?
Solved

Xp Domain Removal

Posted on 2003-11-18
14
Medium Priority
?
11,648 Views
Last Modified: 2010-02-18
I received this from a fellow technician:
====
I am becoming more aware (and frustrated with) an issue
with XP Pro when trying to remove it from a domain.

The system in question was physically removed from the
domain and not able to be 'removed' by an approved user.  
The system was then moved to a workgroup (without having a
local user account set up prior - a key point I am
learning).  As the domain name was removed and the
workgroup name applied, XP asked for an appropriate
username and password for the domain it was leaving.

I left the username and password blank, clicked ok, and a
few hourglass spins later was welcomed to the workgroup.
XP then prompted for the obligaroty reboot.  No prompts,
no warnings, and sure as heck no "STOP YOU CANNOT DO
THIS".  

What I am finding now is that the user info is still there
in the SAM, but XP is not allowing any login whatsoever.
The majority of accounts are disabled (or are so corrupt
that they are read that way) and I'm stuck...

I simply cannot believe this issue has not been more
common, and/or a fix doesn't exist.  Any thoughts?

-R-

==============

Anyone want to take a crack at it?

FE
0
Comment
Question by:Fatal_Exception
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9773348
I thought I would add something to the above.

Now that I am actually sitting in front of the machine, I have used a LInux password crack to view the user accounts in the SAM database and have found them all disabled.  Very curious.  When I tried to re-enable the user accounts and change the password so I can gain access to the system, it hung and would not initialize the SAM hive.

I am now considering re-installing the OS.  

Thanks,

FE
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9773989
You should be able to boot into safe mode with admin account and
enable the accounts.
0
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9774497
Unfortunately, all accounts had been disabled.  I believe this happened as a result of not properly disconnecting from the domain before adding the box to a workgroup.  Now the passwords DO NOT work, although I was able to re-enable the accounts.  

???????????????????  Am completely dumbfounded by this.    Could the SAM db be hosed?  ARGH!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:spiderfix
ID: 9774893
Boot Windows XP CD
enter to start setup
F8 for the license agreement
R to repair the current installation
run and wait until it reboots and installs devices
shift F10 to open a command prompt
type nusrmgr.cpl press enter (user accounts will open)
select user(s), remove/change passwords
exit command prompt so setup is running again
finish in-place upgrade

This will work like a parallel install
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9774903
I don't really post these kinds of links as a rule but it may
help you with the corrupted SAM...

http://home.eunet.no/~pnordahl/ntpasswd
0
 

Expert Comment

by:Spotted_Horse
ID: 9778912
Being the tech in question, I thought it best to register and throw in my two cents...  Never been on this site before, but I can tell I will be.

spiderfix - The recovery console is asking which installation (only one indicated) to access, and its asking for the Administrator password... which lands us back at square one.

Also, XP has been reinstalled over top of the previous install.  No change.  It's like Kerberos has lost track of where the SAM holds the username/pw info...

Thanks,

-R-
0
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9779519
Spiderfix.  Thanks for the comments.  As you can see, the tech (SH) is wrestling with the problem and will continue to monitor this page for any help.

Anyway, I thought I would post this URL for all those that might be interested.  I thought it was hilarious, and it did help me with some questions I had about DC's and passwords.  (For those that do not know what a command line is, please do not get offended by the authors remarks.)

http://www.jms1.net/nt-unlock.html

FE
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9781870
>>I thought it was hilarious<<
Heh, he has run out of patience there for sure. We all know that
syndrome, you can get to a point where your get frustrated with
clients and their unrelated concerns.

With M$ serving O/Ss when changing from domain to workgroup you have
to run DCPROMO http://support.microsoft.com/default.aspx?kbid=332199
the reason is to avoid problems with the security identifiers. Apparently they
will not be linked to the objects correctly after removing active directory. I
don't know where [and how deep] the linking exists but this is obviously where
your problem lays.

It's a pretty common problem when changing from domain to workgroup, there
are many references to this is google. I can't find any references to any work-arounds
other than serving O/Ss http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498

In the past any probs with logging in are usually cured with the boot disk programs
like Ntpasswd and ERD Commander but it seems these are not helping with your
lost links to the objects. This is probably one of the toughest assistance problems
to help with without sitting in your chair. It may be time to consider slaving the drive
and pulling off the files you need.

Sorry I can't help more, I've read a lot this morning on your prob and I've hit the wall
on this one. Maybe this link I've ran across may spark and idea for you...
http://www2.cajun.net/~theriots/xpsitefolder/win_xp_passwords.htm
0
 

Expert Comment

by:Spotted_Horse
ID: 9787837

Spiderfix - thanks for the effort, but I'm finding out that this is an "undocumented security feature" of unca bill.  The "logic" behind it is that it stops you from taking a machine physically from a workplace and attaching it to you your own workgroup, you naughty naughty hacker.  Those of us who need to do it for legitimate reasons are given a shrug of the shoulders and told we're wrong for assuming something that's worked before will work again.  Or M$ is just lazy and was criminally irresponsible for releasing XP half-baked.  Your choice.

In my mind saying (as every m$ site I've seen says) "You cannot do this."  Is a far cry from "WARNING: IF YOU DO THIS YOU WILL NEVER EVER EVER EVER BE ABLE TO LOG IN AGAIN."

I've been pounding my head against that wall for days...  Did I mention its a DELL that detects when the case was open?  That's another headache - having to tiptoe around a warrantee.  The client's fed up, so the jumpers have been changed, I'm just making one last desperate grab at a solution before I press the button...

M$ needs to lose the "tree-falls-in-the-woods" approach to security and software development.

I guess this problem is all over except the for the griping.  Thanks again.

SH
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9799048
np

Another good reason to have ghost images of the drives.
Onward.

0
 
LVL 14

Accepted Solution

by:
spiderfix earned 375 total points
ID: 9799060
0
 
LVL 40

Author Comment

by:Fatal_Exception
ID: 9799551
ERD Commander looks to be a good investment, eh?  I used a trial version last year, but never got approval to purchase the full version.  Guess I will just have to dig deep and get a copy.

Thanks for all the help Spider.  And since you were the only one to notice our little problem, you get the points.  Look forward to conversing  with you on another thread.

By the way, we finally just installed another HD and the WXP OS, took ownership of the files on the original HD, copied the folders over and ghosted back to the original Drive.   Only took ALLLLLL day.  Hard lessons learned!

FE
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9800575
>>Only took ALLLLLL day<<

You have to take a time-hit every once in awhile.
0
 

Expert Comment

by:mk6032
ID: 13981696
Something similar has happened to me. I put a registry key in our network login script (we're running primarily novell and win98 clients) that would verify/change the computers workgroup, and then point them to the WINS server. Afterwards, I couldn't get into a few XP machines without it telling me the Domain Controller couldn't be verified or something to that effect. I could get past the Novell login, but when it went to hit the windows password it would pop that error message up. Strange thing is, if you left that loigin screen up for about 5 mins, it would just log itself in. I'm not sure why or how, but it does. For future readers of this particular thread, try leaving the screen up for 5-10 mins and see if it'll just log itself in eventually.

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question