Recommended Posts

Hi guys

is there a way of adding a windows xp machine to a domain from the AD server running Windows Server 2008 R2 using netdom join workstation /domain:mydomain.local from the command line of the server?

At the moment its failing with a Access is denied.

One thing to bare in mind is that the local machine's admin password has been forgotten. Otherwise I wouldn't be bothering with this. I know there a ways of getting that reset but the PC is thousands of miles away and trying to avoid guiding the end user on how to use ntpasswd.

thanks in advance

Link to comment
https://www.neowin.net/forum/topic/1055884-join-domain-using-netdom/
Share on other sites

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

  On 03/02/2012 at 21:08, TheReasonIFailed said:

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

Yep, as a background story, pc got removed from the domain by one of guys who normaly did a bit of support now and then and as luck would have it the documented local password is not working. So what we're saying is without having a workable user account there's nothing that can be done remotely?

If that's the case then I best prepare myself to start guiding the user to try and run through the reset password utility I guess. :/

Hmmmm - its been a while since I have done this.. But yeah I do believe you have to have local admin account get it to join a domain. You can always create the computer account on the domain and setup any account to be able to join the domain from the domain side.. Normally any domain authenticated user can join 10 machines to a domain - unless you have correctly adjusted these permissions.

But to actually join the machine I do believe the account your logged in on the machine has to have local admin rights.. Other wise that would be pretty messed up you could login as guest or something on a machine - join it to a domain you have setup, and since domain admins are give local admin rights on the box that joins the domain you would now have an account on the box with full admin rights. That would be a bit of security issue!

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

"provided you have the admin creds of the machine."

Thats the thing sc302 the way I read it there is NO local admin account he can use.

Now if the machine had been removed from the domain, and had at some point been logged in with domain admin account -- it would still be cached and as long as the machine is not connected to the network with domain access you could log in with domain admin rights account from cache and change the local password.

As to recovery options. If you have SA from microsoft -- you should have access to DART, which you could create a recovery tools disk with.. And you can have him reboot with that CD/DVD and you can remote it and recover/change the local password.

You would think most companies that are licensed would take advantage of the tools MS provides?

http://www.microsoft.../mdop/dart.aspx

  On 03/02/2012 at 22:28, BudMan said:

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

My exact fears..

  On 04/02/2012 at 13:28, sc302 said:

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

Machine is connected to the network but no admin rights access as the passwords documented does not work for this 1 machine, so login into the actual machine is out. Will just proceed with pass reset on Monday and just move forward with that.

Thanks for all the responses and happy birthday Budman.. :D

Now this might be frown upon - but if you want to try the dart option where you can remote his machine and change the password using a MS tool -- just let me know (pm) and I might be able to send you the tools needed to create the disk :shiftyninja:

But to be honest if your a MS house you should have access to these tools already - I can walk you through how to do it with the remote control option. Its been awhile since I have need to do it. So I would have to verify - but I do believe when you do it he wouldn't actually see you resetting the password. And either way it would be official MS tools - so he might not comprehend that any 8 year old can grab the tools and do this on any box, etc.

^ agreed if they have local admin on the box they are trying to join!

The problem here is the account they are logged into the box with does not have local admin rights - so even if he has an account that has permissions to join the domain. He does not have the permissions to do that on the box he is trying to join.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • “which covers most of what people can hears. ” Oh yeah, you really reviewed this AI slop. Neowin should cut out the middleman at this point.
    • £129 in the U.K., that is a fair drop in price and if anyone have a need for one then now is a good time to buy one. But for most people if they have a pretty good router it would be money wasted,, unless they need Wi-Fi 7 and I doubt many will notice any difference even if they have Wi-Fi 7 devices. The 2.5Gb/s lan and Wan could be useful for some people, but why only one 2.5 lan? sure, there is not much around in the 2.5Gb/s line at the moment and a lot of devices like TVs would not benefit by it, but if someone has a couple of computers with 2.5Gb/s lan, they have to buy a switch, so more cost. So a unmanaged one can be picked up for around £50 these days, but that is still extra and electrical another socket and box. I suppose sticking another 2.5Gb LAN on the router would have added a bit of more cost, but not that much. I don't really have much need for a Wi-Fi 7 router, I have an Archer AX53 that does what I need, the one thing I do miss is the USB port that don't seem to be a thing these days on routers, just to stick a small USB drive in for documents, saves booting up the nas.
    • But it is a step in the right direction, and besides you need to understand that this is a technology that is still in the laboratory. We are not even sure if there will be a final product or if the product will be altered over and over again before a final product. Thinking and responding in a positive way would be ideal when responding to this article.
    • I think it is more to do with the wider channels, so more data can be sent at the same time, not about frequencies. No doubt some other things as well.
    • UniGetUI 3.3.0 by Razvan Serea UniGetUI is an application whose main goal is to create an intuitive GUI for the most common CLI package managers for Windows 10 and Windows 11, such as Winget, Scoop and Chocolatey. With UniGetUI, you'll be able to download, install, update and uninstall any software that's published on the supported package managers — and so much more. UniGetUI features Install, update and remove software from your system easily at one click: UniGetUI combines the packages from the most used package managers for windows: WinGet, Chocolatey, Scoop, Pip, Npm and .NET Tool. Discover new packages and filter them to easily find the package you want. View detailed metadata about any package before installing it. Get the direct download URL or the name of the publisher, as well as the size of the download. Easily bulk-install, update or uninstall multiple packages at once selecting multiple packages before performing an operation Automatically update packages, or be notified when updates become available. Skip versions or completely ignore updates in a per-package basis. Manage your available updates at the touch of a button from the Widgets pane or from Dev Home pane with UniGetUI Widgets. The system tray icon will also show the available updates and installed package, to efficiently update a program or remove a package from your system. Easily customize how and where packages are installed. Select different installation options and switches for each package. Install an older version or force to install a 32bit architecture. [But don't worry, those options will be saved for future updates for this package] Share packages with your friends to show them off that program you found. Here is an example: Hey @friend, Check out this program! Export custom lists of packages to then import them to another machine and install those packages with previously-specified, custom installation parameters. Setting up machines or configuring a specific software setup has never been easier. Backup your packages to a local file to easily recover your setup in a matter of seconds when migrating to a new machine UniGetUI 3.3.0 release notes: This release was expected to be 3.2.1, but it incudes more changes than planned, so it has been named 3.3.0 instead. Changelog Added default install options on a per-package-manager level! Added pre/post-install/update/uninstall commands! Added an option to close/kill process(es) before installing/updating/uninstalling a package Added cloud package backup and restore (via GitHub) more info on that here. Added the option to bulk-download installers Added the option to select package manager executable PowerShell7 can now clear older versions when updating to a new one Improvements to InstallOptions dialogs Installer download will properly guess the downloaded file name. Added "Dependencies" field to Package Details. Improvements to WinGet source management Searchbox has been moved to the titiebar, less wasted space Improvements for when window size is less wide Toolbar improvements Improvements on internal error detection and handling YAML and XML can't be created no more (more info on that here: #3860) Lots of bugfixes Other internal improvements Security enhancements Some features (pre/post install commands, command-line arguments, etc.) will be restricted by default. Bundles will also have those features restricted by default. Those features can be enabled with toggles that require an UAC prompt to be modified Bundles will show a security report when potentially dangerous settings are present. Fix some potential command-injection vulnerabilities from custom command-line arguments What's changed Load translations from Tolgee by @martinet101 in #3644 Dynamic JSON [de]serialization by @marticliment in #3679 Bump vedantmgoyal9/winget-releaser from 3e78d7ff0f525445bca5d6a989d31cdca383372e to 19e706d4c9121098010096f9c495a70a7518b30f in the actions-deps group by @dependabot[bot] in #3711 Update Scoop nirsoft bucket URL to ScoopInstaller/Nirsoft by @hboyd2003 in #3719 Per-package-manager and global default installation options by @marticliment in #3685 Further improvements to InstallOptions by @marticliment in #3721 Add toggle to enable/disable insecure settings by @marticliment in #3722 Make 'Pause updates for' submenu item use translation by @szumsky in #3705 Add toggle to enable/disable insecure settings by @marticliment in #3723 Separe Install, update and uninstall custom command-line args by @marticliment in #3748 Warn the user when a bundle contains potentially harmful prefs by @marticliment in #3749 Setting keys will be stored on const strings by @marticliment in #3750 Improve local icon detection code comments by @mrixner in #3767 Pre-install and post-install operations by @marticliment in #3756 Show Version in Update Live Dialog by @mrixner in #3798 Clear older versions of PowerShell7 modules on update by @marticliment in #3810 Allow Executable Selection by @mrixner in #3703 Add dependencies field to Package Details by @marticliment in #3822 Feat/recheck version before update by @theguy000 in #3827 feat: Add Cloud Backup and Restore via GitHub Gists by @theguy000 in #3826 Bundles file size improvements by @marticliment in #3832 Move searchbox to titlebar by @marticliment in #3837 Fix crashes & better error handling by @marticliment in #3859 Improvements to WinGet source management by @marticliment in #3876 Allow the user to force user gsudo via a SecureSetting (fix #3692) by @marticliment in #3877 Improvements to Toolbar by @marticliment in #3882 Download: UniGetUI 3.3.0 | 53.3 MB (Open Source) Links: WingetUI Home Page | GitHub | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • One Month Later
      Ricky Chan earned a badge
      One Month Later
    • First Post
      leoniDAM earned a badge
      First Post
    • Reacting Well
      Ian_ earned a badge
      Reacting Well
    • One Month Later
      Ian_ earned a badge
      One Month Later
    • Dedicated
      MacDaddyAz earned a badge
      Dedicated
  • Popular Contributors

    1. 1
      +primortal
      504
    2. 2
      ATLien_0
      207
    3. 3
      Michael Scrip
      205
    4. 4
      Xenon
      141
    5. 5
      +FloatingFatMan
      116
  • Tell a friend

    Love Neowin? Tell a friend!