Preventing VM’s From Falling Off The Domain

When working in a virtual lab continuously rolling back machine snapshots, unless you have taken steps to prevent it you may find your machines being kicked off of the domain (see here for a more detailed explanation). There’s a registry tweak you can apply to stop this happening (from http://support.microsoft.com/kb/154501):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters]
"DisablePasswordChange"=dword:00000001

Also, the following article shows you how to do this via group policy:

https://technet.microsoft.com/en-us/library/jj852191(v=ws.11).aspx

You can either apply the policy to a limited number of test machines in their own OU, or if the domain is strictly being used for test purposes you can just apply it to the default domain policy like I did. After setting this key, either reboot or run the command gpupdate /force to apply the policy before taking your snapshots.

If the worst happens and you have to rejoin the domain, most people will take the machine off of the domain and join a workgroup, reboot, re-join the domain, then reboot again. However, you can skip this workgroup part altogether and save yourself an unnecessary reboot. The GUI for changing the computer name/domain will not let you press OK until you have changed the domain name or removed it. You can fool it into thinking you’ve changed it by trimming the name down to just keep the lowest level part, e.g. change ‘testlab.local’ to just ‘testlab’. When you press OK, it should automatically resolve the fully qualified domain name:

Changing the domain name

Tags:

Categories:

Updated:

Comments