Recommended Posts

Hi guys

is there a way of adding a windows xp machine to a domain from the AD server running Windows Server 2008 R2 using netdom join workstation /domain:mydomain.local from the command line of the server?

At the moment its failing with a Access is denied.

One thing to bare in mind is that the local machine's admin password has been forgotten. Otherwise I wouldn't be bothering with this. I know there a ways of getting that reset but the PC is thousands of miles away and trying to avoid guiding the end user on how to use ntpasswd.

thanks in advance

Link to comment
https://www.neowin.net/forum/topic/1055884-join-domain-using-netdom/
Share on other sites

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

  On 03/02/2012 at 21:08, TheReasonIFailed said:

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

Yep, as a background story, pc got removed from the domain by one of guys who normaly did a bit of support now and then and as luck would have it the documented local password is not working. So what we're saying is without having a workable user account there's nothing that can be done remotely?

If that's the case then I best prepare myself to start guiding the user to try and run through the reset password utility I guess. :/

Hmmmm - its been a while since I have done this.. But yeah I do believe you have to have local admin account get it to join a domain. You can always create the computer account on the domain and setup any account to be able to join the domain from the domain side.. Normally any domain authenticated user can join 10 machines to a domain - unless you have correctly adjusted these permissions.

But to actually join the machine I do believe the account your logged in on the machine has to have local admin rights.. Other wise that would be pretty messed up you could login as guest or something on a machine - join it to a domain you have setup, and since domain admins are give local admin rights on the box that joins the domain you would now have an account on the box with full admin rights. That would be a bit of security issue!

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

"provided you have the admin creds of the machine."

Thats the thing sc302 the way I read it there is NO local admin account he can use.

Now if the machine had been removed from the domain, and had at some point been logged in with domain admin account -- it would still be cached and as long as the machine is not connected to the network with domain access you could log in with domain admin rights account from cache and change the local password.

As to recovery options. If you have SA from microsoft -- you should have access to DART, which you could create a recovery tools disk with.. And you can have him reboot with that CD/DVD and you can remote it and recover/change the local password.

You would think most companies that are licensed would take advantage of the tools MS provides?

http://www.microsoft.../mdop/dart.aspx

  On 03/02/2012 at 22:28, BudMan said:

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

My exact fears..

  On 04/02/2012 at 13:28, sc302 said:

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

Machine is connected to the network but no admin rights access as the passwords documented does not work for this 1 machine, so login into the actual machine is out. Will just proceed with pass reset on Monday and just move forward with that.

Thanks for all the responses and happy birthday Budman.. :D

Now this might be frown upon - but if you want to try the dart option where you can remote his machine and change the password using a MS tool -- just let me know (pm) and I might be able to send you the tools needed to create the disk :shiftyninja:

But to be honest if your a MS house you should have access to these tools already - I can walk you through how to do it with the remote control option. Its been awhile since I have need to do it. So I would have to verify - but I do believe when you do it he wouldn't actually see you resetting the password. And either way it would be official MS tools - so he might not comprehend that any 8 year old can grab the tools and do this on any box, etc.

^ agreed if they have local admin on the box they are trying to join!

The problem here is the account they are logged into the box with does not have local admin rights - so even if he has an account that has permissions to join the domain. He does not have the permissions to do that on the box he is trying to join.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • AMD preps Ryzen 9600X3D for those who want a taste of the fastest gaming CPU for cheap by Sayan Sen AMD desktop processors are available across two platforms: socket AM4 and socket AM5. Both of these sockets are still going pretty strong, and the company is offering deals and discounts for both as it continues to release new SKUs for its older platform. For example, the company launched an affordable X3D processor for AM4 this month with the new 5500X3D. These gaming CPUs from AMD have been a massive success, as both AM4 and AM5 X3D chips are quite popular among gamers, and for good reason, too. They are fast, very fast. The massive chunk of vertical 3D stacked last-level cache (LLC) Level 3 cache helps these processors a ton in scenarios such as gaming. In our Ryzen 9 9950X3D review, we saw that 300+ frames per second are possible depending on the game title. While we did not review the 8-core 9800X3D, it has been found to be even slightly faster than the 9950X3D and is currently the most powerful gaming CPU on the planet. The Ryzen 9 9800X3D is selling these days for around $440-$500, and that may still be out of budget for many users. As such, similar to the 5600X3D, which is a 6-core 5000X3D processor cut down from the 8-core 5800X3D, AMD is planning to launch a hexacore Ryzen 5 9600X3D that will have two cores disabled compared to the 9800X3D. The information has been uncovered from the recent system integrator (SI) graphics driver for the recently launched Radeon AI PRO R9700 discrete GPU. The driver (Windows SI Driver for Radeon AI PRO R9700, Version 25.10.13.01) confirms the existence of 9600X3D as well as a 9600 non-X SKU and several other Ryzen PRO 9000 CPUs. The full list of upcoming CPUs is given below: Ryzen 5 9600X3D Ryzen 5 9600 AMD Ryzen 9 PRO 9945 Ryzen 7 PRO 9745 Ryzen 5 PRO 9645 Ryzen 5 PRO 9400 In terms of specs, the core configuration of the 9600X3D will be identical to the Ryzen 9600X and 9600, barring things like clock speeds. However, the six-core X3D will have a lot more L3 cache at 96 MB vs 32 MB on the 9600X and 9600. There is no information on pricing at the moment. Source: AMD (spotted by Mellodic Warrior on X)
    • With the dwindling number of TV license payers the BBC has to look for alternative avenues for income.
    • Bet they remove some sound card, wifi and bluetooth drivers that are still used today in some prebuilts. Seen some very old drivers still being used for those components. Printers can be bad also with very outdated but still working drivers.
    • If its anything like the TV licence they will send a few men around knocking and a letter every week saying they will take you to court.
    • New leak shows the design of the upcoming Nothing Headphone (1) by David Uzondu We've been hearing about the Nothing Headphone (1) for a while now, and it looks like we finally have our first real look at the headphones. In a new series of images leaked by @nothing_fan_blog on Instagram, the self-proclaimed "official German Nothing Fanpage", we can see Nothing's first over-ear headphones out in the wild. You definitely will not mistake these for anything else on a store shelf. The design has the company's signature see-through aesthetic, with a transparent oval piece on top of a solid rectangular base on the earcups, with three physical buttons for controls. Image via @nothing_fan_blog The headphones are set to launch alongside the Phone (3), which itself is getting rid of the glyph interface that made the company's phones stand out in the first place. It is a bit interesting seeing the new headphones establishing a strong visual identity while the flagship phone abandons its own. There is good news for anyone who values a wired connection for audio quality, as one of the images confirms the presence of a 3.5mm headphone jack. On the other hand, a close-up of the headband shows no visible folding hinges, which could be a minor inconvenience for some people, especially travelers. Image via @nothing_fan_blog As for colors, the leaks reveal both a white and black version. There's reportedly a gray option, but the leaked images did not show that. The more interesting part is the price, which is rumored to come in around $299 in the US and €299 in Europe. This would place the Headphone (1) in a very aggressive position, undercutting top-tier options from Sony and Bose by a significant margin. To compete, they will have to pack in the usual like Active Noise Cancellation. The sound quality also needs to be excellent, so let's hope the previously announced partnership with British audio company KEF works out well. We still don't have other details like battery life or specific driver information. Full details are expected at the official launch event, happening on July 1.
  • Recent Achievements

    • Week One Done
      Crunchy6 earned a badge
      Week One Done
    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
    • Collaborator
      lethalman went up a rank
      Collaborator
    • Week One Done
      Wayne Robinson earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      674
    2. 2
      ATLien_0
      274
    3. 3
      Michael Scrip
      219
    4. 4
      +FloatingFatMan
      170
    5. 5
      Steven P.
      161
  • Tell a friend

    Love Neowin? Tell a friend!