An account in the Security Accounts Manager (SAM) database of a Microsoft Windows NT domain controller (or in Active Directory of Windows 2000) that signifies that a particular computer is a part of a Windows NT or Windows 2000 domain.
Windows NT and Windows 2000 domain controllers can store three types of accounts: user accounts, group accounts, and computer accounts.
Computer accounts are used by Windows NT and Windows 2000 to determine whether a particular system that a user is employing to attempt to log on to the network is part of the domain. When the NetLogon service running on a client computer connects to the NetLogon service on a domain controller in order to authenticate a user, the NetLogon services challenge each other to determine whether they both have valid computer accounts. This allows a secure communication channel to be established for logon purposes.
In order for a Windows NT server or workstation to join a domain, the machine must have a computer account created for it in the SAM database. There are two ways to create this account:
On Windows NT, make sure there are no open sessions with the domain’s Primary Domain Controller (PDC) before having a machine join a domain.
Machines running Windows 95 and Windows 98 can participate in domain authentication, but they do not have computer accounts in the domain directory database. This is why the logon box for a Windows 95 or Windows 98 machine has a hard-coded domain name and can log on to only one domain. The logon box for a Windows NT machine, however, has a drop-down list that lets you select which domain you want to log on to, provided there are suitable trust relationships established between domains on the network.
If you reinstall Windows NT or Windows 2000 on a machine, you must delete the old computer account and create a new computer account, even if the machine has the same name as before.