Windows 10: Locked out after leaving domain.

Hello, Hoping to get back into my 5 year old machine without reinstalling w10 again...I have read several other similar threads similar. I have been looking at this for a few days now and here's my situation:


I have been able to log in with my microsoft account and it see's the computer from another system so I know that the account and the computer were connected


The only username that I am left looks like "firstname lastname" which is similar to my microsoft account name except that is firstname.*** Email address is removed for privacy ***.


I understand that my error was in not creating a new user account with admin privs and then loggin into that before leaving the domain for a workgroup. So now left with a mess apparently.


After a cold boot and after Ctrl-ALT-Del to unlock...no other accounts are visible.


I have accessed the command line via the 'sticky key hack" and can see the admin account. I added another account with admin rights that I was able to create there as well ..... I can't change the login username them.


I am hoping there is a CMD that will force either a username prompt or a change to a different login username of one of the other accounts. Also should note that I reset the passwords of all the accounts that are users and tried that password just on the chance that

the account name displayed on the lock screen was somehow aliased to one of the other accounts. But nothing.


.BTW I should have said earlier that my MSwindows password isn't accepted which was when I knew I was in trouble to start with when my

old domain username was deleted automatically,


I would like to not lose my stored files to do a fresh install, it that is even possible at this point I do not know. Any thoughts?

:)

 

leave a domain

Hi,

If you're Windows PC is part of a domain, you can remove the PC from the domain by following the steps below:

• Open Settings, and click Accounts.
• Click on Access work or
  school, click on the connected AD
  domain you want to be removed from, and then click on Disconnect.
• Click Yes to confirm.
• Click Disconnect when asked if you want to disconnect from the organization.
  
• Click Restart now.
• After done, your PC shouldn't be a member of the domain.

Note: You must be signed in to an administrator account to leave a domain.

Let us know if you need further assistance.

If you think this was useful, feel free to "mark it as an answer" to help those who are facing the same problem.

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW

 

Domain Account Locked Daily


Hello,
I have similar problem. My domain account locks from time to time. I just upgraded from W8.1 to W10.
I tried many steps to solve this but none is working.
I found out some interesting things. Using a tool "Account Lockout Status" I found that Last Bad Pwd value is changed when I enter credentials after computer automatic or manaul screen lock out.
I can work normally if I do not get a message about "Windows needs your current credentials":



If I get this message and do nothing - account very quickly locks out.
If I do quick screen lock and unlock it will go ok for some time.
Very strange. I replicate the problem of Last Bad Pwd value using another PC with W10. Some other users in domain are ok some same as mine.
Something wrong with specific users and Windows 10 combination..




Regards,
Gediminas