You cannot log on after you remove the computer from the domain

Article translations Article translations
Article ID: 317049 - View products that this article applies to.
This article was previously published under Q317049
Expand all | Collapse all

SYMPTOMS

After you change a computer's membership from a domain to a workgroup and restart the computer, you cannot log on with your previous user name and password. You may also receive the following error message:
The system could not log you on. Make sure your user name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case. Make sure that Caps Lock is not accidentally on.

CAUSE

This behavior occurs because the user name and password that you previously used are available for logon only to a domain. Your computer is no longer a member of a domain. Therefore, your logon attempt must be validated on the local computer by using the local security database. To log on to the computer, you must provide a user name and password that exists in the local computer's user database, or Security Accounts Manager (SAM).

RESOLUTION

To avoid this behavior, make sure that the local security database on the computer contains the default Administrator account from when the computer was first installed, together with any additional user accounts that have been created, in its local users security settings.

If you do not know the local user account and password, you cannot log on to the computer. To resolve this issue, use one of the following methods, as appropriate for your operating system.

For Microsoft Windows NT 4.0

Use a recent copy of the Microsoft Windows NT Emergency Repair Disk (ERD) to restore the registry files on the system. This resolution lets you restore the computer's user database (or SAM) to a version for which you have a correct user name and password.

Be aware that when you replace the SAM from the ERD, this replaces the user accounts and passwords with those that existed on the date that the ERD was created. Therefore, when you use an account that was created by using this method, you have to know that account's password on the date that the ERD was created.

Also, depending on the options that were used when the ERD was created (such as whether the /S switch was used or not), the ERD may not include all existing user accounts.

By using the ERD, you are also required to start your computer from either the Windows NT 4.0 CD-ROM or from a boot disk, and to select the Repair option. During the repair process, select only the Registry option in the first window. Later in the repair process, a second window will offer options for which registry hives to repair. Select the SAM option.

For Windows XP or for Windows Vista

Use a System Restore Point to restore the computer to the time at which the computer was added to the domain. Then, log on to the domain. Make sure that you know the user name and the password for an account in the local Administrators group. For more information, see the following Microsoft Knowledge Base article:
295017 How to change a computer name, join a domain, and add a computer description in Windows XP or in Windows Server 2003

For more information about ERDs and how to perform an emergency repair in Windows NT, click the following article numbers to view the articles in the Microsoft Knowledge Base:
156328 Description of Windows NT Emergency Repair Disk
122857 RDISK /S and RDISK /S- options in Windows NT

WORKAROUND

If you do not have an ERD, you can work around the issue by installing a parallel installation of Microsoft Windows XP, Microsoft Windows 2000, or Windows NT. A parallel installation lets you log on to the computer. Therefore, you can gain access to the computer or copy files from it. However, this method will not let you retrieve either user names or passwords from the original Windows XP, Windows 2000, or Windows NT installation. Therefore, it is better for you to know a user name and password for a member of the local Administrators group before you change a computer's membership from a domain to a workgroup. After you have backed up all the files by using the parallel installation, you can reformat the hard disk and then reinstall Windows XP, Windows 2000, or Windows NT. Or, you can configure the new parallel installation for your needs and use it instead.

For more information about how to perform a Windows NT parallel installation, click the following article number to view the article in the Microsoft Knowledge Base:
259003 How to perform a parallel installation of Windows NT 4.0
189126 Microsoft policy about missing or incorrect passwords

Properties

Article ID: 317049 - Last Review: June 13, 2008 - Revision: 4.0
APPLIES TO
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
Keywords: 
kberrmsg kbprb ocsso KB317049

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com