Saturday, September 23, 2017

Domain re-join shortcut trick

We've all had it. A system with domain authentication issues. Usually its the Secure Channel.

or way back

 but sometimes its worse like the machine object being "accidentally" deleted.

For me to resolve these, I just login with cached credentials and run some PowerShell like

 Test-ComputerSecureChannel -repair  

You can add "-cred "MYCOMPANY\username" if your password changed by then or if you have to use a different one that has rights.

or in worse case when the object is not present

 add-computer -Domainname –cred “MYCOMPANY\kevin.fason”  

No matter how many times I lead these tech horses to water they just wont drink up PS1 cmd-lets.  I notice my techs will just rejoin it to the domain via the GUI. They MUST use the mouse for whatever reason. The accepted way is to remove it from the domain and make it a member of a workgroup, then join back to the domain with reboots in between and enabling a local admin account etc.

Instead of going through all that, did you know you can just enter the NetBIOS name of the domain? The system perceives this as you moving the system from one domain to another, even though its technically the same one, your just using the legacy NetBIOS name vs the FQDN of the domain.

Here is an example normally showing the FQDN of the domain:

Just change it to the NetBIOS and select OK. One reboot. all done. After the reboot it will revert to the FQDN domain name.

If you do not know what it is you can open a command/powershell prompt and type 'set USER' and it will tell both names via the USERDNSDOMAIN (FQDN)and USERDOMAIN (NetBIOS) variables. 

Or if you must use that mouse, you can open ADUC, right click the domain and select properties. Right on the general tab you will see it listed under 'Domain name (pre-Windows 2000).

Who knows how long this will work as forest/domain functional levels are uplifted.

No comments:

Post a Comment