Can't leave (non-existent) domain, only get DNS error.

AnttiV · 01 Mar 2014

EDIT: Solved. Needed to use "Windows Enabler" -application to enable the disabled "Network ID" -button and click that.

Hi!

I used to have an Active Directory domain at home, but just recently the AD controller broke and I'm not financially capable of replacing it. So I decided to remove all computers from the domain and just use a workgroup. All the computers are personally mine, I am the sole administrator of the local computers AND the domain. There is no company and no other person to contact besides me. I have all the needed passwords and usernames (and then some) to do anything with the computers. Each computer is running Win7 x64. The AD *WAS* a 2k3 server and also acted as a intranet-DNS/internet-DNS-redirect. (And a bunch of unrelated stuff). I had a backup DNS running debian, but it went the same way (the computer was a ESXi server running several virtual machines, including the AD and the secondary DNS)

I'm a Tech Support and I've been working in places that have a domain, also I've had this domain working for at least 5 or 6 years now, so I'm not a complete noob :)

However, now I'm stuck on an error I have NEVER seen before. After I removed a few computers from the domain I started with my kids' computers... And then - hair-pulling ensued.
This is what I did:
Using account that has full local admin rights, then the "real" local "Administrator" account. It didn't matter.
Start->Computer-(rightclick)->Properties-> Change Settings (under Computer Name, domain...)

(Weirdness 1: Network ID -button is greyed out. This didn't happen with other computers. )

Clicking Change->Workgroup->name workgroup.

(Weirdness 2: although the "workgroup" radio button became selected, the greyed-out domain radio button never became UNselected.)

Display info about "you need local admin rights blah blah" -> OK

Then, I assumed I'd get that window where it asks for admin username/password, but no, what I got was an error dialog saying the "Active Directory Controller could not be reached"

Full Error Text:

Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "domainname.domainext":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.domainname.domainext

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

-- IP of my ADSL router that acts as a DHCP Server / DNS Redirect --

- One or more of the following zones do not include delegation to its child zone:

domainname.domainext
domainext
. (the root zone)

Note, as said:
I) the ADC *does not* exist anymore
II) nor does the secondary DNS
so it is impossible to contact anything that the old domain was built on. Nothing remains.

I read a WHOLE lot of posts here and elsewhere on the web that suggested different things, including:
a) use the "real" Administrator account, not just any account with local admin rights
b) disconnect network cable and try again
c) disable all network adapters and try again

most posts just straight out said to input local admin user/pass to the window and disregarded the fact that there is NO dialog to input them. That dialog NEVER displays, I only get the ADC/DNS error dialog.

I'd really, really, REALLY hate to install everything from the start. Is there really no other option to remove the computer from the domain if that one fails?

UsernameIssues · 01 Mar 2014

Welcome to the Seven Forums.

What happens if you leave the computer in the nonexistent domain, but change the DNS settings for the active network adapter? (e.g. point DNS to OpenDNS or Google's DNS servers or ...)

AnttiV · 01 Mar 2014

UsernameIssues said:

Welcome to the Seven Forums.

What happens if you leave the computer in the nonexistent domain, but change the DNS settings for the active network adapter? (e.g. point DNS to OpenDNS or Google's DNS servers or ...)

Thanks!

I did that already. As I stated the ex-ADC acted as a DNS and also that the backup-DNS died too. Also above there it says "-- IP of my ADSL router that acts as a DHCP Server / DNS Redirect --". So I am using my ADSL modem (if I hadn't changed anything, I wouldn't get ANY DNS information whatsoever) as a "DNS Server" (well, redirect, but anyway, same difference). I also tried using Google's (and none, and even a series of bogus numbers), but that doesn't really alter anything. After everything, I just get that same error time and again, no matter what I have tried. It's... frustrating to say the least.

UsernameIssues · 01 Mar 2014

AnttiV said:

~~~
Thanks!

I did that already. As I stated the ex-ADC acted as a DNS and also that the backup-DNS died too. Also above there it says "-- IP of my ADSL router that acts as a DHCP Server / DNS Redirect --". So I am using my ADSL modem (if I hadn't changed anything, I wouldn't get ANY DNS information whatsoever) as a "DNS Server" (well, redirect, but anyway, same difference). I also tried using Google's (and none, and even a series of bogus numbers), but that doesn't really alter anything. After everything, I just get that same error time and again, no matter what I have tried. It's... frustrating to say the least.

Sorry that I was not clear. I did not expect using OpenDNS/Google to solve the error that you quoted in your OP. I was wondering if you can still use the computer to surf, play games....
....while it is still a member of this nonexistent domain?

chev65 · 01 Mar 2014

Are you certain that none of those greyed out settings are locked down via Group Policy?

AnttiV · 01 Mar 2014

UsernameIssues said:

Sorry that I was not clear. I did not expect using OpenDNS/Google to solve the error that you quoted in your OP. I was wondering if you can still use the computer to surf, play games....
....while it is still a member of this nonexistent domain?

Ah, my bad, sorry, I didn't understand the question correctly then :)
But, yes, everything works well. I can surf/chat/play/whatever you will perfectly fine. There's nothing really *wrong* with that computer. And if it was mine, I'd left it like that. But it's a kids' computer and I'd like to have that "point-and-login" interface and not one you need to click too many things and type domain/username when changing users. But, anyway, I managed. Read further :P

Are you certain that none of those greyed out settings are locked down via Group Policy?

I'm *pretty* sure. I'm not 100%, but pretty sure, because why would it only affect two computers out of 8 total? I suspect something else, but I can't prove/disprove anything. That might be the case. But thankfully I don't have to:

I FIXED IT! No, I still don't know WHY it was like that, or WHAT it was that made it do that (which is in itself a bad thing and you should NEVER, EVER do that to a mission-critical production system.). Just cleaning up symptoms but not the cause is not the wisest thing ever.. But in this case, well :)

What I did was after *extensive* googling around I managed to find a piece of software called "Windows Enabler" that somehow enables disabled buttons as you click on them. (Magic, I suspect.) I then used that to click on the "Network ID" -button, set the computer to "home network" and restarted *immediately* after clicking OK on that dialog. After it came up, it was removed from the domain and everything works as I want it to.

So, thanks for the help and I'm actually sorry to not be able to tell you (and the world in general), what really was wrong with it. But in case you bump into a similar problem - Windows Enabler was a surprisingly good program... :)

chev65 · 01 Mar 2014

AnttiV said:

UsernameIssues said:

Sorry that I was not clear. I did not expect using OpenDNS/Google to solve the error that you quoted in your OP. I was wondering if you can still use the computer to surf, play games....
....while it is still a member of this nonexistent domain?

Ah, my bad, sorry, I didn't understand the question correctly then :)
But, yes, everything works well. I can surf/chat/play/whatever you will perfectly fine. There's nothing really *wrong* with that computer. And if it was mine, I'd left it like that. But it's a kids' computer and I'd like to have that "point-and-login" interface and not one you need to click too many things and type domain/username when changing users. But, anyway, I managed. Read further :P

Are you certain that none of those greyed out settings are locked down via Group Policy?

I'm *pretty* sure. I'm not 100%, but pretty sure, because why would it only affect two computers out of 8 total? I suspect something else, but I can't prove/disprove anything. That might be the case. But thankfully I don't have to:

I FIXED IT! No, I still don't know WHY it was like that, or WHAT it was that made it do that (which is in itself a bad thing and you should NEVER, EVER do that to a mission-critical production system.). Just cleaning up symptoms but not the cause is not the wisest thing ever.. But in this case, well :)

What I did was after *extensive* googling around I managed to find a piece of software called "Windows Enabler" that somehow enables disabled buttons as you click on them. (Magic, I suspect.) I then used that to click on the "Network ID" -button, set the computer to "home network" and restarted *immediately* after clicking OK on that dialog. After it came up, it was removed from the domain and everything works as I want it to.

So, thanks for the help and I'm actually sorry to not be able to tell you (and the world in general), what really was wrong with it. But in case you bump into a similar problem - Windows Enabler was a surprisingly good program... :)

Windows enabler sounds like a life saver. It may just be undoing the Group Policy's that were locking those buttons down because it's sometimes nearly impossible to find the exact policy that is creating the problem.

Yes it's possible the two machines were locked down by their "own" individual Group Policy as well. It depends on if the accounts were Admin etc.

I can't think of any other reason for those buttons to be locked down but I'm glad you have the issue fixed. :)

UsernameIssues · 01 Mar 2014

AutoIt, AutoHotKey and other scripting tools have a function that calls a native Windows Application Programming Interface to enable or disable buttons, edit fields, check boxes....

You just have to be careful that the item you enable is at the start of a process (as was your case). You enabled a button that lets the system properties app load a wizard. From there, the wizard functioned normally