Easy way to resurrect numerous AD clients powered off for 2 years?

Question

I have a pair of active directory domains with a one-way trust where I am attempting to revive some servers (~12, so automated steps would be handy but I can manually do everything if necessary) that have been offline for 2+ years.

The good news:

1. The AD servers themselves have been online and appear healthy enough on both domains!
2. Cached credentials seem to be working well enough that I can easily access all servers as an administrator.

The bad news:

1. These servers have been offline for ~2 years. I'm sure they're no longer valid in AD.
2. These servers run a variety of software such as SQL Server, TFS, and some other things.

Additional info:

• I'm not looking to get everything up and running for a long period of time.
• If I can get these up and running for ~1-2 months while we migrate everything away, then I can decommission much of what's here.
• Despite the plan of decommissioning these, I would really like to get some of these up and running in a fully-functional way for this short period of time.
• All server OSes are either Windows Server 2008 or 2008 R2 (I think all are Standard edition). Nearly all are running within Hyper-V, so I have some very convenient backup/restore options as long as AD doesn't catch me doing it.
• My admin credentials are on the domain that both domains trust. I currently am not using any credentials from the "child domain" (I know, incorrect name but I think you understand in this limited situation what I mean).
• Prior to everything going offline, WSUS was setup and running (via SCE 2007). However, that server has a DB that's been corrupted. Instead of trying to recover that, I've just written it off. It appears they used a .reg file to set some keys in HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and in [same]\AU pointing to the WSUS server.

Questions:

1. Clearly I'll need to renew their registrations in AD. Is this best done on the client-side or within AD itself somehow? My question had wrong assumptions. As joeqwerty explains, this is not a problem.
2. If I'm renewing their registrations in AD, are there any special concerns specifically with SQL Server and/or TFS to keep them healthy through the re-registration? (downtime is okay but I don't want to have to reconfigure all of the SQL Server and/or TFS software through this process) My question had wrong assumptions. As joeqwerty explains, this is not a problem.
3. What is the best way to get these ~12 servers to hit Microsoft's servers for Windows Updates instead of the defunct WSUS server?

Thanks for the help!! :-)

Answer 1

Actually you shouldn't need to do anything. As long as the computer accounts still exist in AD, the servers should initiate a machine account password change when they boot up. The machine account password change is initiated by the client, not the domain controller.

If for some reason you have problems (error messages regarding the trust relationship), you can use the netdom.exe command to reset the password and reset the secure channel.