Unjoining a workstation from a domain

"Workstation1 "Wkst1" previously belong to a domain "D1". I now want to remove "W1" from "D1" domain to Workgroup "Wrkgrp1" within Windows XP security setup tab.
I tried to unjoin this workstation from Domain D1 by selecting the workgroup option and entered "Wkgrp1"  as the workgroup name.

 I received a dialog box requesting me to "enter a name and  password of an account with permission to remove the workstation from the domain "D1".

As an Administrator, I entered the Adminstrator's name and password which was rejected with an error message:
"The following error occurred attempting to unjoin the domain "D1". The revision level is unknown."

I dont know what else to do, but I still want to unjoin "Wkst1" from "D1" and move "Wkst1" to a new workgroup "Wkgrp1".
What must I do be able to unjoin the domain and move "Wkst1"  to a new workgroup "Wkgrp1" ?.

I do have a bootcd that can reset the Adminstrator's password to blank from a DOS prompt. I will appreciate any other suggestion that would assist me in achieving my desired objective.
LVL 4
billcuteAsked:
Who is Participating?
 
ThePhreakshowConnect With a Mentor Commented:
Sounds to me like a user rights issue.

http://support.microsoft.com/kb/823659
0
 
JohnBusiness Consultant (Owner)Commented:
It wants the administrator's credentials of the server hosting the Domain. Is that what you entered? Resetting the workstation's administrator password won't help. .... T
0
 
ThePhreakshowCommented:
Make sure when the dialog box pops up for authenticaion when you try and remove it from the domain that you are using a domain administraor account (or one with privlidges to join/disjoin computers). Enter the username in the dialog box as DOMAIN\Username or Username@domain.com
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
billcuteAuthor Commented:
I am sure that I dont have the Domain\Username nor password to supply. Does anyone know of any other backdoor to bypass this dialog box?
0
 
JohnBusiness Consultant (Owner)Commented:
You can try removing the domain user's profile on the workstation. If there is data there, you may want to try to save it. You may not be able to do this either. .... T
0
 
winthropjCommented:
If you don't have the creds it won't matter but if the creds you supplied were not accepted then the box would have popped back up asking for a different set of creds.

I have seen this where deleting the following reg key and a restart will allow you to disjoin the domain.
<insert MS disclaimer about modifying the registry here. MAKE a BACKUP>
HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC
0
 
billcuteAuthor Commented:
winthropj:
You said:
<insert MS disclaimer about modifying the registry here. MAKE a BACKUP>
HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC

Can you tell me step by step on how to accomplish this?

Regards
Bill
0
 
billcuteAuthor Commented:
winthropj:
You mean running Registry Editor 32 ???
0
 
billcuteAuthor Commented:
Manually delete the relevant registry keys:
Click Start, click Run, type regedit in the Open box, and then click OK to start Registry Editor.
In Registry Editor, locate and then delete the following registry key. Is this correct ?

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\$MACHINE.ACC
0
 
winthropjCommented:
Yup. You may need to change the permissions on it.
0
 
ThePhreakshowCommented:
Right click on the registry key to change the permissions.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Change it to workgroup.  When prompted, ignore it.  Unless there is something wrong with the system, it will just change it from Domain to Workgroup.  (The whole point of entering a user name and password is to remove the account from AD automatically.  (Note: you need LOCAL admin rights to the workstation to do this).
0
 
billcuteAuthor Commented:
leew:
When prompted, ignore it.    '<---- Ignore what? ...and what kind of message prompt to expect?
0
 
billcuteAuthor Commented:
winthropj:
I thought that you said under ID: 23639010
"I have seen this where deleting the following reg key and a restart will allow you to disjoin the domain.
<insert MS disclaimer about modifying the registry here. MAKE a BACKUP>
HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC"

...Now under  ID: 23639089
"You may need to change the permissions on it."

I am now really confused...would you please clarify what should be done here.
0
 
winthropjCommented:
I think he means the username/password prompt.
0
 
billcuteAuthor Commented:
winthropj:
I also thought that the Security folder is a sub directory of SAM as shown below. Correct me if I am wrong.

HKLM\SAM\SECURITY\Policy\Secrets\$MACHINE.ACC
          ~~~~
0
 
winthropjCommented:
No. I don't think it is.
I would try what leew is saying. He's got rank.
Choose the WorkGroup radio button and put in a workgroup name. Workgroup is a good. THen when asked for creds just x out and see if it will drop it to the workgroup without the creds.

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
When you remove an XP machine from the domain, you go to the System Control Panel.  You go to the Computer Name tab.  You click the change button.  You select Workgroup and enter a workgroup name.  Then you click the OK button.  You are then prompted to enter a user name and password to remove it from the domain.  Ignore it.  Or more specifically, click a button.  Cancel... OK... it shouldn't matter.  It will hang for a few seconds... maybe a minute... and may give you an error message that it couldn't remove the computer account from the domain but the computer itself should now be in a workgroup.
0
 
billcuteAuthor Commented:
Thanks. I will try this in the office next week and let you know the outcome.

Regards
Bill
0
 
billcuteAuthor Commented:
leew / winthropj:
Soory to bring this topic back. I was unable to verify the suggestion made by "leew / winthropj" before closing this post. I had the believe that the suggestion would work. However the line below does not exist in WinXP Pro Registry editor.
HKLM\SAM\SECURITY\Policy\Secrets\$MACHINE.ACC

The line that existed is:
HKLM\SAM\SECURITY\default

...and the default value was not set on the registry key editor.

In this case, the problem I described in my original question still exist. Is there a way out of this problem?

Regards
Bill
0
 
billcuteAuthor Commented:
To All Experts:
I requested that the post be re-opened for further assistance and with a view to ensuring that future EE members have the right answer if the thread is visited.

Sorry for your inconveniences.

Regards
Bill
0
 
billcuteAuthor Commented:
To All Experts:
As a gesture of good will I have also increased the points from 250 to 500
0
 
billcuteAuthor Commented:
In light of the above, I have decided to accept suggested link from "ThePhreakshow" because it offers me an opportunity to read more about the User security issues. If I have any additional question I will post it in a new thread.

Regards
Bill
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.