[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2367
  • Last Modified:

Unjoining a workstation from a domain

"Workstation1 "Wkst1" previously belong to a domain "D1". I now want to remove "W1" from "D1" domain to Workgroup "Wrkgrp1" within Windows XP security setup tab.
I tried to unjoin this workstation from Domain D1 by selecting the workgroup option and entered "Wkgrp1"  as the workgroup name.

 I received a dialog box requesting me to "enter a name and  password of an account with permission to remove the workstation from the domain "D1".

As an Administrator, I entered the Adminstrator's name and password which was rejected with an error message:
"The following error occurred attempting to unjoin the domain "D1". The revision level is unknown."

I dont know what else to do, but I still want to unjoin "Wkst1" from "D1" and move "Wkst1" to a new workgroup "Wkgrp1".
What must I do be able to unjoin the domain and move "Wkst1"  to a new workgroup "Wkgrp1" ?.

I do have a bootcd that can reset the Adminstrator's password to blank from a DOS prompt. I will appreciate any other suggestion that would assist me in achieving my desired objective.
0
billcute
Asked:
billcute
  • 12
  • 4
  • 3
  • +2
1 Solution
 
ThePhreakshowCommented:
Sounds to me like a user rights issue.

http://support.microsoft.com/kb/823659
0
 
John HurstBusiness Consultant (Owner)Commented:
It wants the administrator's credentials of the server hosting the Domain. Is that what you entered? Resetting the workstation's administrator password won't help. .... T
0
 
ThePhreakshowCommented:
Make sure when the dialog box pops up for authenticaion when you try and remove it from the domain that you are using a domain administraor account (or one with privlidges to join/disjoin computers). Enter the username in the dialog box as DOMAIN\Username or Username@domain.com
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
billcuteAuthor Commented:
I am sure that I dont have the Domain\Username nor password to supply. Does anyone know of any other backdoor to bypass this dialog box?
0
 
John HurstBusiness Consultant (Owner)Commented:
You can try removing the domain user's profile on the workstation. If there is data there, you may want to try to save it. You may not be able to do this either. .... T
0
 
winthropjCommented:
If you don't have the creds it won't matter but if the creds you supplied were not accepted then the box would have popped back up asking for a different set of creds.

I have seen this where deleting the following reg key and a restart will allow you to disjoin the domain.
<insert MS disclaimer about modifying the registry here. MAKE a BACKUP>
HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC
0
 
billcuteAuthor Commented:
winthropj:
You said:
<insert MS disclaimer about modifying the registry here. MAKE a BACKUP>
HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC

Can you tell me step by step on how to accomplish this?

Regards
Bill
0
 
billcuteAuthor Commented:
winthropj:
You mean running Registry Editor 32 ???
0
 
billcuteAuthor Commented:
Manually delete the relevant registry keys:
Click Start, click Run, type regedit in the Open box, and then click OK to start Registry Editor.
In Registry Editor, locate and then delete the following registry key. Is this correct ?

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\$MACHINE.ACC
0
 
winthropjCommented:
Yup. You may need to change the permissions on it.
0
 
ThePhreakshowCommented:
Right click on the registry key to change the permissions.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Change it to workgroup.  When prompted, ignore it.  Unless there is something wrong with the system, it will just change it from Domain to Workgroup.  (The whole point of entering a user name and password is to remove the account from AD automatically.  (Note: you need LOCAL admin rights to the workstation to do this).
0
 
billcuteAuthor Commented:
leew:
When prompted, ignore it.    '<---- Ignore what? ...and what kind of message prompt to expect?
0
 
billcuteAuthor Commented:
winthropj:
I thought that you said under ID: 23639010
"I have seen this where deleting the following reg key and a restart will allow you to disjoin the domain.
<insert MS disclaimer about modifying the registry here. MAKE a BACKUP>
HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC"

...Now under  ID: 23639089
"You may need to change the permissions on it."

I am now really confused...would you please clarify what should be done here.
0
 
winthropjCommented:
I think he means the username/password prompt.
0
 
billcuteAuthor Commented:
winthropj:
I also thought that the Security folder is a sub directory of SAM as shown below. Correct me if I am wrong.

HKLM\SAM\SECURITY\Policy\Secrets\$MACHINE.ACC
          ~~~~
0
 
winthropjCommented:
No. I don't think it is.
I would try what leew is saying. He's got rank.
Choose the WorkGroup radio button and put in a workgroup name. Workgroup is a good. THen when asked for creds just x out and see if it will drop it to the workgroup without the creds.

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
When you remove an XP machine from the domain, you go to the System Control Panel.  You go to the Computer Name tab.  You click the change button.  You select Workgroup and enter a workgroup name.  Then you click the OK button.  You are then prompted to enter a user name and password to remove it from the domain.  Ignore it.  Or more specifically, click a button.  Cancel... OK... it shouldn't matter.  It will hang for a few seconds... maybe a minute... and may give you an error message that it couldn't remove the computer account from the domain but the computer itself should now be in a workgroup.
0
 
billcuteAuthor Commented:
Thanks. I will try this in the office next week and let you know the outcome.

Regards
Bill
0
 
billcuteAuthor Commented:
leew / winthropj:
Soory to bring this topic back. I was unable to verify the suggestion made by "leew / winthropj" before closing this post. I had the believe that the suggestion would work. However the line below does not exist in WinXP Pro Registry editor.
HKLM\SAM\SECURITY\Policy\Secrets\$MACHINE.ACC

The line that existed is:
HKLM\SAM\SECURITY\default

...and the default value was not set on the registry key editor.

In this case, the problem I described in my original question still exist. Is there a way out of this problem?

Regards
Bill
0
 
billcuteAuthor Commented:
To All Experts:
I requested that the post be re-opened for further assistance and with a view to ensuring that future EE members have the right answer if the thread is visited.

Sorry for your inconveniences.

Regards
Bill
0
 
billcuteAuthor Commented:
To All Experts:
As a gesture of good will I have also increased the points from 250 to 500
0
 
billcuteAuthor Commented:
In light of the above, I have decided to accept suggested link from "ThePhreakshow" because it offers me an opportunity to read more about the User security issues. If I have any additional question I will post it in a new thread.

Regards
Bill
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 12
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now