• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Notebook on Domain, how can I duplicate it's AD Domain authentication?

S

seanbigdealer

Member
In a nutshell, I have a Virtual Machine running on a PC. In this virtual machine, I want to duplicate my notebook's Network ID, Domain membership, etc. I have tried several times (with the notebook offline), but get an authentication error.

Does anyone know if Windows 2000 AD grabs machine specific information when adding machines to a Domain, or the member workstation is implanted with something else to ensure to the Domain that they are the specific machine??
 
I found this, which talks about the security channel in NT 4 (but seems possibly 2000 AD related as well):

For each Windows computer that is a member of a domain, there is a discrete communication channel with a domain controller.

Note An example of a discrete communication channel is the security channel.

The security channel's password is stored together with the computer account on the primary domain controller (PDC), and is replicated to all backup domain controllers (BDCs). The password is also in LSA secret $MACHINE.ACC of the workstation. Each workstation owns such secret data.

Every seven days, the workstation sends a security channel password change and the computer account password is updated. If the primary domain controller (PDC) is running Windows NT 4.0 Service Pack 3 or earlier, the computer account password changes are marked as "Announce Immediate" and every time a computer account password is modified, a replication occurs immediately. If the PDC is running Windows NT 4.0 Service Pack 4 or a later version, the computer account is replicated during the next replication pulse.

For Windows 2000, Windows XP and Windows Server 2003, the default computer account password change is 30 days.
 
Just like you posted each machine has an accout on the domain, the only way to "duplicate" the machine account would be to image the machine.

If you were to image your machine than restore to a virtual machine they could not be connected to the network at the same time and as soon as one of them changed the machine account password on the domain the other would loose domain trust and not be able to connect.

In other words dont even try, you'll only make a mess of things if you do.
 
Thanks for the reponse. Yes, looks too risky as the more I learned about the security channle and machine account password the more it appeared not to be worth the trouble.
 
Well you wont be able to fully duplicate the actual laptop since both machines on the domain cannot have the same name.
If your offline, I dont think theres any way you can add the VM to the domain
 
Imaging into a virtual machine could be tricky anyway. I tried ghosting once and got all sorts of errors. You could just tell us the purpose of doing this and maybe we can help you out with that.
 
My reason for doing this was fairly simple. Leave system at work, go home to PC with Virtual PC connected to work via VPN. Having access to the Domain would give me all of the shares, etc. that I require. As it is, I just need to lug the notebook home to match my office connectivity. Not a major deal, but always want easier/better :>
 
Why not join the VM to the domain using a unique name? Connect it to the VPN, join to the domain, logon with your normal user account. You should get all the shares and stuff you need, unless you manually mapped them yourself. But even if you did, it shouldn't take too long to recreate what you need.
 
You don't really need a domain account to access domain resources via AD. It gets a bit tricky and arduous to manually use Run As but I implement it in shortcuts, get prompted before the app/tool/utility/etc.. comes up. Comes up using my domain credentials. After the initial pita of this process it's basically hands off.
 
I do the same exact thing that your looking to do.

Windows XP virtual machine at home, added to work domain, and it connects using VPN.

Its hosted on my workgroup computer at home, runs great and works perfectly.

I would just add the VM to the domain (after getting permissions to do so)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top