I have an old and ugly vbscript I used to use with ghost to join systems to the domain but MDT has some nice ones that you can use for this purpose.
Cesar A On Apr 14, 2015 5:13 AM, "elsalvoz" <[email protected]> wrote: > Reread your previous email and I missed it initially. > > You actually don't need domain credentials from domain A, but either way, > I would do it in two steps, remove from domain and join domain B after. If > reboot is required, you would auto login the local account. > > Cesar A > On Apr 14, 2015 4:47 AM, "David O'Brien" <[email protected]> wrote: > >> I am not doing offline domain join,I reckon that is just what the log >> says. >> >> And I am using an account that is a machine local account (User C). >> >> Sent from my Windows Phone >> ------------------------------ >> From: elsalvoz <[email protected]> >> Sent: 14/04/2015 9:35 PM >> To: [email protected] >> Subject: Re: [mssms] Domain join via Add-Computer or WMI >> >> What Daniel is referring to local to the system, once a system >> disjoint a domain, domain accounts do not have local permission. >> >> You need to use system local administration or an account with local >> administration privilege during the rejoin. >> >> This is the process to manually rejoin a system to a domain but I have >> never done offline join before. >> >> Cesar A >> On Apr 14, 2015 3:51 AM, "David O'Brien" <[email protected]> >> wrote: >> >> I've got three users. >> >> User A: Domain Admin in Domain A >> User B: Domain Admin in Domain B >> User C: Local Admin on computer that is being migrated (this user creates >> the elevated session) >> >> I do the following: >> >> $script:session = New-PSSession -Credential $credUserC -ComputerName >> localhost >> Invoke-Command -Session $session -ScriptBlock { Add-Computer >> -ComputerName localhost -Credential $args[0] -DomainName $args[1] >> -UnjoinDomainCredential $args[2] } -ArgumentList $credUserB, $DomainName, >> $credUserA >> >> This doesn't work. >> >> Strange issue. >> >> From: Daniel Ratliff >> Reply-To: <[email protected]> >> Date: Tuesday, 14 April 2015 8:16 pm >> To: "'[email protected]'", "'[email protected]'" >> Subject: RE: [mssms] Domain join via Add-Computer or WMI >> >> Didn't read through all the logs, but is user a DA in domain a? Once >> you disjoin domain a, wouldn't they lose all admin? You need a local >> account to join domain b? >> >> -----Original Message----- >> *From: *David O'Brien [[email protected]] >> *Sent: *Tuesday, April 14, 2015 04:01 AM Eastern Standard Time >> *To: *[email protected] >> *Subject: *[mssms] Domain join via Add-Computer or WMI >> >> Hi, >> >> Slightly OT, but maybe someone has seen this before. >> >> I have to "migrate" a computer from Domain A to Domain B, trigger for >> that is a User logging in, so we are executing this from a Logon script. >> The issue I'm seeing is that in my tests now the unjoin from Domain A >> works fine (which implies that all local permissions are ok and elevation >> of the script works, logged on user does not have permissions in this case, >> hence we need elevation), but the join fails with this. >> PSFTW\adobrien is the user used for elevation and is now a member of >> Domain Admins and Local Admins. >> >> Seen this before? Why is it mentioning "Offline Domain Join"? Why did >> it fail to load the registry hive? >> >> Thanks, >> David >> >> 04/14/2015 17:40:31:908 NetpDoDomainJoin >> 04/14/2015 17:40:31:908 NetpMachineValidToJoin: 'WIN7002' >> 04/14/2015 17:40:31:908 OS Version: 6.1 >> 04/14/2015 17:40:31:908 Build number: 7601 (7601.win7sp1_ldr.130828-1532) >> 04/14/2015 17:40:31:908 ServicePack: Service Pack 1 >> 04/14/2015 17:40:31:908 SKU: Windows 7 Enterprise >> 04/14/2015 17:40:31:908 NetpDomainJoinLicensingCheck: ulLicenseValue=1, >> Status: 0x0 >> 04/14/2015 17:40:31:908 NetpGetLsaPrimaryDomain: status: 0x0 >> 04/14/2015 17:40:31:908 NetpMachineValidToJoin: status: 0x0 >> 04/14/2015 17:40:31:908 NetpJoinDomain >> 04/14/2015 17:40:31:908 Machine: WIN7002 >> 04/14/2015 17:40:31:908 Domain: psftw.local >> 04/14/2015 17:40:31:908 MachineAccountOU: (NULL) >> 04/14/2015 17:40:31:908 Account: psftw\adobrien >> 04/14/2015 17:40:31:908 Options: 0x17 >> 04/14/2015 17:40:31:908 NetpLoadParameters: loading registry parameters... >> 04/14/2015 17:40:31:908 NetpLoadParameters: DNSNameResolutionRequired not >> found, defaulting to '1' 0x2 >> 04/14/2015 17:40:31:908 NetpLoadParameters: DomainCompatibilityMode not >> found, defaulting to '0' 0x2 >> 04/14/2015 17:40:31:908 NetpLoadParameters: status: 0x2 >> 04/14/2015 17:40:31:908 NetpValidateName: checking to see if >> 'psftw.local' is valid as type 3 name >> 04/14/2015 17:40:32:033 NetpCheckDomainNameIsValid [ Exists ] for >> 'psftw.local' returned 0x0 >> 04/14/2015 17:40:32:033 NetpValidateName: name 'psftw.local' is valid for >> type 3 >> 04/14/2015 17:40:32:033 NetpDsGetDcName: trying to find DC in domain >> 'psftw.local', flags: 0x40001010 >> 04/14/2015 17:40:32:143 NetpLoadParameters: loading registry parameters... >> 04/14/2015 17:40:32:143 NetpLoadParameters: DNSNameResolutionRequired not >> found, defaulting to '1' 0x2 >> 04/14/2015 17:40:32:143 NetpLoadParameters: DomainCompatibilityMode not >> found, defaulting to '0' 0x2 >> 04/14/2015 17:40:32:143 NetpLoadParameters: status: 0x2 >> 04/14/2015 17:40:32:143 NetpDsGetDcName: status of verifying DNS A record >> name resolution for 'adds.psftw.local': 0x0 >> 04/14/2015 17:40:32:143 NetpDsGetDcName: found DC '\\adds.psftw.local' in >> the specified domain >> 04/14/2015 17:40:32:143 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 >> 04/14/2015 17:40:32:205 NetpJoinDomain: status of connecting to dc >> '\\adds.psftw.local': 0x0 >> 04/14/2015 17:40:32:205 NetpProvisionComputerAccount: >> 04/14/2015 17:40:32:205 lpDomain: psftw.local >> 04/14/2015 17:40:32:205 lpMachineName: WIN7002 >> 04/14/2015 17:40:32:205 lpMachineAccountOU: (NULL) >> 04/14/2015 17:40:32:205 lpDcName: adds.psftw.local >> 04/14/2015 17:40:32:205 lpDnsHostName: (NULL) >> 04/14/2015 17:40:32:205 lpMachinePassword: (null) >> 04/14/2015 17:40:32:205 lpAccount: psftw\adobrien >> 04/14/2015 17:40:32:205 lpPassword: (non-null) >> 04/14/2015 17:40:32:205 dwJoinOptions: 0x17 >> 04/14/2015 17:40:32:205 dwOptions: 0x40000003 >> 04/14/2015 17:40:32:252 NetpLdapBind: Verified minimum encryption >> strength on adds.psftw.local: 0x0 >> 04/14/2015 17:40:32:252 NetpLdapGetLsaPrimaryDomain: reading domain data >> 04/14/2015 17:40:32:252 NetpGetNCData: Reading NC data >> 04/14/2015 17:40:32:252 NetpGetDomainData: Lookup domain data for: >> DC=psftw,DC=local >> 04/14/2015 17:40:32:252 NetpGetDomainData: Lookup crossref data for: >> CN=Partitions,CN=Configuration,DC=psftw,DC=local >> 04/14/2015 17:40:32:252 NetpLdapGetLsaPrimaryDomain: result of retrieving >> domain data: 0x0 >> 04/14/2015 17:40:32:283 NetpGetComputerObjectDn: Cracking DNS domain name >> psftw.local/ into Netbios on \\adds.psftw.local >> 04/14/2015 17:40:32:283 NetpGetComputerObjectDn: Crack results: name = >> PSFTW\ >> 04/14/2015 17:40:32:283 NetpGetComputerObjectDn: Cracking account name >> PSFTW\WIN7002$ on \\adds.psftw.local >> 04/14/2015 17:40:32:283 NetpGetComputerObjectDn: Crack results: (Account >> already exists) DN = CN=WIN7002,OU=Servers,DC=psftw,DC=local >> 04/14/2015 17:40:32:283 NetpModifyComputerObjectInDs: Initial attribute >> values: >> 04/14/2015 17:40:32:283 objectClass = Computer >> 04/14/2015 17:40:32:283 SamAccountName = WIN7002$ >> 04/14/2015 17:40:32:283 userAccountControl = 0x1000 >> 04/14/2015 17:40:32:283 DnsHostName = WIN7002.psftw.local >> 04/14/2015 17:40:32:283 ServicePrincipalName = HOST/WIN7002.psftw.local >> RestrictedKrbHost/WIN7002.psftw.local HOST/WIN7002 >> RestrictedKrbHost/WIN7002 >> 04/14/2015 17:40:32:283 unicodePwd = <SomePassword> >> 04/14/2015 17:40:32:283 NetpModifyComputerObjectInDs: Computer Object >> already exists in OU: >> 04/14/2015 17:40:32:283 objectClass = top person organizationalPerson >> user computer >> 04/14/2015 17:40:32:283 SamAccountName = WIN7002$ >> 04/14/2015 17:40:32:283 userAccountControl = 0x1000 >> 04/14/2015 17:40:32:283 DnsHostName = WIN7002.psftw.local >> 04/14/2015 17:40:32:283 ServicePrincipalName = WSMAN/WIN7002 >> WSMAN/WIN7002.psftw.local RestrictedKrbHost/WIN7002 HOST/WIN7002 >> RestrictedKrbHost/WIN7002.psftw.local HOST/WIN7002.psftw.local >> 04/14/2015 17:40:32:283 unicodePwd = Account exists, resetting >> password: <SomePassword> >> 04/14/2015 17:40:32:283 NetpModifyComputerObjectInDs: Attribute values to >> set: >> 04/14/2015 17:40:32:283 unicodePwd = <SomePassword> >> 04/14/2015 17:40:32:424 NetpModifyComputerObjectInDs: Toggled >> UserAccountControl successfully >> 04/14/2015 17:40:32:424 NetpEncodeProvisioningBlob: Encoding provisioning >> data >> 04/14/2015 17:40:32:424 NetpInitBlobWin7: Constructing blob... >> 04/14/2015 17:40:32:424 Blob version: 1 >> 04/14/2015 17:40:32:424 lpDomain: psftw.local >> 04/14/2015 17:40:32:424 lpMachineName: WIN7002 >> 04/14/2015 17:40:32:424 lpMachinePassword: <omitted from log> >> 04/14/2015 17:40:32:424 DomainDnsPolicy: >> 04/14/2015 17:40:32:424 Name: PSFTW >> 04/14/2015 17:40:32:424 DnsDomainName: psftw.local >> 04/14/2015 17:40:32:424 DnsForestName: psftw.local >> 04/14/2015 17:40:32:424 DomainGuid: >> 6d5d8c99-ceaf-4e3d-8f14-8fa258ef4a88 >> 04/14/2015 17:40:32:424 Sid: S-1-5-21-1080266623-2751979810-671634313 >> 04/14/2015 17:40:32:424 DcInfo: >> 04/14/2015 17:40:32:424 DomainControllerName: \\adds.psftw.local >> 04/14/2015 17:40:32:424 DomainControllerAddress: \\192.168.1.9 >> 04/14/2015 17:40:32:424 DomainControllerAddressType: 1 >> 04/14/2015 17:40:32:424 DomainGuid: >> 6d5d8c99-ceaf-4e3d-8f14-8fa258ef4a88 >> 04/14/2015 17:40:32:424 DomainName: psftw.local >> 04/14/2015 17:40:32:424 DnsForestName: psftw.local >> 04/14/2015 17:40:32:424 Flags: 0xe000f3fd >> 04/14/2015 17:40:32:424 DcSiteName: Default-First-Site-Name >> 04/14/2015 17:40:32:424 ClientSiteName: Default-First-Site-Name >> 04/14/2015 17:40:32:424 Options: 0x40000003 >> 04/14/2015 17:40:32:424 NetpInitBlobWin7: Blob pickling result: 0 >> 04/14/2015 17:40:32:424 NetpEncodeProvisioningBlob: result: 0x0 >> 04/14/2015 17:40:32:424 ldap_unbind status: 0x0 >> 04/14/2015 17:40:32:440 NetpRequestOfflineDomainJoin: >> 04/14/2015 17:40:32:440 dwProvisionBinDataSize: 912 >> 04/14/2015 17:40:32:440 JoinOptions: 0x17 >> 04/14/2015 17:40:32:440 Options: 0x40000003 >> 04/14/2015 17:40:32:440 lpWindowsPath: C:\WINDOWS >> 04/14/2015 17:40:32:440 NetpDecodeProvisioningBlob: Unpickling >> provisioning blob with size 912 bytes >> 04/14/2015 17:40:32:440 NetpDecodeProvisioningBlob: Searching 1 blobs for >> supported ODJ blob, highest supported version: 1 >> 04/14/2015 17:40:32:440 NetpDecodeProvisioningBlob: Found ODJ blob >> version: 1 >> 04/14/2015 17:40:32:440 NetpDecodeProvisioningBlob: Selected ODJ blob >> version: 1 >> 04/14/2015 17:40:32:440 Blob version: 1 >> 04/14/2015 17:40:32:440 lpDomain: psftw.local >> 04/14/2015 17:40:32:440 lpMachineName: WIN7002 >> 04/14/2015 17:40:32:440 lpMachinePassword: <omitted from log> >> 04/14/2015 17:40:32:440 DomainDnsPolicy: >> 04/14/2015 17:40:32:440 Name: PSFTW >> 04/14/2015 17:40:32:440 DnsDomainName: psftw.local >> 04/14/2015 17:40:32:440 DnsForestName: psftw.local >> 04/14/2015 17:40:32:440 DomainGuid: >> 6d5d8c99-ceaf-4e3d-8f14-8fa258ef4a88 >> 04/14/2015 17:40:32:440 Sid: S-1-5-21-1080266623-2751979810-671634313 >> 04/14/2015 17:40:32:440 DcInfo: >> 04/14/2015 17:40:32:440 DomainControllerName: \\adds.psftw.local >> 04/14/2015 17:40:32:440 DomainControllerAddress: \\192.168.1.9 >> 04/14/2015 17:40:32:440 DomainControllerAddressType: 1 >> 04/14/2015 17:40:32:440 DomainGuid: >> 6d5d8c99-ceaf-4e3d-8f14-8fa258ef4a88 >> 04/14/2015 17:40:32:440 DomainName: psftw.local >> 04/14/2015 17:40:32:440 DnsForestName: psftw.local >> 04/14/2015 17:40:32:440 Flags: 0xe000f3fd >> 04/14/2015 17:40:32:440 DcSiteName: Default-First-Site-Name >> 04/14/2015 17:40:32:440 ClientSiteName: Default-First-Site-Name >> 04/14/2015 17:40:32:440 Options: 0x40000003 >> 04/14/2015 17:40:32:440 NetpDoInitiateOfflineDomainJoin >> 04/14/2015 17:40:32:440 NetpDoInitiateOfflineDomainJoin: Setting >> backup/restore privileges >> 04/14/2015 17:40:32:440 NetpInitiateOfflineJoin >> 04/14/2015 17:40:32:440 lpLocalRegistryPath: >> C:\WINDOWS\system32\config\SYSTEM >> 04/14/2015 17:40:32:440 dwOptions: 0x40000003 >> 04/14/2015 17:40:32:440 NetpConvertBlobToJoinState: Translating >> provisioning data to internal format >> 04/14/2015 17:40:32:440 NetpConvertBlobToJoinState: Selecting version 1 >> 04/14/2015 17:40:32:440 NetpConvertBlobToJoinState: exiting: 0x0 >> 04/14/2015 17:40:32:440 NetpInitiateOfflineJoin: RegLoadKeyW failed to >> load the hive C:\WINDOWS\system32\config\SYSTEM: 0x522 >> 04/14/2015 17:40:32:440 NetpClearFullJoinState: Removing cached state >> from the registry... >> 04/14/2015 17:40:32:440 NetpClearFullJoinState: Status of deleting join >> state key 0x6 >> 04/14/2015 17:40:32:455 NetpDoInitiateOfflineDomainJoin: status: 0xa9d >> 04/14/2015 17:40:32:455 NetRequestOfflineDomainJoin: Failed to initiate >> the offline domain join 0xa9d >> 04/14/2015 17:40:32:455 NetpJoinDomainOnDs: Function exits with status >> of: 0xa9d >> 04/14/2015 17:40:32:455 NetpJoinDomainOnDs: status of disconnecting from >> '\\adds.psftw.local': 0x0 >> 04/14/2015 17:40:32:455 NetpDoDomainJoin: status: 0xa9d >> >> >> >> The information transmitted is intended only for the person or entity to >> which it is addressed >> and may contain CONFIDENTIAL material. If you receive this >> material/information in error, >> please contact the sender and delete or destroy the material/information. >> >> >> >> >>
