Account Restrictions’ on the computer object) if you use a local admin account or the credentials of a non privilege, computer will be disjoin from the domain but will not be disabled
You can use repadmin/showmeta command to check the computer account meta, from the useraccountcontrol attribute you can tell which DC disabled the account and at what time the account was disabled. Then you can check corresponding DC and search the security logs for event ID 629 or 646, You will notice the user that disabled the account was the same one used disjoin a computer from the domain If you rejoin the same computer back the domain, then the account should be re-enabled, if the user has the following rights to the computer object:
Computer account is automatically disabled
Validated write to DNS host name
Reset Password
Validated write to service principal name
Read and write Account Restrictions
Ӏt’s truly a great and helpful ρiece of info. I am happy that you just shared this useful informatіon with us.
Please keep us informed like this. Thɑnk
you for sharing.
Truly appreciate your well-written posts. I have certainly picked up valuable insights from your page.