Re-Join a Windows Client to a Domain

A customer has a Windows Server 2016 Essentials machine with several Windows 10 clients. As those clients upgrade to Windows 11, the Windows Server Essentials connector sometimes fails to connect. Soon the server itself will be upgraded to Server 2022 or 2025, which does not offer the Essentials Connector.

When you go to the Essentials dashboard and Remove a computer, you may find that is removed from Active Directory as well. The “classic” fix for this is to use the client computer’s GUI to disjoin and rejoin the domain, requiring two reboots. Could that be simplified?

Following tips in this SuperUser answer, I was able to come up with this procedure:

1. Before removing the client computer from the domain controller, make sure you have a local admin account on the computer. (Otherwise you’ll be hacking as explained in the same answer.)

2. On the server, open the Essentials dashboard and remove the computer. Optionally keep backups.

3. On the sever, open Active Directory Users and Computers and see if the computer has been removed. If it has, in the System event log, you’ll soon see NETLOGON event ID 5723, “The session setup from computer ‘MYCLIENTPC’ failed because the security database does not contain a trust account.” At this point, the local computer still thinks it’s on the domain but the account is missing from the server.

4. On the sever, in Active Directory Users and Computers, re-add the computer that was deleted. All you need is the name without the domain; the DNS Name will be filled in by the next step.

5. On the client computer, log in as a local admin. Open PowerShell as an administrator and type:

$credential = Get-Credential and supply domain admin credentials
Test-ComputerSecureChannel -Credential $credential -Repair -Verbose

Rejoin Domain 1

6. Back on the server, in Active Directory Users and Computers, right-click on the re-joined computer and select Properties. The DNS name should now be populated. If not, try logging off and on to the client computer, or maybe rebooting it.

It seems that you don’t even have to reboot the client computer. I was able to log in as a domain user without generating further NETLOGON errors on the server.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.