pc needs to be taken of domain

kuzum
kuzum used Ask the Experts™
on
HI

I have a window7 machine that needs to be taken of my domain and re-added but as I do not have local admin credentials I cannot do it with current user account I have ( very locked down) and cannot do any admin work such as removing it from domain and re-adding it etc..

Issue I have is this;

my windows 7 machine is not in sync with my Domain controller and hence I can only login with one account I have which is normal user account.  machine's  time settings shows that I am 4 minutes behind. I believe this is where the issue is but as mentioned, I cannot do any changes on the machine. I believe normal user account is cached in the memory and hence I can only with that account,

when I tried to logon with another account I get this error  " there is no logon servers available to service the request"   this is  from windows 7 machine and my DC is 2008 rd.  

I believe if I can remove it and re-add it domain it should fix my issue but I cannot do it as PC is out of sync with my AD and user account Im using is locked down to do any admin work.  

Can this fixed via registry? I can do regedit?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gerwin Jansen, EE MVETopic Advisor
Most Valuable Expert 2016

Commented:
The simple answer is: no you cannot do this via registry modifications. If so what would be the use of having admin account to manage PC's and domain? I would just advise you contact an administrator and remove/add the computer for you. When in doubt, the admin should create a local admin account first for backout purposes, providing that there is no policy active that prevents having/creating such accounts.

Author

Commented:
Hi,

thanks, We do have a team and local admin accounts but it does not work as it seems it was not enabled during the build. It is disabled. ( I know it is a bad build)

What is my options please considering no local account to login to PC? how can I remedy issue? is there any way of creating another local account with admin privileges or using safe mode etc ?

thanks
Most Valuable Expert 2015

Commented:
The only thing you can try doing is to check the PC's BIOS settings (provided you have access to the BIOS, and make sure the CMOS time is correct, maybe even replace the CMOS battery. With some luck your PC's time will then be in sync with the server's.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Topic Advisor
Most Valuable Expert 2016
Commented:
If you have no local admin account and no domain admin account then you only can try to reset the local admin account using a boot CD. Either that or a rebuild.
FOXActive Directory/Exchange Engineer
Top Expert 2015

Commented:
Kuzum,
Overall if your intentions were to remove it from the domain and readd it you will not be able to do it without domain admin rights.  If you wanted to add a local admin account to the machine REMOTELY you would still need domain admin rights.
FOXActive Directory/Exchange Engineer
Top Expert 2015
Commented:
As Gerwin stated if you would just like to get in to the machine get a local admin password reset boot cd, reset or clear any user passwords that you notice, some cds give you the option to or set any of the other users accounts with local admin rights. Some cds also let you enable the Administrator account.   If you do that unplug it from the network as it may be picking up a gpo which disables the local Administrator account.
liranp1IT and .net developer

Commented:
hi

check in active directory if computer account disabled and enable it.

of you can try to find 3rd party software that reset the local account password on the computer.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
There are methods one can use to gain access to the system.  However, I don't feel comfortable posting them to this question - I'm not convinced you aren't trying to circumvent your company's security without their knowledge and I won't help you bypass that.  I would strongly recommend you speak to your network administrators and/or reload the computer from scratch - pull the hard drive, back it up, and reload.
4 mins time skew should not cause any issues like that, provided you are within 15 mins, it should update from a DC and adjust itself. I suspect a DNS problem here, it seems your machine is not finding a DC.
Distinguished Expert 2017

Commented:
Have you asked anyone with an account that has admin rights to remotely connect to it.

There are ways to gain administrative rights to this system, but if your account is locked down which account will you use to reconnect.

Netdom executed can rejoin the domain.
Updating the time to be closer during bootup ........

You are not getting a loss of trust message, so it sounds as though this system might have external DNS records and those are being queried when login/resource access is attempted.

Run ipconfig /all from a command prompt, or look at the details for network connection properties. Note if there are non private ip addresses listed there. I.e. Not on the same segment as your system's ip.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial