0

I have Win 7 joined to my corporate AD with 3 month password expiry. Now I have problem that they wanted to change the AD to a new domain. I am not sure if the old AD is still alive.

However I have time constrain with my projects to be delivered and cannot afford to loose my Windows login account and all the settings.

  1. If they re-join my Windows to the new AD, I believe I need to have new login account am I right?
  2. I can point DC to 127.0.0.1 in host file so my Windows cannot connect to the dying AD?
  3. If the old AD is dead, can I still login after the password expired? or anyway to renew it?
  4. Can I disable password expiration if the old AD is no longer online?

Any workaround so that I can still use my account for a certain period of time?

Improve this question

1 Answer 1

Reset to default
0

If the old AD Domain no longer exists then:

  1. Your administrators have probably migrated your account to the new AD domain. Whether that migration includes password history and state I couldn't say as it would depend on how exactly the migration is done.
  2. 127.0.0.1 represents your local machine. Mapping the name of the DC to your local machine would do nothing to assist you, because your local machine is not an AD domain controller for the old domain and so would not be able to process a login request.
  3. If the old AD is not online, it is probably inaccessible to clients, and even if it weren't it's unlikely that your account would have sufficient privileges to change password expiration policy.

Your domain administrators will likely have put a significant amount of planning into the migration of something as critical as Active Directory, if you have concerns regarding the migration, I would suggest contacting them since they will be far more able to tell you for certain if there will be downtime, and what you might be able to do to minimize the impact of downtime for yourself and your projects.

All of the above being said, Windows may1 maintain a credential cache which can be used for a limited time to login when a domain is unavailable. As long as your machine does not communicate with a domain, and your old credentials remain cached you might be able to login from your machine, until those cached credentials expire.

1 Whether credentials are cached can be controlled by Group Policy. If your administrators have disabled cached credentials. then this will not work for you.

Improve this answer
1
  • They are not migrating the existing account but using a new account with the same userId but totally different domain. Some kind of merging/moving the users from old AD to the (other existing) AD. They already have a plan but it is too short and I cannot afford to have any downtime. I believe there must be a way to keep if I have local Administrators privilege?
    – CallMeLaNN
    Commented Oct 9, 2014 at 7:52

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .