Recommended Posts

Hi guys

is there a way of adding a windows xp machine to a domain from the AD server running Windows Server 2008 R2 using netdom join workstation /domain:mydomain.local from the command line of the server?

At the moment its failing with a Access is denied.

One thing to bare in mind is that the local machine's admin password has been forgotten. Otherwise I wouldn't be bothering with this. I know there a ways of getting that reset but the PC is thousands of miles away and trying to avoid guiding the end user on how to use ntpasswd.

thanks in advance

Link to comment
https://www.neowin.net/forum/topic/1055884-join-domain-using-netdom/
Share on other sites

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

  On 03/02/2012 at 21:08, TheReasonIFailed said:

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

Yep, as a background story, pc got removed from the domain by one of guys who normaly did a bit of support now and then and as luck would have it the documented local password is not working. So what we're saying is without having a workable user account there's nothing that can be done remotely?

If that's the case then I best prepare myself to start guiding the user to try and run through the reset password utility I guess. :/

Hmmmm - its been a while since I have done this.. But yeah I do believe you have to have local admin account get it to join a domain. You can always create the computer account on the domain and setup any account to be able to join the domain from the domain side.. Normally any domain authenticated user can join 10 machines to a domain - unless you have correctly adjusted these permissions.

But to actually join the machine I do believe the account your logged in on the machine has to have local admin rights.. Other wise that would be pretty messed up you could login as guest or something on a machine - join it to a domain you have setup, and since domain admins are give local admin rights on the box that joins the domain you would now have an account on the box with full admin rights. That would be a bit of security issue!

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

"provided you have the admin creds of the machine."

Thats the thing sc302 the way I read it there is NO local admin account he can use.

Now if the machine had been removed from the domain, and had at some point been logged in with domain admin account -- it would still be cached and as long as the machine is not connected to the network with domain access you could log in with domain admin rights account from cache and change the local password.

As to recovery options. If you have SA from microsoft -- you should have access to DART, which you could create a recovery tools disk with.. And you can have him reboot with that CD/DVD and you can remote it and recover/change the local password.

You would think most companies that are licensed would take advantage of the tools MS provides?

http://www.microsoft.../mdop/dart.aspx

  On 03/02/2012 at 22:28, BudMan said:

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

My exact fears..

  On 04/02/2012 at 13:28, sc302 said:

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

Machine is connected to the network but no admin rights access as the passwords documented does not work for this 1 machine, so login into the actual machine is out. Will just proceed with pass reset on Monday and just move forward with that.

Thanks for all the responses and happy birthday Budman.. :D

Now this might be frown upon - but if you want to try the dart option where you can remote his machine and change the password using a MS tool -- just let me know (pm) and I might be able to send you the tools needed to create the disk :shiftyninja:

But to be honest if your a MS house you should have access to these tools already - I can walk you through how to do it with the remote control option. Its been awhile since I have need to do it. So I would have to verify - but I do believe when you do it he wouldn't actually see you resetting the password. And either way it would be official MS tools - so he might not comprehend that any 8 year old can grab the tools and do this on any box, etc.

^ agreed if they have local admin on the box they are trying to join!

The problem here is the account they are logged into the box with does not have local admin rights - so even if he has an account that has permissions to join the domain. He does not have the permissions to do that on the box he is trying to join.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • VR is dead on the PS at this rate, sales just aren't there. Way more VR push on the PC, even Sony knows this and that's why they added PC support to the PSVR.
    • Borderlands series, Rematch, Broken Arrow, and more get Nvidia GeForce NOW support by Pulasthi Ariyasinghe Another Nvidia GeForce NOW games update has arrived, meaning subscribers now have even more games to jump into via the cloud if they own a copy. The latest wave touts 13 more games, and that includes the Borderlands franchise from Gearbox, Remedy's brand-new cooperative shooter FBC: Firebreak, and more. With the fourth entry now on the way, for those who have yet to jump into Gearbox's wacky looter shooter universe, Borderlands, Borderlands 2, Borderlands 3, and even Borderlands: The Pre-Sequel are now a part of GeForce NOW. The Sifu developer's rule-less soccer experience, Rematch, has also been released to standard edition owners today. With the latest update, for owners of the game or PC Game Pass subscribers, it is also accessible via the cloud on GeForce NOW. Here are the games announced for the program this week: REMATCH (New release on Steam, Xbox, available on PC Game Pass, June 16) Broken Arrow (New release on Steam, June 19) Crime Simulator (New release on Steam, June 17) Date Everything! (New release on Steam, June 17) FBC: Firebreak (New release on Steam, Xbox, available on PC Game Pass, June 17) Lost in Random: The Eternal Die (New release on Steam, Xbox, available on PC Game Pass, June 17) Architect Life: A House Design Simulator (New release on Steam, June 19) Borderlands Game of the Year Enhanced (Steam) Borderlands 2 (Steam, Epic Games Store) Borderlands 3 (Steam, Epic Games Store) Borderlands: The Pre-Sequel (Steam, Epic Games Store) METAL EDEN Demo (Steam) Torque Drift 2 (Epic Games Store) As always though, keep in mind that unlike subscription services like Game Pass, a copy of a game must be owned by the GeForce NOW member (or at least have a license via PC Game Pass) to start playing via Nvidia's cloud servers.
    • WHAT? First of all, Azure, literally, runs on THE LINUX KERNEL. I know, right? Windows is easier to develop drivers? This must be the joke of the century! Developing drivers on Linux, you can interact with low level implementation straight to the core. You can build and test them with standard tools like GCC and Make, no need for a full blown IDE or SDKs, only a kernel header and a Makefile. You can load/unload drivers dynamically, without rebooting, which makes debugging MUCH easier. You don't need to sign drivers, unlike Windows, even for local testing. And a ton of other conveniences. "There is no way a Linux distribution can compete against Windows". Literally, SteamOS competes against Windows on handhelds, playing games WRITTEN for Windows, BETTER than Windows. "DirectX is the most powerful API"? Really? Vulkan provides more low level control, less overhead, scales better with more threads, it's cross platform and extensible. How, exactly, is "DirectX the most powerful API"?
    • It's easier for the console market to pull in more revenue when they're prices are higher compared to the PC where games often come out cheaper than their console versions or go on sale quicker. Having said that, I'm not going to be paying $70 or $80 for a game, regardless of the platform it's on. Revenue aside, because raising prices on consoles skew things when the prices on the PC often stay around the same levels, it's been shown that the PC market is growing while the console market is overall flat. PC will pass consoles soon dropping them into 3rd place. And the PS5 being on track to pass the PS4 doesn't say much, if the console market was actually still growing Sony would've passed the PS2 as it's best selling console with the PS3, and the PS4 would've outsold both and so on. That's not happening. It took Nintendo to release a totally different hybrid system with the Switch to inject some new life into the "console" market. Even then it's pushed as a handheld first and the majority who buy it do so because it's portable and at a good price.
    • As with the rest of the misleading statement you made about SteamOS "limitations", you are wrong again. No, the XBOX does NOT run "slimmed down and modified Windows". It runs a HEAVILY modified version of the Hyper-V hypervisor, called "Nanovisor" and 2 VM partitions. One for games, one for the apps. It is NOT Windows, it can NOT run Windows games and its DirectX components are NOT the same as for Windows, they are customized for XBOX.
  • Recent Achievements

    • First Post
      MikeK13 earned a badge
      First Post
    • One Month Later
      OHI Accounting earned a badge
      One Month Later
    • Week One Done
      OHI Accounting earned a badge
      Week One Done
    • First Post
      Thornskade earned a badge
      First Post
    • Week One Done
      Higante88 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      717
    2. 2
      ATLien_0
      273
    3. 3
      Michael Scrip
      203
    4. 4
      +FloatingFatMan
      182
    5. 5
      Steven P.
      128
  • Tell a friend

    Love Neowin? Tell a friend!