Saturday, September 23, 2017

Domain re-join shortcut trick

We've all had it. A system with domain authentication issues. Usually it's the Secure Channel.

or way back

 but sometimes it's worse like the machine object being "accidentally" deleted.

For me to resolve these, I just log in with cached credentials and run some PowerShell like

 Test-ComputerSecureChannel -repair  

You can add "-cred "MYCOMPANY\username" if your password changed by then or if you have to use a different one that has rights.

or in the worse case when the object is not present

 add-computer -Domainname –cred “MYCOMPANY\kevin.fason”  

Many of my techs do not like CLI and have to use the mouse.  The accepted way is to remove it from the domain and make it a member of a workgroup, then join back to the domain with reboots in between and enabling a local admin account etc.

Instead of going through all that, did you know you can just enter the NetBIOS name of the domain? The system perceives this as you moving the system from one domain to another, even though its technically the same one, your just using the legacy NetBIOS name vs the FQDN of the domain.

Here is an example normally showing the FQDN of the domain:

Just change it to the NetBIOS and select OK. One reboot. all done. After the reboot it will revert to the FQDN domain name.

If you do not know what it is you can open a command/powershell prompt and type 'set USER' and it will tell both names via the USERDNSDOMAIN (FQDN)and USERDOMAIN (NetBIOS) variables. 

Or if you must use that mouse, you can open ADUC, right-click the domain, and select properties. Right on the general tab you will see it listed under 'Domain name (pre-Windows 2000).

Who knows how long this will work as forest/domain functional levels are uplifted.

No comments:

Post a Comment