AD: Change Default Login Domain after Migration

When adding a trusted domain or migrating computers to a new domain, the login prompt often defaults to the old domain or the name of the workstation. This can cause confusion for users who are often confused about computers by default ;)

In order to make their lives easier, you can set their default login domain by modifying the computer's registry (reg add available only on XP and 2k3). In the examples below "NEWDOMAINNAME" is the new domain name and "wkstnName" is the recently migrated workstation name.

Running the command locally:

1reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" ^
2    /v DefaultDomainName ^
3    /f ^
4    /t REG_SZ ^
5    /d "NEWDOMAINNAME"

Remotely modifying the key:

1reg add "\\wkstnName\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" ^
2    /v DefaultDomainName ^
3    /f ^
4    /t REG_SZ ^
5    /d "NEWDOMAINNAME"

If you use Win2000, you can modify those values with regedit or download the Windows 2000 SP4 Support Tools which installs reg.exe.

 1' VBScript example
 2Const HKEY_LOCAL_MACHINE = &H80000002
 3strComputer = "wkstnName"
 4Set objRReg = GetObject("winmgmts:{impersonationLevel=impersonate}!" & _
 5    strComputer & "\\root\\default:StdRegProv")
 6
 7strKeyPath   = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
 8strValueName = "DefaultDomainName"
 9strValue     = "NEWDOMAINNAME"
10
11objRReg.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strValue
12Set objRReg = Nothing

Microsoft also provides a way to do this via Group Policy. Oh, as an added bonus, this also works instantly for Terminal Services. On one of my machines, it would always default to blank or the wrong domain. I tested this script on it and now I get prompted with the most proper domain each time.

keywords: default domain login, trusted domain default login, dual domain login default