Recommended Posts

Hi guys

is there a way of adding a windows xp machine to a domain from the AD server running Windows Server 2008 R2 using netdom join workstation /domain:mydomain.local from the command line of the server?

At the moment its failing with a Access is denied.

One thing to bare in mind is that the local machine's admin password has been forgotten. Otherwise I wouldn't be bothering with this. I know there a ways of getting that reset but the PC is thousands of miles away and trying to avoid guiding the end user on how to use ntpasswd.

thanks in advance

Link to comment
https://www.neowin.net/forum/topic/1055884-join-domain-using-netdom/
Share on other sites

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

  On 03/02/2012 at 21:08, TheReasonIFailed said:

So the PC is just sitting there all by it's lonesome? How about having them download and run one of those bootable linux discs that can reset passwords for local accounts?

Edit: it seems that's what ntpasswd is...sorry I'd never heard of that before...

Yep, as a background story, pc got removed from the domain by one of guys who normaly did a bit of support now and then and as luck would have it the documented local password is not working. So what we're saying is without having a workable user account there's nothing that can be done remotely?

If that's the case then I best prepare myself to start guiding the user to try and run through the reset password utility I guess. :/

Hmmmm - its been a while since I have done this.. But yeah I do believe you have to have local admin account get it to join a domain. You can always create the computer account on the domain and setup any account to be able to join the domain from the domain side.. Normally any domain authenticated user can join 10 machines to a domain - unless you have correctly adjusted these permissions.

But to actually join the machine I do believe the account your logged in on the machine has to have local admin rights.. Other wise that would be pretty messed up you could login as guest or something on a machine - join it to a domain you have setup, and since domain admins are give local admin rights on the box that joins the domain you would now have an account on the box with full admin rights. That would be a bit of security issue!

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

"provided you have the admin creds of the machine."

Thats the thing sc302 the way I read it there is NO local admin account he can use.

Now if the machine had been removed from the domain, and had at some point been logged in with domain admin account -- it would still be cached and as long as the machine is not connected to the network with domain access you could log in with domain admin rights account from cache and change the local password.

As to recovery options. If you have SA from microsoft -- you should have access to DART, which you could create a recovery tools disk with.. And you can have him reboot with that CD/DVD and you can remote it and recover/change the local password.

You would think most companies that are licensed would take advantage of the tools MS provides?

http://www.microsoft.../mdop/dart.aspx

  On 03/02/2012 at 22:28, BudMan said:

Walk the user through reset of the local account - the tools are pretty simple any monkey could be walked through the process. Then once the box is joined just remotely change the local admin account. Problem is the fact that your showing the user the way to hack any machine - he could use this new learned skills for evil in the future ;) heheheh

Its not like any 8 year old can not look up this stuff on google in 12 seconds -- its just that users are normally dumber than 8 year olds when it comes to anything to do with a computer! So you hand hold them through learning such a dangerous thing - next thing you know you have all user doing it! Users are like monkeys learning how to use a stick to grab ants out of the ant hill -- they pass that **** on to the next monkey! ;)

My exact fears..

  On 04/02/2012 at 13:28, sc302 said:

If the machine has access to the network and you have admin rights, why not just log onto the machine and join it for him....there are quite a few utilities that allow you to stay logged in at the logon prompt provided you have the admin creds of the machine.

Machine is connected to the network but no admin rights access as the passwords documented does not work for this 1 machine, so login into the actual machine is out. Will just proceed with pass reset on Monday and just move forward with that.

Thanks for all the responses and happy birthday Budman.. :D

Now this might be frown upon - but if you want to try the dart option where you can remote his machine and change the password using a MS tool -- just let me know (pm) and I might be able to send you the tools needed to create the disk :shiftyninja:

But to be honest if your a MS house you should have access to these tools already - I can walk you through how to do it with the remote control option. Its been awhile since I have need to do it. So I would have to verify - but I do believe when you do it he wouldn't actually see you resetting the password. And either way it would be official MS tools - so he might not comprehend that any 8 year old can grab the tools and do this on any box, etc.

^ agreed if they have local admin on the box they are trying to join!

The problem here is the account they are logged into the box with does not have local admin rights - so even if he has an account that has permissions to join the domain. He does not have the permissions to do that on the box he is trying to join.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Sales don’t mean anything at all??? How many copies of FH5 did Microsoft sell on pS5? The number PS5’s impact those sales. What cheating is there on PS? A small amount of users spending money on KVM setups? PC gaming cheating is 1000x worse than any console gaming cheats. Joe user can easily buy full on cheats for PC games with full on easy to use gui’s for the cheats. Those websites brag about how many days they have not been caught. There is nothing like that for console gaming. Apparently you know nothing about nothing.
    • Console game sales still make more money than PC game sales. Both behind mobile game sales. Both Microsoft and Sony are making big money off of the games Microsoft is porting to PS. Those 75 million PS5’s are making an impact. There is a big market for console gaming and only Xbox console sales have suffered. The PS5 is on track to out sell the PS4. Yes Sony is porting their games to PC 18 months on average after they hit the PS5. Most console gamers want nothing to do with PC gaming especially Windows 11.
    • Oooh so that’s why. I was about to say there’s zero financial incentive to stop releasing songs for an EXISTING platform, but now I understand. Pathetic. I was planning on buying this game for VR2, but I guess I’ll just stick with Synth Riders then.
    • WD SSDs still block Windows 11 24H2 download and installs, Microsoft may be guilty too by Sayan Sen Microsoft has been slowly lifting several upgrade blocks for Windows 11 version 24H2, the 2024 feature update for Windows 11. For example, the most recent one was related to browser compatibility, and it was removed last month. This safeguard hold was lifted about a week after the company released the update such that it was available for download to everyone. However, there are still plenty of other compatibility blocks that are still in place. These include ones for Dirac Audio, sprotect SYS driver conflict, among others. Meanwhile, it looks like there is also an upgrade block on certain Western Digital SSDs that prevents them from getting the feature update. While Microsoft, or at least Windows 11, seems to be blocking the upgrade, the issue is not documented on the tech giant's health dashboard website alongside the other entries. The typical "What needs your attention" message box pops up indicating that the WD NMVe SSD in the user's system is the issue. It says: Thus, Windows thinks the WD drive in question is not compatible with the Windows 11 2024 update. As it turns out, the problem, one related to Host Memory Buffer (HMB), has seemingly already been fixed back in October 2024 with a new firmware update. However, Windows does not seem to deliver the correct link to download the update, which means users may still be unable to download Windows 11 24H2 on their PCs. A Reddit user found out that they were able to bypass the block by manually downloading the firmware from the SanDisk official support page for the corresponding drive model. They write: Thus, in case you happen to own such a disk, make sure to head over to the SanDisk Dashboard website here. It provides support for the following models: WD Green, Blue, Red, WD_BLACK, SanDisk SSD PLUS M.2, Extreme M.2, Extreme Pro M.2, Ultra 3D. You can find the instructions for updating firmware at this link. Source: Microsoft forum (link1, link2), Reddit
  • Recent Achievements

    • Week One Done
      Higante88 earned a badge
      Week One Done
    • Conversation Starter
      CarloDuplessis earned a badge
      Conversation Starter
    • First Post
      hhgygy earned a badge
      First Post
    • Collaborator
      WiltshireHam went up a rank
      Collaborator
    • One Month Later
      abhishek123323 earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      719
    2. 2
      ATLien_0
      278
    3. 3
      Michael Scrip
      205
    4. 4
      +FloatingFatMan
      193
    5. 5
      Steven P.
      129
  • Tell a friend

    Love Neowin? Tell a friend!