Go Back   Computer Forums > General Computing > Programming
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-10-2006, 12:57 PM   #1
zyx
Baseband Member
 
zyx's Avatar
 
Join Date: Nov 2005
Posts: 36
Smile Using Netdom in a batch file to reset computer accounts, can someone lend me a hand?

Resetting computer accounts in Windows 2000 and Windows XP

http://support.microsoft.com/kb/216393/en-us

Netdom.exe
For each member, there is a discrete communication channel (the security channel) with a domain controller. The security channel is used by the Netlogon service on the member and on the domain controller to communicate. Netdom makes it possible to reset the security channel of the member. You can reset the member security channel by using the following command:

netdom reset 'machinename' /domain:'domainname
where 'machinename' = the local computer name and 'domainname' = the domain where the computer/machine account is stored.

Suppose you have a domain member named DOMAINMEMBER in a domain called MYDOMAIN. You can reset the member security channel by using the following command:
netdom reset domainmember /domain:mydomain
You can run this command on the member DOMAINMEMBER or on any other member or domain controller of the domain, provided that you are logged on with an account that has administrator access to DOMAINMEMBER.

This is what I found on the microsoft database, now I just need to implement that into a batch file that will run on the machine to reset the password.

I was thinking to use a runas command to get admin rights on the machine, however im not sure how to implement this.

My Admin is using this VB script, but its not working.

I just want to make it simple and easy i don think we need all this script just to reset the secure channel password on the machine before the 30 day reset.

Can anyone give me a hand, i will appreciate any input you guys have?
__________________

__________________
http://www.djzyx.com/forum // British Columbia Tech Talk
zyx is offline   Reply With Quote
Old 05-10-2006, 03:10 PM   #2
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Using Netdom in a batch file, can someone lend me a hand?

If you are allowed to do this to begin with, You shouldnt be trying to write a script to give you admin rights. If you do not have admin rights chances are you are not supposed to and if in which case this is true, and you are trying to escalate your privilages, you will not find help here..
__________________

__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 05-10-2006, 03:31 PM   #3
Golden Master
 
Brookfield's Avatar
 
Join Date: Apr 2005
Posts: 10,056
Thumbs down Re: Using Netdom in a batch file to reset computer accounts, can someone lend me a hand?

xyx, I have just received info that the PC is school or college property, we have young members like you, trying to bypass security protocols all the time, nice try!, don't re-post, or your'e gone.
Brookfield is offline   Reply With Quote
Old 05-10-2006, 03:43 PM   #4
Golden Master
 
Brookfield's Avatar
 
Join Date: Apr 2005
Posts: 10,056
Default Re: Using Netdom in a batch file to reset computer accounts, can someone lend me a hand?

Quote:
Originally Posted by zyx
Resetting computer accounts in Windows 2000 and Windows XP

*Link deleted as requested by xyx

Netdom.exe
For each member, there is a discrete communication channel (the security channel) with a domain controller. The security channel is used by the Netlogon service on the member and on the domain controller to communicate. Netdom makes it possible to reset the security channel of the member. You can reset the member security channel by using the following command:

netdom reset 'machinename' /domain:'domainname
where 'machinename' = the local computer name and 'domainname' = the domain where the computer/machine account is stored.

Suppose you have a domain member named DOMAINMEMBER in a domain called MYDOMAIN. You can reset the member security channel by using the following command:
netdom reset domainmember /domain:mydomain
You can run this command on the member DOMAINMEMBER or on any other member or domain controller of the domain, provided that you are logged on with an account that has administrator access to DOMAINMEMBER.

This is what I found on the microsoft database, now I just need to implement that into a batch file that will run on the machine to reset the password.

I was thinking to use a runas command to get admin rights on the machine, however im not sure how to implement this.

My Admin is using this VB script, but its not working.

I just want to make it simple and easy i don think we need all this script just to reset the secure channel password on the machine before the 30 day reset.

Can anyone give me a hand, i will appreciate any input you guys have?

Code:
'==========================================================================
' NAME: Secure Channel Reset
'
' AUTHOR: Anthony Howard , CSC/Sempra Energy
' DATE  : 3/1/2006
' Comments: Netdom.exe must exist in same directory for script to properly execute.
'==========================================================================
Option Explicit
Dim dtmval, serverpath, adsinfo, fso, secchanlog, WshShell, objcomputer, strName
Dim lngPasswordage, Return

dtmval = Right("00" & Month(Now),2) & Right("00" & Day(Now),2) & Right(Year(Now),2)

'MsgBox dtmval
'serverpath = "\\corp\corpdata\DCC\CollectionPoint$\SecureReset$\" 'Change to network server for production
serverpath = "\\ap-cerctr-p02\csc_images\SecureResetTest\"
Const forappending = 8

Set WshShell = CreateObject("WScript.Shell")
strName = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")
strName = WshShell.RegRead("\HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName")
strName = WshShell.RegRead("\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Hostname")
strName = WshShell.RegRead("\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname")
Set adsinfo = CreateObject("ADSystemInfo")
Set fso = CreateObject("Scripting.FileSystemObject")
Set SecChanLog = fso.OpenTextFile(serverpath & dtmval & strname & ".txt", 8, True)



Set objcomputer = GetObject("LDAP://" & adsinfo.ComputerName) 
	lngPasswordAge = DateDiff("d" ,objcomputer.PasswordLastChanged ,Date)
	'wscript.Echo adsinfo.ComputerName
	'WScript.echo lngPasswordage
	

If lngPasswordage > 27 Then 'change to > for production
	Return = WshShell.Run("NetDom Reset " & strName & " /Domain:Corp /UO:*** /PO:***", 1, True)
		Select Case Return 
			Case 0 		SecChanLog.WriteLine (strName & " had machine account password reset on " & Now)
			Case 53		secchanlog.WriteLine ("Cannot Connect to " & strName & now)
			Case 1326 	SecChanLog.WriteLine (strName & " logon failure, bad password" & now)
			Case Else secchanlog.WriteLine ("Password change failed, unknown issue" & now)
			' additonal known errors may be added if necessary
		End Select
	'WScript.Echo Return
	WScript.Sleep 30000
	Else
	SecChanLog.WriteLine (strName & " was not reset, password changed too recently")
	WScript.Sleep 30000
End If

SecChanLog.Close
See my post [3] another thing, only one web address alowed in your sig, see the rules, keep one, but delete the others, do it quickly, or I will delete all three.
Brookfield is offline   Reply With Quote
Old 05-10-2006, 03:46 PM   #5
zyx
Baseband Member
 
zyx's Avatar
 
Join Date: Nov 2005
Posts: 36
Default Re: Using Netdom in a batch file, can someone lend me a hand?

lol
Brookfield

i'm not actually trying to do that your totally misunderstood
and im not trying to do anything of the sorts

its a utility company, not a school at all.

im a consultant just trying to help out someone at the utility company.

The script works however it doesnt rejoin the domain.

maybe someone can help me figure out how to rejoin the domain
__________________
http://www.djzyx.com/forum // British Columbia Tech Talk
zyx is offline   Reply With Quote
Old 05-10-2006, 03:53 PM   #6
Golden Master
 
Brookfield's Avatar
 
Join Date: Apr 2005
Posts: 10,056
Default Re: Using Netdom in a batch file, can someone lend me a hand?

Quote:
Originally Posted by zyx
lol
Brookfield

i'm not actually trying to do that your totally misunderstood
and im not trying to do anything of the sorts

its a utility company, not a school at all.

im a consultant just trying to help out someone at the utility company.

The script works however it doesnt rejoin the domain.

maybe someone can help me figure out how to rejoin the domain
Explanation accepted, understand that we get so many trying their luck.
Thanks for adjusting your sig, quickly done!
Brookfield is offline   Reply With Quote
Old 05-10-2006, 04:08 PM   #7
zyx
Baseband Member
 
zyx's Avatar
 
Join Date: Nov 2005
Posts: 36
Default Re: Using Netdom in a batch file, can someone lend me a hand?

yeah no problem!

I just want to cooperate

and also try and get this issue resolved. I don't know much scripting myself and the IT spealist wrote that script, however it works and resets the password, but it doesn't want to rejoin the domain
__________________
http://www.djzyx.com/forum // British Columbia Tech Talk
zyx is offline   Reply With Quote
Old 05-10-2006, 04:16 PM   #8
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Using Netdom in a batch file, can someone lend me a hand?

LOL yea, sometimes on these type of subjects its better to add a small explination, because it is somewhat of a touchy subject. When you refer to rejoin the domain.. do you mean the computer doesnt or what? That and i assume your running active directory right?
__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 05-10-2006, 04:19 PM   #9
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Using Netdom in a batch file, can someone lend me a hand?

Oh yea, if i may make a suggestion. You might want to edit your posts a little bit, because that script gives away information about your network there.
__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 05-10-2006, 04:28 PM   #10
zyx
Baseband Member
 
zyx's Avatar
 
Join Date: Nov 2005
Posts: 36
Default Re: Using Netdom in a batch file, can someone lend me a hand?

netdom join machine /domain:name /userd:user /passwordd:*******

thats the command but i dont know how to implement that in the code

all i basically need to do is create a batch file that resets the secure channel password and joins the domain!
__________________

__________________
http://www.djzyx.com/forum // British Columbia Tech Talk
zyx is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:32 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0