DigitalVariance
Programmer
I posted this over at StackOverflow already though have not heard a response from anyone. Hopefully you guys will be able to help:
So I've got an XP Pro workstation that is reporting "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance." when logging in with domain credentials. To fix this manually I would simply log in with the local admin account, drop it to a workgroup, and re-add it to the domain. This process however can take a decent amount of time considering this issue crops up at my work rather frequently. What I'm trying to do is programmatically automate the dropping/rejoining process. The following code works, but only if the computer is correctly in a domain or workgroup, not in limbo like it is now.
When the script hits line 24:
It errors with "The remote server machine does not exist or is unavailable: 'GetObject'". This line would normally work if the machine were correctly in the domain. The AD object does exist. If this errors I have it coded to log into the machine with the local admin credentials on line 29:
That will error out with "SWbemLocator: Access is denied."
So using both methods I'm familiar with there's no way to access WMI when the machine is in this limbo. In my research it seems as though the "Trust relationship between the workstation and the domain has failed" but to me that doesn't explain why I can't log in with the local admin credentials.
I didn't want to have to resort to NETDOM, but I tried anyway. It errors out as well talking about the failed trust relationship.
So my questions are:
A) When this error message is present is there any way to programmatically drop the workstation to a workgroup and re-add it to the domain?
B) Programmatically repair the trust relationship between the workstation and domain (If that is in fact what's wrong with it)?
C) When this error message is present log into the workstation with admin credentials?
Thanks everyone in advance for any potential help and please let me know if any more details are needed.
So I've got an XP Pro workstation that is reporting "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance." when logging in with domain credentials. To fix this manually I would simply log in with the local admin account, drop it to a workgroup, and re-add it to the domain. This process however can take a decent amount of time considering this issue crops up at my work rather frequently. What I'm trying to do is programmatically automate the dropping/rejoining process. The following code works, but only if the computer is correctly in a domain or workgroup, not in limbo like it is now.
Code:
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
Const WbemAuthenticationLevelPktPrivacy = 6
'On Error Resume Next
SystemName = "SystemName"
strNamespace = "root\cimv2"
ComputerBLogin = "LoginB"
ComputerBPass = "PassB"
ComputerALogin = "LoginA"
ComputerAPass = "PassA"
DomainName = "domain.com"
OU = "OU=desiredou,DC=domain,DC=com"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & SystemName & "\root\cimv2")
If Err.Number <> 0 Then
Set objWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objwbemLocator.ConnectServer(SystemName, strNamespace, ComputerBLogin, ComputerBPass)
objWMIService.Security_.authenticationLevel = WbemAuthenticationLevelPktPrivacy
Err.Clear
End IF
Set colComputers = objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
For Each objComputer in colComputers
Return = objComputer.UnJoinDomainOrWorkGroup(NULL, NULL)
Return = objComputer.JoinDomainOrWorkGroup("WORKGROUP", NULL, NULL)
If Err.Number <> 0 Then
Set WshShell = CreateObject("WScript.Shell")
message = WshShell.Popup (SystemName & " could not be dropped to the workgroup!" & vbCr &_
"Error: " & Err.Description,, "Title", 0 + 16)
Else
Set WshShell = CreateObject("WScript.Shell")
message = WshShell.Popup (SystemName & " was successfully dropped to the WORKGROUP!",, "Title", 0 + 64)
End If
Next
For Each objComputer in colComputers
ReturnValue = objComputer.JoinDomainOrWorkGroup(DomainName, ComputerAPass, ComputerALogin, OU, JOIN_DOMAIN + ACCT_CREATE)
If Err.Number <> 0 Then
Set WshShell = CreateObject("WScript.Shell")
message = WshShell.Popup ("Unable to join " & SystemName & " to the domain! Please join manually.",, "Title", 0 + 16)
Else
Set WshShell = CreateObject("WScript.Shell")
message = WshShell.Popup ("Domain joining was successful!",, "Title", 0 + 64)
End If
NextWhen the script hits line 24:
Code:
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & SystemName & "\root\cimv2")It errors with "The remote server machine does not exist or is unavailable: 'GetObject'". This line would normally work if the machine were correctly in the domain. The AD object does exist. If this errors I have it coded to log into the machine with the local admin credentials on line 29:
Code:
Set objWMIService = objwbemLocator.ConnectServer(SystemName, strNamespace, ComputerBLogin, ComputerBPass)That will error out with "SWbemLocator: Access is denied."
So using both methods I'm familiar with there's no way to access WMI when the machine is in this limbo. In my research it seems as though the "Trust relationship between the workstation and the domain has failed" but to me that doesn't explain why I can't log in with the local admin credentials.
I didn't want to have to resort to NETDOM, but I tried anyway. It errors out as well talking about the failed trust relationship.
So my questions are:
A) When this error message is present is there any way to programmatically drop the workstation to a workgroup and re-add it to the domain?
B) Programmatically repair the trust relationship between the workstation and domain (If that is in fact what's wrong with it)?
C) When this error message is present log into the workstation with admin credentials?
Thanks everyone in advance for any potential help and please let me know if any more details are needed.
![[bigsmile]](/data/assets/smilies/bigsmile.gif "[bigsmile] [bigsmile]")
