In working a lot recently with Windows Server 2016 Core in a lab environment, I ran into an issue after rolling back a snapshot on a Hyper-V Server Core install. The snapshot rollback of course broke the computer account/domain relationship with the Windows Server 2016 Server Core install. However, I thought I would simply be able to disjoin the domain and rejoin to reset the computer account. When attempting to do that, I received the error with Windows Server 2016 Server Core the machine is already joined to the domain.
Windows Server 2016 Server Core the machine is already joined to the domain
The problem as well as that I couldn’t even back the Server Core install off to a Workgroup either. It still tries to hit the domain when joining a workgroup. Any domain join/disjoin action leads to the the machine is already joined to the domain error. Part of my issue was the snapshot of the Hyper-V Server Core host was of a different computer name – the default, automatically generated computer name.
As you can see below, the orphaned computer account, H2, is there, however, communication with the domain is broken AND the rolled back snapshot is of a different name.
Let’s see if with some Posh Kung Fu, we can force the removal of the computer from the domain. Using the script below, still ran into the issue of it knowing the current computer name was different than the domain account.
remove-computer -computername "H2","localhost" -unjoindomaincredential TESTLAB\administrator -Workgroup "WORKGROUP" -Restart -Force
Ok, so let’s try to use the current autogenerated name and see what happens. This time we receive a different error because the current computer name cannot be mapped to a computer account in the domain. So are we stuck?
Let’s see what happens when I simply create a shell computer account of the same name – WIN-NOSNEUISPF1 in the domain and then try the disjoin.
So, now we have the account created.
Now, I am going to use the same remove-computer commandlet and also specifying the autogenerated computer name now that we have a dummy computer account in AD.
Amazingly, just simply creating a computer account that it could see with the same name allowed us to disjoin the domain.
If you run into the error with Windows Server 2016 Server Core the machine is already joined to the domain, then most likely you can simply stage a computer account in the domain to reflect what the Windows Server 2016 Server Core thinks the name should be, and then you can disjoin the computer from the domain and then rejoin. This was quite a lot of grief just to resync with the domain but this simple computer account trick seems to work like a charm.