Solved

Xp Domain Removal

Posted on 2003-11-18
14
11,582 Views
Last Modified: 2010-02-18
I received this from a fellow technician:
====
I am becoming more aware (and frustrated with) an issue
with XP Pro when trying to remove it from a domain.

The system in question was physically removed from the
domain and not able to be 'removed' by an approved user.  
The system was then moved to a workgroup (without having a
local user account set up prior - a key point I am
learning).  As the domain name was removed and the
workgroup name applied, XP asked for an appropriate
username and password for the domain it was leaving.

I left the username and password blank, clicked ok, and a
few hourglass spins later was welcomed to the workgroup.
XP then prompted for the obligaroty reboot.  No prompts,
no warnings, and sure as heck no "STOP YOU CANNOT DO
THIS".  

What I am finding now is that the user info is still there
in the SAM, but XP is not allowing any login whatsoever.
The majority of accounts are disabled (or are so corrupt
that they are read that way) and I'm stuck...

I simply cannot believe this issue has not been more
common, and/or a fix doesn't exist.  Any thoughts?

-R-

==============

Anyone want to take a crack at it?

FE
0
Comment
Question by:Fatal_Exception
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9773348
I thought I would add something to the above.

Now that I am actually sitting in front of the machine, I have used a LInux password crack to view the user accounts in the SAM database and have found them all disabled.  Very curious.  When I tried to re-enable the user accounts and change the password so I can gain access to the system, it hung and would not initialize the SAM hive.

I am now considering re-installing the OS.  

Thanks,

FE
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9773989
You should be able to boot into safe mode with admin account and
enable the accounts.
0
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9774497
Unfortunately, all accounts had been disabled.  I believe this happened as a result of not properly disconnecting from the domain before adding the box to a workgroup.  Now the passwords DO NOT work, although I was able to re-enable the accounts.  

???????????????????  Am completely dumbfounded by this.    Could the SAM db be hosed?  ARGH!
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9774893
Boot Windows XP CD
enter to start setup
F8 for the license agreement
R to repair the current installation
run and wait until it reboots and installs devices
shift F10 to open a command prompt
type nusrmgr.cpl press enter (user accounts will open)
select user(s), remove/change passwords
exit command prompt so setup is running again
finish in-place upgrade

This will work like a parallel install
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9774903
I don't really post these kinds of links as a rule but it may
help you with the corrupted SAM...

http://home.eunet.no/~pnordahl/ntpasswd
0
 

Expert Comment

by:Spotted_Horse
ID: 9778912
Being the tech in question, I thought it best to register and throw in my two cents...  Never been on this site before, but I can tell I will be.

spiderfix - The recovery console is asking which installation (only one indicated) to access, and its asking for the Administrator password... which lands us back at square one.

Also, XP has been reinstalled over top of the previous install.  No change.  It's like Kerberos has lost track of where the SAM holds the username/pw info...

Thanks,

-R-
0
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9779519
Spiderfix.  Thanks for the comments.  As you can see, the tech (SH) is wrestling with the problem and will continue to monitor this page for any help.

Anyway, I thought I would post this URL for all those that might be interested.  I thought it was hilarious, and it did help me with some questions I had about DC's and passwords.  (For those that do not know what a command line is, please do not get offended by the authors remarks.)

http://www.jms1.net/nt-unlock.html

FE
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 14

Expert Comment

by:spiderfix
ID: 9781870
>>I thought it was hilarious<<
Heh, he has run out of patience there for sure. We all know that
syndrome, you can get to a point where your get frustrated with
clients and their unrelated concerns.

With M$ serving O/Ss when changing from domain to workgroup you have
to run DCPROMO http://support.microsoft.com/default.aspx?kbid=332199
the reason is to avoid problems with the security identifiers. Apparently they
will not be linked to the objects correctly after removing active directory. I
don't know where [and how deep] the linking exists but this is obviously where
your problem lays.

It's a pretty common problem when changing from domain to workgroup, there
are many references to this is google. I can't find any references to any work-arounds
other than serving O/Ss http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498

In the past any probs with logging in are usually cured with the boot disk programs
like Ntpasswd and ERD Commander but it seems these are not helping with your
lost links to the objects. This is probably one of the toughest assistance problems
to help with without sitting in your chair. It may be time to consider slaving the drive
and pulling off the files you need.

Sorry I can't help more, I've read a lot this morning on your prob and I've hit the wall
on this one. Maybe this link I've ran across may spark and idea for you...
http://www2.cajun.net/~theriots/xpsitefolder/win_xp_passwords.htm
0
 

Expert Comment

by:Spotted_Horse
ID: 9787837

Spiderfix - thanks for the effort, but I'm finding out that this is an "undocumented security feature" of unca bill.  The "logic" behind it is that it stops you from taking a machine physically from a workplace and attaching it to you your own workgroup, you naughty naughty hacker.  Those of us who need to do it for legitimate reasons are given a shrug of the shoulders and told we're wrong for assuming something that's worked before will work again.  Or M$ is just lazy and was criminally irresponsible for releasing XP half-baked.  Your choice.

In my mind saying (as every m$ site I've seen says) "You cannot do this."  Is a far cry from "WARNING: IF YOU DO THIS YOU WILL NEVER EVER EVER EVER BE ABLE TO LOG IN AGAIN."

I've been pounding my head against that wall for days...  Did I mention its a DELL that detects when the case was open?  That's another headache - having to tiptoe around a warrantee.  The client's fed up, so the jumpers have been changed, I'm just making one last desperate grab at a solution before I press the button...

M$ needs to lose the "tree-falls-in-the-woods" approach to security and software development.

I guess this problem is all over except the for the griping.  Thanks again.

SH
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9799048
np

Another good reason to have ghost images of the drives.
Onward.

0
 
LVL 14

Accepted Solution

by:
spiderfix earned 125 total points
ID: 9799060
0
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9799551
ERD Commander looks to be a good investment, eh?  I used a trial version last year, but never got approval to purchase the full version.  Guess I will just have to dig deep and get a copy.

Thanks for all the help Spider.  And since you were the only one to notice our little problem, you get the points.  Look forward to conversing  with you on another thread.

By the way, we finally just installed another HD and the WXP OS, took ownership of the files on the original HD, copied the folders over and ghosted back to the original Drive.   Only took ALLLLLL day.  Hard lessons learned!

FE
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9800575
>>Only took ALLLLLL day<<

You have to take a time-hit every once in awhile.
0
 

Expert Comment

by:mk6032
ID: 13981696
Something similar has happened to me. I put a registry key in our network login script (we're running primarily novell and win98 clients) that would verify/change the computers workgroup, and then point them to the WINS server. Afterwards, I couldn't get into a few XP machines without it telling me the Domain Controller couldn't be verified or something to that effect. I could get past the Novell login, but when it went to hit the windows password it would pop that error message up. Strange thing is, if you left that loigin screen up for about 5 mins, it would just log itself in. I'm not sure why or how, but it does. For future readers of this particular thread, try leaving the screen up for 5-10 mins and see if it'll just log itself in eventually.

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now