Computer accounts—also known as computer objects—represent individual devices (such as desktops, laptops, and servers) that are joined to a Microsoft Active Directory (AD) domain. These objects are stored in the AD database once a machine connects to the domain. Managing computer accounts is essential for applying Group Policy Objects (GPOs), tracking updates via tools like WSUS, and—most importantly—ensuring secure authentication when users log into domain-joined Windows systems.
To manage computer accounts in Active Directory, you must have sufficient privileges—such as Domain Administrator, Account Operator, or properly delegated permissions. Management can be performed either from a domain controller or a client workstation that has the Remote Server Administration Tools (RSAT) installed.
How to Create a Computer Account in AD
Let’s create a computer account using multiple methods. This account can be used to attach a device to it.
Creating Computer Account with ADUC
Run ADUC (dsa.msc).
Go to the OU where you want to store such objects, rightclick on this OU -> New-> Computer:
Or you can do it by clicking on Action -> New -> Computer.
In the New Object – Computer, enter the Computer name and pre-Windows 2000 one according to your naming policy. Choose which group can enter this machine to the domain and click OK.
Run ADAC(dsac.exe), rightclick the domain name, select New->Computer. The Create Computer screen appears where you need to type in Computer name, Computer NetBIOS name, according to your naming policy. Specify OU where you want to store the computer item by clicking on Change… You can also specify which group can enter this computer to a domain and protect it from deletion. Click OK in the end.
Creating Computer Account with Cmd.exe
For this task we need to use dsadd.exe. Use the following command to create a computer object in Active Directory:
Creating Computer Account with PowerShell
Use the following lines of PowerShell code to create a computer account named “WKS033” in office.local domain.
New-ADComputer -Name "WKS033" -sAMAccountName " WKS033" -Path "CN=Computers,DC=office,DC=local"
How to Delete a Computer Account in AD
It is important to delete old computers from your domain to avoid mess in WSUS reports and GPOs application. There are several ways to achieve that.
Deleting Computer Account from AD with ADUC
Run ADUC (dsa.msc).
Go to OU that contains needed computers, from the Action menu, select Find. Type in computername in the Name field and click Find Now… Delete the computer in search results by rightclicking on computer and selecting Delete option.
Click Yes in confirmation window. If you receive the following error afterwards:
Rightclick the computer again, and go to Properties -> Object uncheck the “Protect object from accidental deletion” and perform deletion operation again.
Deleting Computer Account from AD with ADAC
Run ADAC (dsac.exe). Switch the left pane to tree view and find the needed OU, type the name of the computer in the Filter pane and press Enter. Select the computer for deletion in the search results, rightclick it and select Delete. Click Yes to confirm.
If you receive the error message:
Rightclick the computer object -> Properties and uncheck the “Protect from accidental deletion” option.
After that redo the deletion process.
Deleting Computer Account from AD with cmd.exe
For this task we need to use dsrm.exe. Use it with following parameters to delete a computer account, in our case it is WKS033.
Deleting Computer Account from AD with Windows PowerShell
This task is also can be easily done with Powershell, here is the code for deleting a computer account. In our example computer name is WKS033
Remove-ADComputer -Identity "CN=WKS033,CN=Computers,DC=office,DC=local"