We help IT Professionals succeed at work.

forcing a computer into active domain

SnowFlake
SnowFlake asked
on
389 Views
Last Modified: 2010-04-21
It seems that due to changes on our Active directory

I have reached a situation where my computer is not a member of the domain while my user is.
From time to time this causes me login problems.
My machine is an XP professional.

What would be the best way to fix this while minimizing data loss ?


Comment
Watch Question

CERTIFIED EXPERT

Commented:
Hi SnowFlake,

First make sure you know the local administrator password on your PC, so that you don't lock yourself out in the next step.

Remove your PC from the domain (joining a temporary workgroup) and then rejoin the domain.

Before you remove it from the domain though, take note of which profile directory you are using (start, run, cmd, type "set" and press enter, take note of USERPROFILE).

When you rejoin, again check which profile you are using. If it's different, you'll need to copy data back from your old profile in C:\Documents and Settings.

Cheers,
Daniel
Danny ChildIT Manager

Commented:
You will also need to make sure that your domain login has rights to join a workstation to the domain.  

It may help to delete and recreate the **computer** account in ADUC while the PC is not on the domain.  You may also need to wait an hour for replication in AD before joining the domain once it is recreated.
kadadi_vIT Admin
CERTIFIED EXPERT

Commented:
There is no data loss when you reconfigure the desktop cleint into domain ..yes your profile will be changed so take the previous profile backup ( desktop,mails,my documents,favroties...etc) and then rejoin to your new active directory server....and also check the dns address settings if you are using the internal dns server on your network.

and if you donot want to add the dektop then remove your pc from domain and use the workgroup only and acess the network pc using static IP address.


Regards,

V.K.
CERTIFIED EXPERT

Commented:
An option is to use "User Profile Wizard" (http://www.forensit.com/profwiz/index.htm) to keep the old profile with the new account. After you join the domain, run the tool and tell it your user name, the profile to use, and it will assign the profile back to your user account.

Commented:
We have this problem often as we use a standard ghost image which has everything preconfigured, in fact I have just done this on two machines this week.

As above, remove from domain by joining workgroup, reboot. Delete computer account from AD. Re join the domain, rebbot and that is it.

As we use roaming profiles and desktop redirection, as soon as the user logs in to their new PC, all of their desktop, icons, background, shortcuts etc etc are back and they have their PC as it was.

Really cuts down on admin calls and support making me a happy admin as I can have a PC up and running in under an hour.

Author

Commented:
thank you all for your answers so far,
Trying to better understand what I am facing here:
Why am I "supposed" to loose my profile just because I need to re-introduce the computer into the domain?
When my user not remain the same user ? after its a user on the domain not on my local machine.
How comes I can still login to my domain user when my computer failes to login itself (it sais a few times that it can not find a domain controler and then suddenly it accepts my pasword and logs in) ?
Can I and Should I try and convert my user into a raoming one to help keep my settings  (will it even work given that my machine does not seem to connect to the domain) ?

SnowFlake

CERTIFIED EXPERT

Commented:
Hi SnowFlake,

You are correct that your profile shouldn't change. But that's "in theory", sometimes when you are having domain problems you might be given a new profile. 99% of the time you will be fine, keeping your existing profile, but it's best to be safe than sorry - so I recommend checking which profile you are using before removing the PC, and then confirming that your profile hasn't changed after you join the domain again (see my first post about how to check).

When you cannot find a domain controller, and your PC still logs in, there's a possibility that it's logging in by using cached credentials. The PC remembers your password (although in encrypted form) from the last time it successfully logged in to a domain controller, for example if you had a laptop and weren't plugged in to the network, then you could still log in. (you can check whether you are logged in with cached credentials by typing "set logonserver" in a command prompt. If you are logged in to the domain, you'll see the name of the Domain Controller that accepted your password. If you're logged on using cached credentials, you will see the name of your PC)

I wouldn't recommend trying to implement roaming profiles until everything is working correctly.

I'd just take a copy of your profile for backup purposes and give it a go. If you find that the profile is recreated, you can just use the User Profile Wizard tool (see my second post) to reassign the original profile back to your login account.

Cheers,
Daniel

Author

Commented:
o.k.
moving on in trying to understand this stuff.
"set logonserver" returns the name of the DC not my own machine.
so this brings me back to the feeling that the problem is not with my USER account but with the MACHINE account. so that my user IS logged in to the domain while my machine is not.
can this be the case ?  how can I tell ?

regarding the User Profile Wizard tool, what exactly does it do ? does it point the user to use another directory for its profile ? or does it impoert a directory into the users profile ?
I am asking this because currently my Profile is 16G and I don't have space on my C drve to back it up so my only option would be a copy on D and I want to know if later (assuimng trouble) I will have to use the profile from D or will it overwrite that in C ?

thanks for your help so far,
SnowFlake
CERTIFIED EXPERT

Commented:
If you look in the security event logs on the DC, searching for the name of your PC, you should see some logs about whether your PC was successful or not in logging in to the domain. However it's going to be a lot quicker and easier to just remove it from the domain, delete the computer account from Active Directory, and then rejoin.

The User Profile Wizard tool will assign the old profile to your logon account. It does a lot of things in the background, but basically it updates some registry entries (to tell your PC that user "Joe" has the profile "C:\Docs & Settings\Joe"), and makes sure the permissions (on the files in Docs & Settings, and also in the user's registry hive) are correct. The end result is that you are using the exact same profile as you were before - no copies are made.

However, chances are good that you won't need to use the tool, as your profile SHOULDN'T change. Only use this tool if you have problems.

If you do have to use the tool, it might be worth moving some files out of your My Documents folder (assuming that's where most of your 16GB profile is) as the tool may lock up with such a large profile!

Author

Commented:
o.k. - I think I will try it out - hope I won't regret this.
1. move out some data out of my profile
2. log out from my machine.
4. remove my machine from the domain.
3. remove machine account from the domain (via some other machine).
4. add my machine back to the domain.
5. login to my domain using my domain user
   I assume it will now create a new profile directory like myuser0 or similar
6.use the profile wizard to tell it to allow my domain user to use my old profile folder

am I missing anything ?
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
thanks,
took me a while to get to it but it worked great.

(other then a few missed heart bits after assiging the wrong profile on the first time...)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.