AD: Change Default Login Domain after Migration

When adding a trusted domain or migrating computers to a new domain, the login prompt often defaults to the old domain or the name of the workstation. This can cause confusion for users who are often confused about computers by default ;)

In order to make their lives easier, you can set their default login domain by modifying the computer’s registry (reg add available only on XP and 2k3). In the examples below “NEWDOMAINNAME” is the new domain name and “wkstnName” is the recently migrated workstation name.

run from command line..

Running the command locally:
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /f /t REG_SZ /d "NEWDOMAINNAME"

Remotely modifying the key:
reg add "\wkstnName\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /f /t REG_SZ /d "NEWDOMAINNAME"

If you use Win2000, you can modify those values with regedit or download the Windows 2000 SP4 Support Tools which installs reg.exe.

Or you can do it in WSH..

const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "wkstnName"
Set objRReg = GetObject("winmgmts:{impersonationLevel=impersonate}!" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
strValueName = "DefaultDomainName"
strValue = "NEWDOMAINNAME"
objRReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Set objRReg = Nothing

Microsoft also provides a way to do this via Group Policy. Oh, as an added bonus, this also works instantly for Terminal Services. On one of my machines, it would always default to blank or the wrong domain. I tested this script on it and now I get prompted with the most proper domain each time.

keywords: default domain login, trusted domain default login, dual domain login default

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, and holds a number of certifications, including those relating to SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory
2 comments on “AD: Change Default Login Domain after Migration
  1. Scott B says:

    Hi,

    After domain migration to new name, in AD User/Computer, under the account tab every user is still showing the old domain. such as “jsomebody @olddomainname”

    Is there a script or gp to make this change to the new domain for all users instead of one by one?

Leave a Reply

Your email address will not be published. Required fields are marked *

*