AD: Change Default Login Domain after Migration

When adding a trusted domain or migrating computers to a new domain, the login prompt often defaults to the old domain or the name of the workstation. This can cause confusion for users who are often confused about computers by default ;)

In order to make their lives easier, you can set their default login domain by modifying the computer’s registry (reg add available only on XP and 2k3). In the examples below “NEWDOMAINNAME” is the new domain name and “wkstnName” is the recently migrated workstation name.

run from command line..

Running the command locally:
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /f /t REG_SZ /d "NEWDOMAINNAME"

Remotely modifying the key:
reg add "\wkstnName\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /f /t REG_SZ /d "NEWDOMAINNAME"

If you use Win2000, you can modify those values with regedit or download the Windows 2000 SP4 Support Tools which installs reg.exe.

Or you can do it in WSH..

const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "wkstnName"
Set objRReg = GetObject("winmgmts:{impersonationLevel=impersonate}!" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
strValueName = "DefaultDomainName"
strValue = "NEWDOMAINNAME"
objRReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Set objRReg = Nothing

Microsoft also provides a way to do this via Group Policy. Oh, as an added bonus, this also works instantly for Terminal Services. On one of my machines, it would always default to blank or the wrong domain. I tested this script on it and now I get prompted with the most proper domain each time.

keywords: default domain login, trusted domain default login, dual domain login default

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain RealCajunRecipes.com in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in Active Directory
2 comments on “AD: Change Default Login Domain after Migration
  1. Scott B says:

    Hi,

    After domain migration to new name, in AD User/Computer, under the account tab every user is still showing the old domain. such as “jsomebody @olddomainname”

    Is there a script or gp to make this change to the new domain for all users instead of one by one?

Leave a Reply

Your email address will not be published. Required fields are marked *

*