What is a good way to reboot a list of windows computers on a windows domain? Assuming the windows domain controller does not have a service to do this, please make recomendations for a script.
Log on to the workstation. Access the control panel. Open the System applet. Select the change option to change the PC name or domain membership. Specify a new computer name. Click OK to save the change. Click OK on the main properties dialog. Restart the computer. 2,&Restart Computer, domain.namenetlogonrestartcomputer.vbs. Note that 2 is next available. When this is done click your way out of ADSI Edit and close and open Active directory users and computers. When you right click any computer object you will get this menu.
Can I list the host names and iterate though the host names to send a restart command to each? Can I get a list of host names from the DHCP server running in a Windows 2008 box at the script's runtime?
My preferred scripting languages from most to least desirable are:PHP, javascript, Bash, Python (know very little), VB (know it but don't like it)
If GPO isn't your thing, and you want to go with Mark Henderson's second option (batching shutdown /m
) you can make your job easier by batch-jobbing the shutdown so it'll do them in parallel rather than serial. It requires PowerShell on the part of the admin station, but it's very nifty.
What this fragment does is spawn as many background jobs executing in parallel as there are machines in $ComputerList. This can make shutting All The Things down happen a lot faster.
You can do this with Group Policy Preferences by making a new scheduled task that will run every night at a certain time. The command for that task should be shutdown /r /t 0
. You can then link that GPO to the OU or OUs that have your computers in them.
You will probably want to use the 'Run This Program At a Random Interval' option set somewhere between 10-15 minutes. Having every single computer power up at the same time can be bad for your breakers if you're not careful. You might also want to check the option to only run the task if the computer has been idle for x hours, in case someone is pulling an all-nighter. You don't want to kill a whole night's worth of work by rebooting someone that's trying to make a deadline.
Two options:
Create a scheduled task via GPO that runs shutdown /r /f /t 0
or shutdown /g /f /t 0
on each machine you want to reboot. (check out shutdown /?
for more detail.
Create a batch that runs shutdown /m [computer name] /r /f /t 0
from a central computer (perhaps the domain controller?). Loop it for each computer you want to reboot (change the [computer name]
). This means that the computer will not be restarted if it is unreachable for whatever reason, and needs to be run from an account that has the rights to restart computers.
You should be able to write a batch file that loops through a list of computers pulled from the active directory and runs the command, however I don't have the time to write one today (and I'm not willing to test it even if I did write it, otherwise I would be grilled out for rebooting everyones computer in the middle of the day).
The best way to do that is to fire the person having the idea that this is needed and the doing what all other people do - not do that.
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
I have a problem with a Windows 7 PC that had been a member of the domain. When I try to logon to this PC with domain credentials I get a message similar to
Now I need to reestablish the membership of the PC in the domain. But since I can't logon I can't change neither the computer name nor the domain membership.
Edit:
There are no active local accounts on the machine that I could use to logon.
This trick comes to be via my Active Directory study group. I suggest that everyone join a usergroup and/or a study group. It’s not that we don’t know AD, it’s that we forget or miss new features. A refresher course is fun too.
Occasionally a computer will come “disjoined” from the domain. The symptoms can be that the computer can’t login when connected to the network, message that the computer account has expired, the domain certificate is invalid, etc. These all stem from the same problem and that is that the secure channel between the computer and domain is hosed. (that’s a technical term. Smile )
The classic way to fix this problem is to unjoin and rejoin the domain. Doing so is kind of a pain because it requires a couple of reboots and the user profile isn’t always reconnected. Ewe. Further if you had that computer in any groups or assigned specific permissions to it those are gone because now your computer has a new SID, so the AD doesn’t see it as the same machine anymore. You’ll have to recreate all of that stuff from the excellent documentation that you’ve been keeping. Uh, huh, your excellent documentation. Double Ewe.
Instead of doing that we can just reset the secure channel. There are a couple of ways do this:
dsmod computer 'ComputerDN' -reset
netdom reset MachineName /domain:DomainName /usero:UserName /passwordo:Password
nltest.exe /Server:ServerName /SC_Reset:DomainDomainController
Stop fighting with this problem from the client side. If you can't log in to the domain, you're either going to have to log in with an enabled local account, or use a boot CD to enable one.
Try removing the machine from Active Directory Users and Computers. It should be in the Administrative Tools on your server. Open the OU (organizational unit) that contains the computer. Find the computer, right click on it, and hit delete.
It might not hurt to be patient and just let replication do its thing, depending on how many DCs you have. If your domain is pretty simple (no sites and just two DCs) you could use repadmin /replicate
to force replication. Give this a read before doing so.
Now add the PC again using AD UC and either wait for replication or force it.
If it still whines at you, give netdom /remove
a try (man page here) and see if that will get it off your domain. If you have trouble with that, take a look at this question. It's a different scenario but essentially the same concept: trying to remove a computer from a domain when it can't contact the DC.
You may have to log in using credentials that are local to that machine. When the OS was first installed, there is a local account that is set up.
Log in with that account using the Computer Name as the domain (ex. MYCOMPJSmith). Usually the local machine administrator account is present but disabled by default.
Once you are logged in as a local user, you should be able to leave and rejoin the domain.
As of Server 2008 R2, the task is very simple. We may now use the Test-ComputerSecureChannel
cmdlet.
Test-ComputerSecureChannel -Credential (Get-Credential) -Verbose
Add the -Repair
parameter to perform the actual repair; use credentials for an account that's authorized to join computers to the domain.
Reference:
-- EDIT--
If there aren't any local administrator accounts you can use for this, you can create one (or enable the disabled built-in Administrator account) with the well-known Sticky Keys hack.
To reset a forgotten administrator password, follow these steps: ^
copy C:WindowsSystem32sethc.exe C:
This creates a copy of sethc.exe to restore later.copy /y C:WindowsSystem32cmd.exe C:WindowsSystem32sethc.exe
Reboot your computer and run the Windows instance for which you don't have the administrator password.net user [username] [password]
If you don't know your user name, just type net user
to list the available user names.If you wish to enable the disabled-by-default built-in Administrator account instead of resetting the password on an existing account, the command is:
net user administrator /active:yes
.If you wish to create a new account and add it to the local Administrators group, the command sequence is:
net user /add [username] [password]
net localgroup administrators [username] /add
It's only possible to add the PC when you have the administrators rights at the PC and the right to change the DC.
Therefore it is necessary to reset the administrators password at the PC. One way to perform this task is the use of the installation DVD and use the repair console. This allows you to regain the full control.
The only solution, if you have a PC / Server Trust issue, (after reset, recreate on DC, etc.) to resolve it without any restore!
Disable all NICS, so it can't verify the trust relationship with the logon DC. Then login with a previously logged in administrator level domain account (must reside in local PC Administrators Groups) that was previously logged in i.e. to leverage the cached credentials.My Problem was I moved a W7 VM from prod to a test lab, and anticipated a trust to be broken, however not that i was not able to login with Local admin / user accounts, or even with the 'old domains' cached credentials.
Disable the NIC's and cached credentials works, then you can rejoin to domain with netdom join
.
If you run out of cached Credentials tries (depends on local OS Policies / GPO - up to 50), do a system restore to a previous days, this will work, too.
At first try to log in with Administrator (Computer nameAdministrator), then unjoin domain to WorkGroup then reboot.Now your PC is in WorkGrup as local account. Now try to join domain again.(Right click on My computer->Property->Change->Doamin->Ex Fu-com.com -> Then it will as administrator password for Server then enter user name as administrator and then password. then reboot your computer. Now your computer is in domain try to login with you User ID and password.
Disconnect the network cable and log in to the affected workstation (cached credentials will allow this.) After doing this, reconnect the network cable.
Download the Remote Server Administration Tools (RSAT) package from Microsoft here: http://www.microsoft.com/en-us/download/details.aspx?id=7887 (select the proper 32-bit or 64-bit version according to the workstation’s operating system, not the server’s.)
Install the downloaded package. We had trouble with this until we used clean boot mode, so you may have to restart the workstation after configuring for clean boot, which can be undone after this process.
Installing RSAT doesn’t automatically make it available to use. Go to Control Panel -> Programs -> Add/Remove Windows Features and look for Remote Server Administrator Tools. Expand this and drill down to AD/AS / Command line and enable that.
Open a command window as Administrator and enter this command:
NETDOM.EXE resetpwd /s:(server) /ud:(username) /pd:*
Where (server) is the Netbios name of the domain server and (username) is the login account of the affected workstation in the format DOMAINUsername
That’s it. After doing this, everything returned to normal on the workstation.
I have had this happen and what worked for me is to log in on admin account and re add to workgroup, then re add to domain after that.
If you have antivirus software installed, do the following...
Start > run > ncpa.cpl > press Alt + N button >Advanced Settings > tab Provider Order > press the up botton to get Microsoft Windows Network to the top.
Do this on client and domain controller (DC).