The other day I tried to take an old laptop from one of our auditors to use on an audit.  When the auditor got his new laptop he migrated his entire system partition to the new machine, then renamed the machine on the domain.  This had the effect of updating his domain machine account to the new machine, and essentially killing his old machine's ability to logon to the domain.  This might not be a huge deal, except the old machine was set up to use RSA. 

From my understanding, RSA kills access to local accounts.  So, without being able to login with local accounts or domain accounts (since the machine account was essentially removed), the old laptop was pretty useless.  To work around the authentication issue I had to have the previous owner login to the machine offline (i.e., with it unplugged from the network so cached credentials would be used).  I was then able to enroll one of my fingerprints under the auditor's account to allow me to use his old laptop offline for a few days before doing a full cleanup and rejoining the domain. 

So, the lesson to be learned is, if you are going to migrate an old system to a new system using the same old domain machine account, please go back after the process and cleanup the old machine (remove RSA, rejoin the domain, reinstall RSA) so it will be useful to the next person.