none
Event ID 5723 NetLogon...

    Question

  • Good day guys,

         I would like to know that is there's a way of bringing back again the trust account or re-joined again the computer without going to each PC to manually re-joined the PC to Domain Controller, I have tried to manually added Computer at Computers OU but there is no effect? I have a many research that it would require to re-joined again and also based on the said event error which tells us also to do this re-joining the PC again, But is there any shortcut or another workaround to be able not doing by each PC to manually re-joined them to bring back again the trust relationships.

         Any related link, suggestions, recommendations it will be a great help.

         Thanks in Advance and Regards,

         Cheers...
    Wednesday, February 10, 2010 2:19 PM

Answers

  • Rad,

    The two links I included in the first reply contain all the information you need. That said, a rough example of a command would look like the following:

    psexec [\\computerName-or-IP] -u Administrator -p [password] netdom.exe join /d:yourDomain.com /ou:OU=Computers,OU=Department,ND=yourDomain,ND=com

    (The above should all be on one line - it's just been broken up here on the forum)

    Cheers,
    Lain
    • Marked as answer by radical93 Saturday, February 13, 2010 6:00 AM
    Friday, February 12, 2010 8:34 AM

All replies

  • Take a look at the NETDOM JOIN command. Here's a link you can refer to for an example on how to do it:

    http://technet.microsoft.com/en-us/library/cc776879(WS.10).aspx

    If you have local administrative credentials, you could use something like PSEXEC (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to automate the entire process.

    Edited: Just to clarify, manually creating an account in Active Directory for a computer won't cause it to automatically join the domain. Someone or something (such as a script) still needs ot perform the join task on the actual computer.

    Cheers,
    Lain
    Wednesday, February 10, 2010 3:10 PM
  • You can use netdom command line utility in combination with PSExec to re-join a remote computer to the domain..

    hth
    Marcin
    Wednesday, February 10, 2010 3:13 PM
  • Good day Marcin and Lain,

         Sorry for the delay of response, this is great I have now the utility the PSExec and the NetDom which it is new for me to use can you give me some example to re-joined the workstations from the server.

         Thanks and Regards,

         Cheers...

    Friday, February 12, 2010 7:32 AM
  • Rad,

    The two links I included in the first reply contain all the information you need. That said, a rough example of a command would look like the following:

    psexec [\\computerName-or-IP] -u Administrator -p [password] netdom.exe join /d:yourDomain.com /ou:OU=Computers,OU=Department,ND=yourDomain,ND=com

    (The above should all be on one line - it's just been broken up here on the forum)

    Cheers,
    Lain
    • Marked as answer by radical93 Saturday, February 13, 2010 6:00 AM
    Friday, February 12, 2010 8:34 AM
  • Good day Lain,

         Thanks for the example you gave to me, but I have encountered error below:

         "Couldn't access <IP Address>:"
         "The network path was not found."

         "Make sure that the default admin$ share is enabled on <IP Address>."

         I have done a test that one of my workstations I deleted at "Computers" OU then doing it the one you gave to me I run it and it gives me the "trust relationship between this workstation and the primary domain failed", I think I just missed something?

         What should be things to be considered or to remember when doing execution of psexec and netdom combination when re-joining workstations to D.C.

         Thanks again and Regards,

         Cheers...
    • Edited by radical93 Friday, February 12, 2010 11:42 AM Added questions...
    Friday, February 12, 2010 11:38 AM
  • Good day Lain,

         Based on my observation, testing, and using these PSEXEC and NETDOM as you have said "It still needs to perform the join task on the actual computer using these combination of PSEXEC and NETDOM cannot use to automate due to the following reasons:

         1.)  Windows Client Firewall - you should open the Windows Client Firewall in order to execute these commands.
         2.)  NETDOM - you should have a copy of netdom.exe at the client in order also to execute these commands.
         3.)  Trust Relationships - it cannot restored or re-connect to bring back again the trust relationship between clients and domain controller it should be manually join on the actual computer.

         All of the above which I stated reasons based on my testing and observations, but lain if you have some clarifications it will be okey, and also suggestions.

         Thanks and Regards,

         Cheers...

    Wednesday, February 17, 2010 12:11 PM
  • Hello, Rad.

    1. Yes, the firewall can be an issue. Because you are dealing with machines that are not domain joined, you can't easily modify the firewall rules. This is the only point that may cause you a headache.

    2. This shouldn't be a problem. Since you already need to know a local account with administrative rights, then you can use these same credentials to copy NETDOM to the local admin$ share. You could make this even easier by putting the copy and psexec commands into a batch file.

    3. I'm not sure I'm following this part. The closest manner in which you can restore a workgroup machine to how it was represented when it was a domain member is to reset its Active Directory computer object prior to the join (right-click the computer object and choose Reset Account in AD Users and Computers), then rejoining it with the NETDOM command. This will at least preserve any permissions (ie group memberships and such) that the computer had before it was removed into the workgroup.

    In summary, only point 1 can be tricky to work with.

    Cheers,
    Lain
    Wednesday, February 17, 2010 2:50 PM