Using Netdom in a batch file, can someone lend me a hand?

[zyx]

Using Netdom in a batch file to reset computer accounts, can someone lend me a hand?

Resetting computer accounts in Windows 2000 and Windows XP

http://support.microsoft.com/kb/216393/en-us

Netdom.exe
For each member, there is a discrete communication channel (the security channel) with a domain controller. The security channel is used by the Netlogon service on the member and on the domain controller to communicate. Netdom makes it possible to reset the security channel of the member. You can reset the member security channel by using the following command:

netdom reset 'machinename' /domain:'domainname
where 'machinename' = the local computer name and 'domainname' = the domain where the computer/machine account is stored.

Suppose you have a domain member named DOMAINMEMBER in a domain called MYDOMAIN. You can reset the member security channel by using the following command:
netdom reset domainmember /domain:mydomain
You can run this command on the member DOMAINMEMBER or on any other member or domain controller of the domain, provided that you are logged on with an account that has administrator access to DOMAINMEMBER.

This is what I found on the microsoft database, now I just need to implement that into a batch file that will run on the machine to reset the password.

I was thinking to use a runas command to get admin rights on the machine, however im not sure how to implement this.

My Admin is using this VB script, but its not working.

I just want to make it simple and easy i don think we need all this script just to reset the secure channel password on the machine before the 30 day reset.

Can anyone give me a hand, i will appreciate any input you guys have?

 

[uid=[0]]

If you are allowed to do this to begin with, You shouldnt be trying to write a script to give you admin rights. If you do not have admin rights chances are you are not supposed to and if in which case this is true, and you are trying to escalate your privilages, you will not find help here..

 

[Brookfield]

Re: Using Netdom in a batch file to reset computer accounts, can someone lend me a hand?

xyx, I have just received info that the PC is school or college property, we have young members like you, trying to bypass security protocols all the time, nice try!, don't re-post, or your'e gone.

 

[Brookfield]

Re: Using Netdom in a batch file to reset computer accounts, can someone lend me a hand?

Resetting computer accounts in Windows 2000 and Windows XP

*Link deleted as requested by xyx

Netdom.exe
For each member, there is a discrete communication channel (the security channel) with a domain controller. The security channel is used by the Netlogon service on the member and on the domain controller to communicate. Netdom makes it possible to reset the security channel of the member. You can reset the member security channel by using the following command:

netdom reset 'machinename' /domain:'domainname
where 'machinename' = the local computer name and 'domainname' = the domain where the computer/machine account is stored.

Suppose you have a domain member named DOMAINMEMBER in a domain called MYDOMAIN. You can reset the member security channel by using the following command:
netdom reset domainmember /domain:mydomain
You can run this command on the member DOMAINMEMBER or on any other member or domain controller of the domain, provided that you are logged on with an account that has administrator access to DOMAINMEMBER.

This is what I found on the microsoft database, now I just need to implement that into a batch file that will run on the machine to reset the password.

I was thinking to use a runas command to get admin rights on the machine, however im not sure how to implement this.

My Admin is using this VB script, but its not working.

I just want to make it simple and easy i don think we need all this script just to reset the secure channel password on the machine before the 30 day reset.

Can anyone give me a hand, i will appreciate any input you guys have?

'==========================================================================
' NAME: Secure Channel Reset
'
' AUTHOR: Anthony Howard , CSC/Sempra Energy
' DATE  : 3/1/2006
' Comments: Netdom.exe must exist in same directory for script to properly execute.
'==========================================================================
Option Explicit
Dim dtmval, serverpath, adsinfo, fso, secchanlog, WshShell, objcomputer, strName
Dim lngPasswordage, Return

dtmval = Right("00" & Month(Now),2) & Right("00" & Day(Now),2) & Right(Year(Now),2)

'MsgBox dtmval
'serverpath = "\\corp\corpdata\DCC\CollectionPoint$\SecureReset$\" 'Change to network server for production
serverpath = "\\ap-cerctr-p02\csc_images\SecureResetTest\"
Const forappending = 8

Set WshShell = CreateObject("WScript.Shell")
strName = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")
strName = WshShell.RegRead("\HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName")
strName = WshShell.RegRead("\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Hostname")
strName = WshShell.RegRead("\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname")
Set adsinfo = CreateObject("ADSystemInfo")
Set fso = CreateObject("Scripting.FileSystemObject")
Set SecChanLog = fso.OpenTextFile(serverpath & dtmval & strname & ".txt", 8, True)



Set objcomputer = GetObject("LDAP://" & adsinfo.ComputerName) 
	lngPasswordAge = DateDiff("d" ,objcomputer.PasswordLastChanged ,Date)
	'wscript.Echo adsinfo.ComputerName
	'WScript.echo lngPasswordage
	

If lngPasswordage > 27 Then 'change to > for production
	Return = WshShell.Run("NetDom Reset " & strName & " /Domain:Corp /UO:*** /PO:***", 1, True)
		Select Case Return 
			Case 0 		SecChanLog.WriteLine (strName & " had machine account password reset on " & Now)
			Case 53		secchanlog.WriteLine ("Cannot Connect to " & strName & now)
			Case 1326 	SecChanLog.WriteLine (strName & " logon failure, bad password" & now)
			Case Else secchanlog.WriteLine ("Password change failed, unknown issue" & now)
			' additonal known errors may be added if necessary
		End Select
	'WScript.Echo Return
	WScript.Sleep 30000
	Else
	SecChanLog.WriteLine (strName & " was not reset, password changed too recently")
	WScript.Sleep 30000
End If

SecChanLog.Close

See my post [3] another thing, only one web address alowed in your sig, see the rules, keep one, but delete the others, do it quickly, or I will delete all three.

 

[zyx]

lol
Brookfield

i'm not actually trying to do that your totally misunderstood
and im not trying to do anything of the sorts

its a utility company, not a school at all.

im a consultant just trying to help out someone at the utility company.

The script works however it doesnt rejoin the domain.

maybe someone can help me figure out how to rejoin the domain

 

[Brookfield]

lol
Brookfield

i'm not actually trying to do that your totally misunderstood
and im not trying to do anything of the sorts

its a utility company, not a school at all.

im a consultant just trying to help out someone at the utility company.

The script works however it doesnt rejoin the domain.

maybe someone can help me figure out how to rejoin the domain

Explanation accepted, understand that we get so many trying their luck.
Thanks for adjusting your sig, quickly done!

 

[zyx]

yeah no problem!

I just want to cooperate

and also try and get this issue resolved. I don't know much scripting myself and the IT spealist wrote that script, however it works and resets the password, but it doesn't want to rejoin the domain

 

[uid=[0]]

LOL yea, sometimes on these type of subjects its better to add a small explination, because it is somewhat of a touchy subject. When you refer to rejoin the domain.. do you mean the computer doesnt or what? That and i assume your running active directory right?

 

[uid=[0]]

Oh yea, if i may make a suggestion. You might want to edit your posts a little bit, because that script gives away information about your network there.

 

[zyx]

netdom join machine /domain:name /userd:user /passwordd:*******

thats the command but i dont know how to implement that in the code

all i basically need to do is create a batch file that resets the secure channel password and joins the domain!