AD: Change Default Login Domain after Migration

When adding a trusted domain or migrating computers to a new domain, the login prompt often defaults to the old domain or the name of the workstation. This can cause confusion for users who are often confused about computers by default ;)

In order to make their lives easier, you can set their default login domain by modifying the computer's registry (reg add available only on XP and 2k3). In the examples below "NEWDOMAINNAME" is the new domain name and "wkstnName" is the recently migrated workstation name.

Running the command locally: reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /f /t REG_SZ /d "NEWDOMAINNAME"

Remotely modifying the key: reg add "\wkstnName\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /f /t REG_SZ /d "NEWDOMAINNAME"

If you use Win2000, you can modify those values with regedit or download the Windows 2000 SP4 Support Tools which installs reg.exe.

const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "wkstnName" Set objRReg = GetObject("winmgmts:{impersonationLevel=impersonate}!" & strComputer & "\root\default:StdRegProv") strKeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon" strValueName = "DefaultDomainName" strValue = "NEWDOMAINNAME" objRReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue Set objRReg = Nothing

Microsoft also provides a way to do this via Group Policy. Oh, as an added bonus, this also works instantly for Terminal Services. On one of my machines, it would always default to blank or the wrong domain. I tested this script on it and now I get prompted with the most proper domain each time.

keywords: default domain login, trusted domain default login, dual domain login default