Recommended Posts

Hi guys

is there a way of adding a windows xp machine to a domain from the AD server running Windows Server 2008 R2 using netdom join workstation /domain:mydomain.local from the command line of the server?

At the moment its failing with a Access is denied.

One thing to bare in mind is that the local machine's admin password has been forgotten. Otherwise I wouldn't be bothering with this. I know there a ways of getting that reset but the PC is thousands of miles away and trying to avoid guiding the end user on how to use ntpasswd.

thanks in advance

Link to comment
https://www.neowin.net/forum/topic/1055884-join-domain-using-netdom/
Share on other sites

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

  On 03/02/2012 at 21:08, TheReasonIFailed said:

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

Yep, as a background story, pc got removed from the domain by one of guys who normaly did a bit of support now and then and as luck would have it the documented local password is not working. So what we're saying is without having a workable user account there's nothing that can be done remotely?

If that's the case then I best prepare myself to start guiding the user to try and run through the reset password utility I guess. :/

Hmmmm - its been a while since I have done this.. But yeah I do believe you have to have local admin account get it to join a domain. You can always create the computer account on the domain and setup any account to be able to join the domain from the domain side.. Normally any domain authenticated user can join 10 machines to a domain - unless you have correctly adjusted these permissions.

But to actually join the machine I do believe the account your logged in on the machine has to have local admin rights.. Other wise that would be pretty messed up you could login as guest or something on a machine - join it to a domain you have setup, and since domain admins are give local admin rights on the box that joins the domain you would now have an account on the box with full admin rights. That would be a bit of security issue!

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

"provided you have the admin creds of the machine."

Thats the thing sc302 the way I read it there is NO local admin account he can use.

Now if the machine had been removed from the domain, and had at some point been logged in with domain admin account -- it would still be cached and as long as the machine is not connected to the network with domain access you could log in with domain admin rights account from cache and change the local password.

As to recovery options. If you have SA from microsoft -- you should have access to DART, which you could create a recovery tools disk with.. And you can have him reboot with that CD/DVD and you can remote it and recover/change the local password.

You would think most companies that are licensed would take advantage of the tools MS provides?

http://www.microsoft.../mdop/dart.aspx

  On 03/02/2012 at 22:28, BudMan said:

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

My exact fears..

  On 04/02/2012 at 13:28, sc302 said:

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

Machine is connected to the network but no admin rights access as the passwords documented does not work for this 1 machine, so login into the actual machine is out. Will just proceed with pass reset on Monday and just move forward with that.

Thanks for all the responses and happy birthday Budman.. :D

Now this might be frown upon - but if you want to try the dart option where you can remote his machine and change the password using a MS tool -- just let me know (pm) and I might be able to send you the tools needed to create the disk :shiftyninja:

But to be honest if your a MS house you should have access to these tools already - I can walk you through how to do it with the remote control option. Its been awhile since I have need to do it. So I would have to verify - but I do believe when you do it he wouldn't actually see you resetting the password. And either way it would be official MS tools - so he might not comprehend that any 8 year old can grab the tools and do this on any box, etc.

^ agreed if they have local admin on the box they are trying to join!

The problem here is the account they are logged into the box with does not have local admin rights - so even if he has an account that has permissions to join the domain. He does not have the permissions to do that on the box he is trying to join.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Staged. It's a requirement that vehicles are strapped down to the bed. Usually wheel and/or chassis tie downs are used. That appears to just be on the winch.
    • I feel Apple's big problem is the lack of big data to train any AI LLM model. They have statistics on usage, but they don't have the written social media, messaging (they were early adopters of end-to-end encryption), they didn't scrape the Internet before the book companies and new sources were wise. So they have no choice but to use a third party LLM provider. Which ties them in knots with their own stance on security and privacy. In short, they are royally stuffed when it comes to developing an in-house AI.
    • Nothing is black and white. Democracy can suck, just as communism can. The risk is people who blindly think one is vastly superior over the other. Democracy needs a lot to make it work well, and there are many examples around the world of it. Good education, mandatory voting, accessible voting, and removing money from politics are just a few elements that need to be sorted for a functional democracy. The USA is the playbook on what not to do with democracy.
    • Weekend PC Game Deals: Showcase specials, Timeloop freebies, Resident Evils, and more by Pulasthi Ariyasinghe Weekend PC Game Deals is where the hottest gaming deals from all over the internet are gathered into one place every week for your consumption. So kick back, relax, and hold on to your wallets. The Epic Games Store brought the finale of its Mega Sale mystery giveaways this week, and that involved giving away the Bethesda and Arkane title Deathloop alongside the indie title Ogu and the Secret Forest. Deathloop comes in as a time-loop FPS adventure that puts you into the shoes of an assassin that must take down eight targets in a single day to escape the time travel shenanigans. In usual Arkane fashion, each target can be taken care of in multiple ways, and there are supernatural powers that give the player upgrades like teleportation and telekinesis. There is an invasion mechanic for taking down other players in their campaigns too. As for Ogu and the Secret Forest, it's an indie adventure featuring hand-drawn characters and intricate puzzles. The 2D game involves befriending characters across a fantasy land as baby Ogu, with plenty of exploration elements and boss battles available. The Deathloop and Ogu and the Secret Forest giveaways are available on the Epic Games Store until June 12. On the same day, the store will begin a giveaway for the humorous hospital simulation entry Two Point Hospital. Next, we look at a giveaway happening on the Steam store. Gearbox is only a few months away from releasing Borderlands 4, and to prepare some new fans, Borderlands 2 is free to claim on Steam right now. The four-player cooperative title offers a humorous campaign filled with wacky villains, a massive amount of weapons to loot, and skill trees that let you break the balance entirely. The Borderlands 2 giveaway on Steam is live right now. It's slated to come to an end on June 8 at 10am PT. Since it's a new month, the Humble Choice bundle went through its standard refresh earlier this week, releasing eight more games for subscription holders to add to their library. This time, you can grab Warhammer 40K: Boltgun, Legacy of Kain Soul Reaver 1 and 2 Remastered, Nobody Wants to Die, Dungeons of Hinterberg, Tchia, Sker Ritual, Biped, and Havendock. It will cost you $12 to get all eight games. As a month-long Humble Choice Bundle, though, you can ponder the contents until July 1, when a new selection of games will replace these ones. In the regular bundle space, the Humble Store is also celebrating showcase season with its IGN Live bundle. This carries Slay the Spire, Potion Craft: Alchemist Simulator, and Bloodroots in the starting tier for $10. Next, paying $16 gets you copies of Art of Rally, Old World, and Black Book. Lastly, paying the full $22 for the bundle will add on copies of The Medium and Wartales. The bundle has a two-week counter attached to it, so you have plenty of time to decide on it. Big Deals Alongside plenty of showcase-related sales, massive franchise discounts from 2K, Capcom, Techland, and more are currently available for you to check out. Here are our hand-picked big deals for this weekend: Lies of P – $29.99 on Steam Company of Heroes 3 – $29.99 on Steam Sekiro: Shadows Die Twice - GOTY Edition – $29.99 on Steam Dragon's Dogma 2 – $29.39 on Steam Satisfactory – $27.99 on Steam Diablo IV – $27.49 on Steam Another Crab's Treasure – $20.99 on Steam Resident Evil 4 – $19.99 on Steam Tetris Effect: Connected – $19.99 on Steam Dying Light 2 Stay Human: Reloaded Edition – $19.79 on Steam No Man's Sky – $19.62 on Gamebillet Chained Echoes – $18.74 on Steam Starship Troopers: Terran Command – $17.99 on Steam The Outlast Trials – $15.99 on Steam Tales from the Borderlands – $14.99 on Steam Phasmophobia – $14.99 on Steam Divinity: Original Sin 2 - Definitive Edition – $13.49 on Steam Gotham Knights – $11.99 on Steam Receiver 2 – $9.99 on Steam Resident Evil Village – $9.99 on Steam Goat Simulator 3 – $9.89 on Steam Borderlands Game of the Year Enhanced – $9.89 on Steam The Outer Worlds – $9.89 on Steam Dorfromantik – $9.79 on Steam Turnip Boy Robs a Bank – $9.74 on Steam Ni no Kuni II: Revenant Kingdom – $9.59 on Steam Batman: Arkham Collection – $8.99 on Steam Escape Academy – $8.00 on Steam Resident Evil 7 Biohazard – $7.99 on Steam Inscryption – $7.99 on Steam Devil May Cry 5 – $7.49 on Steam Watch_Dogs 2 – $7.49 on Steam Suicide Squad: Kill the Justice League – $6.99 on Steam Control Ultimate Edition – $5.99 on Steam Injustice 2 Legendary Edition – $5.99 on Steam Manifold Garden – $4.99 on Steam Cultist Simulator – $4.99 on Steam Watch_Dogs – $4.99 on Steam Dragon's Dogma: Dark Arisen – $4.79 on Steam ARK: Survival Evolved – $4.49 on Steam Batman: Arkham Origins – $3.99 on Steam Dying Light – $3.99 on Steam PAYDAY 2 – $3.29 on Steam WRC 9 FIA World Rally Championship – $2.99 on Steam Alan Wake – $2.99 on Steam Borderlands 3 – $2.99 on Steam Among Us – $2.99 on Steam Hitman: Absolution – $1.99 on Steam Borderlands 2 – $0 on Steam Ogu and the Secret Forest – $0 on Epic Store Deathloop – $0 on Epic Store DRM-free Specials The GOG store's latest DRM-free specials for this weekend are touting Atari classics, story-rich games, and much more. Here are some highlights: Atari 50: The Anniversary Celebration - $19.99 on GOG The Thaumaturge - $19.24 on GOG Turok 3: Shadow of Oblivion Remastered - $17.99 on GOG STAR WARS: Dark Forces Remaster - $16.49 on GOG INDIKA - $16.24 on GOG Blood West - $12.49 on GOG Shadowrun Trilogy - $10.07 on GOG Disco Elysium - The Final Cut - $9.99 on GOG Pathologic 2 - $6.99 on GOG Tacoma - $6.59 on GOG Little Nightmares - $4.99 on GOG RollerCoaster Tycoon 3: Complete Edition - $4.99 on GOG Gone Home - $4.94 on GOG Blade Runner - Enhanced Edition - $2.49 on GOG Blood: Fresh Supply - $2.49 on GOG SiN Gold - $1.99 on GOG The Wheel of Time - $1.49 on GOG RollerCoaster Tycoon Deluxe - $1.19 on GOG Pirates! Gold Plus - $1.19 on GOG Sid Meier's Colonization - $1.19 on GOG POSTAL 2 - $0.99 on GOG Keep in mind that availability and pricing for some deals could vary depending on the region. That's it for our pick of this weekend's PC game deals, and hopefully, some of you have enough self-restraint not to keep adding to your ever-growing backlogs. As always, there are an enormous number of other deals ready and waiting all over the interwebs, as well as on services you may already subscribe to if you comb through them, so keep your eyes open for those, and have a great weekend.
  • Recent Achievements

    • First Post
      Mr bot earned a badge
      First Post
    • First Post
      Bkl211 earned a badge
      First Post
    • One Year In
      Mido gaber earned a badge
      One Year In
    • One Year In
      Vladimir Migunov earned a badge
      One Year In
    • Week One Done
      daelos earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      492
    2. 2
      snowy owl
      255
    3. 3
      +FloatingFatMan
      252
    4. 4
      ATLien_0
      224
    5. 5
      +Edouard
      187
  • Tell a friend

    Love Neowin? Tell a friend!