Recommended Posts

Hi guys

is there a way of adding a windows xp machine to a domain from the AD server running Windows Server 2008 R2 using netdom join workstation /domain:mydomain.local from the command line of the server?

At the moment its failing with a Access is denied.

One thing to bare in mind is that the local machine's admin password has been forgotten. Otherwise I wouldn't be bothering with this. I know there a ways of getting that reset but the PC is thousands of miles away and trying to avoid guiding the end user on how to use ntpasswd.

thanks in advance

Link to comment
https://www.neowin.net/forum/topic/1055884-join-domain-using-netdom/
Share on other sites

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

  On 03/02/2012 at 21:08, TheReasonIFailed said:

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

Yep, as a background story, pc got removed from the domain by one of guys who normaly did a bit of support now and then and as luck would have it the documented local password is not working. So what we're saying is without having a workable user account there's nothing that can be done remotely?

If that's the case then I best prepare myself to start guiding the user to try and run through the reset password utility I guess. :/

Hmmmm - its been a while since I have done this.. But yeah I do believe you have to have local admin account get it to join a domain. You can always create the computer account on the domain and setup any account to be able to join the domain from the domain side.. Normally any domain authenticated user can join 10 machines to a domain - unless you have correctly adjusted these permissions.

But to actually join the machine I do believe the account your logged in on the machine has to have local admin rights.. Other wise that would be pretty messed up you could login as guest or something on a machine - join it to a domain you have setup, and since domain admins are give local admin rights on the box that joins the domain you would now have an account on the box with full admin rights. That would be a bit of security issue!

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

"provided you have the admin creds of the machine."

Thats the thing sc302 the way I read it there is NO local admin account he can use.

Now if the machine had been removed from the domain, and had at some point been logged in with domain admin account -- it would still be cached and as long as the machine is not connected to the network with domain access you could log in with domain admin rights account from cache and change the local password.

As to recovery options. If you have SA from microsoft -- you should have access to DART, which you could create a recovery tools disk with.. And you can have him reboot with that CD/DVD and you can remote it and recover/change the local password.

You would think most companies that are licensed would take advantage of the tools MS provides?

http://www.microsoft.../mdop/dart.aspx

  On 03/02/2012 at 22:28, BudMan said:

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

My exact fears..

  On 04/02/2012 at 13:28, sc302 said:

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

Machine is connected to the network but no admin rights access as the passwords documented does not work for this 1 machine, so login into the actual machine is out. Will just proceed with pass reset on Monday and just move forward with that.

Thanks for all the responses and happy birthday Budman.. :D

Now this might be frown upon - but if you want to try the dart option where you can remote his machine and change the password using a MS tool -- just let me know (pm) and I might be able to send you the tools needed to create the disk :shiftyninja:

But to be honest if your a MS house you should have access to these tools already - I can walk you through how to do it with the remote control option. Its been awhile since I have need to do it. So I would have to verify - but I do believe when you do it he wouldn't actually see you resetting the password. And either way it would be official MS tools - so he might not comprehend that any 8 year old can grab the tools and do this on any box, etc.

^ agreed if they have local admin on the box they are trying to join!

The problem here is the account they are logged into the box with does not have local admin rights - so even if he has an account that has permissions to join the domain. He does not have the permissions to do that on the box he is trying to join.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • These SSDs from Crucial, SanDisk, and Western Digital are selling at great prices by Fiza Ali Amazon US is currently offering a wide range of solid‑state drives at attractive prices, covering both internal and portable options to meet diverse storage needs. So, whether you're looking to expand your laptop's storage, speed up your desktop, or carry large files on the move, these discounts make it easier to secure reliable SSD technology without exceeding your budget. The 1TB Crucial BX500 is a 2.5‑inch SATA III solid‑state drive offering a maximum interface speed of 6Gb/s. In terms of performance, the drive achieves sequential read speeds of up to 540MB/s and sequential write speeds of up to 500MB/s. It is rated for an endurance of 360TB total bytes written (TBW). 1TB Crucial BX500 Internal SSD: $56.99 (Amazon US) - 40% off The 2TB Crucial P3 Plus is an NVMe SSD in the M.2 2280 form factor, utilising a PCIe Gen 4 ×4 interface. It delivers sequential read speeds of up to 5,000MB/s and sequential write speeds of up to 4,200MB/s. Rated for 440TBW, it offers durable performance for everyday and professional use alike. 2TB Crucial P3 Plus NVMe SSD: $113.99 (Amazon US) The 4TB Crucial X10 portable SSD features a USB 3.2 Gen 2x2 interface, supporting data transfer speeds of up to 20Gb/s. The drive delivers sequential read speeds of up to 2,100MB/s, making it suitable for tasks such as video editing, file transfers, and system backups. 4TB Crucial X10 Portable SSD: $246.99 (Amazon US) - 38% off The 2TB SanDisk Extreme Portable SSD comes equipped with a USB 3.2 Gen 2 interface (backwards compatible with USB 3.0 and USB 2.0). It delivers sequential read speeds of up to 1 000 MB/s, promising rapid file transfers and game loading times. Designed, tested, and approved for use with PlayStation 5 consoles, this rugged SSD lets you archive and restore game libraries rapidly. It is IP55‑rated for water and dust resistance as well. 2TB SanDisk Extreme Portable SSD: $178.01 (Amazon US) - 26% off The 1TB Western Digital Blue SA510 SSD connects via SATA III (6Gb/s). It delivers sequential read speeds of up to 560MB/s and write speeds up to 520MB/s, with random performance rated at 90,000 IOPS for reads and 82,000 IOPS for writes. Built on WD’s 3D NAND technology, it carries a 400TBW endurance rating and is backed by a five‑year limited warranty. Finally, it operates safely between 0°C and 70°C (–55°C to 85°C when powered down). 1TB Western Digital WD Blue SA510 Internal SSD: $63.17 (Amazon US) - 26% off This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. You can also check out other SSD deals here. For hard disk drives, you can head over to our HDD deals section to see if anything from there matches your requirements. Make sure you also browse through Amazon US, Amazon UK, and Newegg US to find some other great tech deals. As an Amazon Associate, we earn from qualifying purchases.
    • Look at the fingers especially round the cups, you’d think A needs to add the I together
    • There are too many people doing nothing and just cruising at MS because of how the previous culture was (rest and vest).
    • AMD Ryzen AM4 16-core 5900XT processor has never been priced cheaper by Sayan Sen While AMD's newest processor platform with DDR5 and PCIe 5.0 goodness is AM5, the preceding Socket AM4 continues to be a great option for gamers shopping on a lower budget. One of the most powerful AM4 desktop chips, the 16-core Ryzen 9 5900XT, is currently priced at the lowest ever at just $230 (purchase links down below). The Ryzen 7 5900XT is based on the Zen 3 architecture supports DDR4, PCIe Gen4, and offers very good performance in both gaming and productivity. While users may not expect the same level of gaming throughput or latency improvement as the 5800X3D, it is certainly possible that titles that utilize more than 16 threads will favor the 5900XT over the 5800X3D. And the 5900XT has plenty of L3 cache as well at 64 MB. So while not 3D stacked V-cache, it should still be a decent gaming chip. And all that cache as well as cores/threads will be excellent for non-gaming tasks of course. The CPU has a base clock of 3.3 GHz and boosts up to 4.8. It has a TDP of 105 watts so the available power envelope certainly helps with that. It can tolerate temperatures of up to 90 °C and there is no boxed cooler with it. So you need an aftermarket one, ideally a 280 mm or 360 mm AIO liquid cooler or an excellent air cooler. Also since this is a 16-core 105-watt chip, make sure to run it on an AM4 board that has good quality VRM and cooling with lots of power (ideally an X570 motherboard). Another consideration is that it does not have integrated graphics so you need a separate dedicated GPU for display out. Get the AMD Ryzen 9 5900XT at the links below: AMD Ryzen 9 5900XT - No Integrated Graphics Desktop CPU Processor - 100-100001581WOF: $229.99 (Amazon US) || : $279.00 (Newegg US + Corsair 32GB DDR4-3200 RAM) This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
  • Recent Achievements

    • Week One Done
      Wayne Robinson earned a badge
      Week One Done
    • One Month Later
      Karan Khanna earned a badge
      One Month Later
    • Week One Done
      Karan Khanna earned a badge
      Week One Done
    • First Post
      MikeK13 earned a badge
      First Post
    • Week One Done
      OHI Accounting earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      681
    2. 2
      ATLien_0
      275
    3. 3
      Michael Scrip
      207
    4. 4
      +FloatingFatMan
      172
    5. 5
      Steven P.
      143
  • Tell a friend

    Love Neowin? Tell a friend!