Force XP to switch from Workgroup to Domain?

[RyboFlavin]

I had a business trip this week, but I needed to print of stuff before I left my house on Sunday...so I changed my work laptop's network settings from Domain to Workgroup so I could print in my home network. That worked fine, however, now I can't change it back to Domain. This is preventing my Cisco VPN client from being able to authenticate the certificate, thus not allowing me to connect remotely.

Is there a way I can force Windows XP to change it's settings back to Domain without being able to physically connect to the domain network? Like I said, I am on the road and physically not able to plug into the home network.

If you know of any way to do this, your help would be greatly appreciated. I don't really have a Help Desk person to rely on back in the office right now either.

 

[Fardringle]

Windows cannot attach to a domain unless the domain controller is currently available to authenticate the computer. You should not have needed to change the settings on the laptop to your home workgroup name in order to print at home. You can usually print using the UNC name (i.e. \\computername\printername) even if you cannot browse the workgroup using Network Neighborhood.

Anyway, to answer your question, you are going to need to take your computer back to the physical network where the domain controller is located and have someone with administrative rights on the domain (not just on the computer) reconnect the computer to the domain.

 

[InlineFive]

I think you're out of luck. First, you'll need to be able to connect to the DC and you'll need the credentials for a Domain Administrator.

 

[RebateMonger]

n.m.

 

[RyboFlavin]

Originally posted by: InlineFive
I think you're out of luck. First, you'll need to be able to connect to the DC and you'll need the credentials for a Domain Administrator.

So, even though I know the local administrator password, I may still not be able to reconnect it to the domain?

 

[TG2]

local admin account probably doesnt have domain rights to add machines to the domain

 

[bsobel]

Originally posted by: RyboFlavin

Originally posted by: InlineFive
I think you're out of luck. First, you'll need to be able to connect to the DC and you'll need the credentials for a Domain Administrator.

So, even though I know the local administrator password, I may still not be able to reconnect it to the domain?

Nope, otherwise anyone who installed a fresh install could join the domain. You need to be a domain admin.

 

[bsobel]

Btw, one thing I have never tried but which actually might work is system restoring to a time before you made the domain change.

 

[RyboFlavin]

The System Restore sounded promising, until I found that this notebook was setup with System Restore disabled.

The thing I don't understand is why I need to rejoin the domain. I mean at this point the network and the domain controller don't know that this PC was changed from workgroup to domain. Why would the domain controller require a computer to rejoin if it doesn't know that the computer has left the domain to begin with. I was just hoping that I could change the settings in this notebook back to domain so that I can just plug it in and the network would be none-the-wiser.

 

[RyboFlavin]

An idea I just had, let me know what you think this would do...

Say that my company's domain name is abc.com. If I were to build a local domain server here, named abc.com, and then use this to connect to the abc.com domain...wouldn't that do what I am trying to accomplish?

I mean, in theory that should change the laptop back to domain mode looking for the abc.com domain to connect to. What do you think about trying that since I do have access to build such a domain here.

 

[JackMDS]

Assuming that these type of Playing around is allowed by your IT department.

For Next Time.

Configuring a Laptop (or any computer) to connect to more than one Network, http://www.ezlan.net/faq#fewtcp-ip

 

[nweaver]

Originally posted by: RyboFlavin
An idea I just had, let me know what you think this would do...

Say that my company's domain name is abc.com. If I were to build a local domain server here, named abc.com, and then use this to connect to the abc.com domain...wouldn't that do what I am trying to accomplish?

I mean, in theory that should change the laptop back to domain mode looking for the abc.com domain to connect to. What do you think about trying that since I do have access to build such a domain here.

no, that will not work.


The reason you are having these problems is because when you removed the domain info, you removed/invalidated the certs required to auth remotely with that domain. If domain security was this easy to cercimvent, everyone would be doing it. It's time to call IT, they may have a different way to VPN in, and then you might be able to join the domain using VPN and retrieve the certs.

 

[bsobel]

The thing I don't understand is why I need to rejoin the domain.

This is by design and the correct behaviour from a secuirty point of view.