albevier
asked on
rejoin all computers to domain
Somehow I managed to delete from AD all of the computers on a 2008 R2 domain.
I added the computers back into the AD manually but the users now get the message that there is no computer account for the computer they are using.
What is the easiest way to re-establish the ability of users to login? Can I somewhere disable the need for a PC to be part of the domain in order for it to be used to login?
Al
I added the computers back into the AD manually but the users now get the message that there is no computer account for the computer they are using.
What is the easiest way to re-establish the ability of users to login? Can I somewhere disable the need for a PC to be part of the domain in order for it to be used to login?
Al
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
By default users can add 10 machines to the domain. If you haven't changed that (many places have). You could send instructions and let people know how to join their machines to the domain.
I'm thinking maybe they can access the instructions via mail/OWA (if available). How did every computer get deleted?
Thanks
Mike
I'm thinking maybe they can access the instructions via mail/OWA (if available). How did every computer get deleted?
Thanks
Mike
Do you have any backups of the system state? You can restore the system state and that will put all your user/computer objects back on the server.
ASKER
The site lost power last night so the system state did not get backed up and I've been working full days on the AD so it would take less time to visit each workstation than to re-do all of the changes I've done to AD. (this was migration from 2003 to 2008 as well as to using RDS as well as actually attempting to lockdown not just RDS but the desktops as well so lots of AD changes and GPOs).
I have found that the AD Recycle was active so I can restore from there but that requires a learning curve (first try on a single PC did nothing so back to the manuals).
PROBLEM
If I have to visit each workstation, I have found that a local user was not created -- only the local users Administrator and Guest exist and their accounts are disabled. The Win 7 PCs will not allow me to login to the domain and I have no account available with which to login to the local PC
Is there a solution to logging on to each computer if it turns out I must?
Al
I have found that the AD Recycle was active so I can restore from there but that requires a learning curve (first try on a single PC did nothing so back to the manuals).
PROBLEM
If I have to visit each workstation, I have found that a local user was not created -- only the local users Administrator and Guest exist and their accounts are disabled. The Win 7 PCs will not allow me to login to the domain and I have no account available with which to login to the local PC
Is there a solution to logging on to each computer if it turns out I must?
Al
This the is way to crack the admin password if you are able to login the computer:
http://www.youtube.com/watch?v=itLpkkAZ6Sg&feature=related
This is the way to crack the local password if you are not able to get into the computer. You will need to burn this to a CD and then follow the instructions to delete any existing local admin passwords.
http://pcsupport.about.com/od/toolsofthetrade/gr/offlinentpwed.htm
If I understand your problem correctly, you might need to use one of the above. If not please explain further.
http://www.youtube.com/watch?v=itLpkkAZ6Sg&feature=related
This is the way to crack the local password if you are not able to get into the computer. You will need to burn this to a CD and then follow the instructions to delete any existing local admin passwords.
http://pcsupport.about.com/od/toolsofthetrade/gr/offlinentpwed.htm
If I understand your problem correctly, you might need to use one of the above. If not please explain further.
ASKER
I know the password for the administrator to the local machine, but the account is disabled according to the password cracker ophcrack. So despite knowing the password, I cannot login locally. This is true of all the Win7 PCs I've visited so far.
Any thoughts on how to re-enable the account without being able to login?
Al
Any thoughts on how to re-enable the account without being able to login?
Al
net user administrator /active:yes
Restart the PC in Safe Mode or any other mode and run the above command
Restart the PC in Safe Mode or any other mode and run the above command
ASKER
Brilliant! I blush to say that I had no idea such a service existed native to 2008. As an aside, after struggling with the native implementation of restoring an object, I found this wonderful little FREE application. http://www.overall.ca
Al
Al
Otherwise manually go to each pc, log in as local admin. Change domain to workgroup. Reboot. Log in as local admin. Change workgroup to your domain, enter admin credentials. Reboot, log in a domain account and everything is in order.