Is it possible to have a previously domain connected client computer re-join a Windows domain after a clean re-install of the OS, to assume again it's old identity, all without the explicit say-so of the domain admin?
Does the answer vary depending on which authentication protocol is being used?
Best Answer
No. Domain Admin certainly is not required, but elevated permissions will need to be delegated. The authentication protocol is not relevant.
More permissions are required to re-join a computer than to join a computer due to there are permissions required to modify the existing computer account object. There are two ways to do this: reset the computer account object, or delegate specific permissions to the objects/containers where the computers exist/will be joined/staged.
Additionally, the computer account dynamic dns record is usually orphaned during this process, so the security principal performing the join would also need permission to change the owner of the DNS A record.