Can't add computers to domain

[Guest]

First off, I'm not a network or system admin. That being said, I've been thrown into the role of one and have a weird situation. I set up a server to run AD and DNS. I then added three workstations to the domain. Everything was working fine

I then went away on a trip. When I came back, I could not add a new computer to the domain. I keep getting an error stating that "A domain controller for the domain could not be contacted". I've tried to follow some of the instructions in the troubleshooting information, but a lot of it is greek to me! Could someone offer some pointers

Thanks
Brian

 

[Scott Harding - MS MVP]

Are these client machines pointing to your internal DNS/WINS servers?

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

First off, I'm not a network or system admin. That being said, I've been

thrown into the role of one and have a weird situation. I set up a server
to run AD and DNS. I then added three workstations to the domain.
Everything was working fine.

I then went away on a trip. When I came back, I could not add a new

computer to the domain. I keep getting an error stating that "A domain
controller for the domain could not be contacted". I've tried to follow
some of the instructions in the troubleshooting information, but a lot of it
is greek to me! Could someone offer some pointers?

 

[Guest]

Yes, by IP address.

 

[Juan]

Can you ping your internal DNS server from the workstation you want to join
by fully qualified domain name? If you can than use a fully qualified
domain name to contact your domain controller when joining the computer.

So when your joining the domain use mydomain.com or what ever your full
domain name is instead of the NetBIOS name mydomain.

Juan

 

[Guest]

Yes, I can ping the dns server from the workstation with the fully qualified domain name (server.domain). I'm noticing though, after reading through a lot of other posts, that everyone seems to be setting up domains like "domain.com" or "domain .net". I only set up one level so all I have is "domain".

Also, when I type nslookup at the command prompt on the workstation, it returns the fqdn of the server along with its correct IP address.

 

[Juan]

Whats the message you get? And are you still Domain Admin?

Yes, I can ping the dns server from the workstation with the fully

qualified domain name (server.domain). I'm noticing though, after reading
through a lot of other posts, that everyone seems to be setting up domains
like "domain.com" or "domain .net". I only set up one level so all I have
is "domain".

Also, when I type nslookup at the command prompt on the workstation, it

returns the fqdn of the server along with its correct IP address.

 

[Leythos]

Yes, I can ping the dns server from the workstation with the fully qualified domain name (server.domain). I'm noticing though, after reading through a lot of other posts, that everyone seems to be setting up domains like "domain.com" or "domain .net". I only set up one level so all I have is "domain".

Also, when I type nslookup at the command prompt on the workstation, it returns the fqdn of the server along with its correct IP address.

If you set it up as a single name domain you should rebuild it with a
domain.lan format. The .lan isn't on the net and it allows DNS to work
properly in your office.

 

[Guest]

Ok, I was afraid I might have to do this, but I think I'm up to the task. First thing I'm going to lose, of course, are all my domain accounts I guess. I can live with that

So I use dcpromo to remove ad from the server. I then use dcpromo again and follow the instructions again hoping that all the DNS stuff is set up correctly for AD? This time I need to make sure to use something like ".lan" after the domain name I choose

Thanks

----- Leythos wrote: ----

Yes, I can ping the dns server from the workstation with the fully qualified domain name (server.domain). I'm noticing though, after reading through a lot of other posts, that everyone seems to be setting up domains like "domain.com" or "domain .net". I only set up one level so all I have is "domain".

If you set it up as a single name domain you should rebuild it with a
domain.lan format. The .lan isn't on the net and it allows DNS to work
properly in your office

 

[Cary Shultz [A.D. MVP]]

Brian,

Please note that if you do need to go this route that there is a very good
possibility that you do not have to be SOL as far as all of your user and
group accounts. There are a couple of ways that you can 'cheat'.

Take a look at ldifde as one possibility. I have included in a couple of
posts the big picture with some of the little points on how to do this. I
am sure that there are other ways but ldifde is a good start. In fact, take
a look at the response to the post entitled 'Advanced ldifde' from TTS.

Your security settings ( NTFS permission on shares ) may be lost but
hopefully you can quickly rebuild that. Another possibility is to look at
ADMT. Just thinking out loud on that. This may or may not be a possibility
as this would require that you had additional hardware ( as you would keep
the existing hardware as the 'source' while needing new hardware to create
the 'target' ).

HTH,

Cary

Ok, I was afraid I might have to do this, but I think I'm up to the task.

First thing I'm going to lose, of course, are all my domain accounts I
guess. I can live with that.

So I use dcpromo to remove ad from the server. I then use dcpromo again

and follow the instructions again hoping that all the DNS stuff is set up
correctly for AD? This time I need to make sure to use something like
".lan" after the domain name I choose.

Thanks!

----- Leythos wrote: -----

qualified domain name (server.domain). I'm noticing though, after reading
through a lot of other posts, that everyone seems to be setting up domains
like "domain.com" or "domain .net". I only set up one level so all I have
is "domain".workstation, it returns the fqdn of the server along with its correct IP
address.

 

[Cary Shultz [A.D. MVP]]

Brian,

I might suggest that you install the Support Tools from the WIN2000 Server
CD or from the WIN2000 Service Pack CD ( this would be the better choice )
and run dcdiag /c /v as well as netdiag /v on your Domain Controllers. This
might give us some information.

How do the workstations receive their IP Address Lease information? From a
WIN2000 DHCP Server? If so, did you include the necessary Options ( 003,
006 and 015 ) so that the workstations receive not only an IP Address lease
but also the additional information that they need? If you do an ipconfig
/all on each of the workstations do they all produce the same output ( well,
naturally the IP Address as well as the MAC Address of the NIC for each
system would be different - but everything else should be the same )?

Just a start. I would also check to make sure that you do not have a single
label domain name. An example of this would 'yourdomain' instead of
'yourdomain.com' or 'yourdomain.internal' or yourdomain.local' or
'yourdomain.lan'....

HTH,

Cary

Ok, I was afraid I might have to do this, but I think I'm up to the task.

First thing I'm going to lose, of course, are all my domain accounts I
guess. I can live with that.

So I use dcpromo to remove ad from the server. I then use dcpromo again

and follow the instructions again hoping that all the DNS stuff is set up
correctly for AD? This time I need to make sure to use something like
".lan" after the domain name I choose.

Thanks!

----- Leythos wrote: -----

qualified domain name (server.domain). I'm noticing though, after reading
through a lot of other posts, that everyone seems to be setting up domains
like "domain.com" or "domain .net". I only set up one level so all I have
is "domain".workstation, it returns the fqdn of the server along with its correct IP
address.

 

[UKTec2]

Hi Brian,
Couple of questions, you make no mention of WINS, are you using it, the
workstations you are running, what OS do they use?
The error you mentioned I have had in the past when a workstation tries to
use NetBIOS to find the PDC emulator, to correct the problem I added WINS to
my DC, setup forwarding from DNS and was then able to add the older
workstations.
If this is not the case give us some more details on the OS versions your
using in your network

Cheers

uktec2

First off, I'm not a network or system admin. That being said, I've been

thrown into the role of one and have a weird situation. I set up a server
to run AD and DNS. I then added three workstations to the domain.
Everything was working fine.

I then went away on a trip. When I came back, I could not add a new

computer to the domain. I keep getting an error stating that "A domain
controller for the domain could not be contacted". I've tried to follow
some of the instructions in the troubleshooting information, but a lot of it
is greek to me! Could someone offer some pointers?

 

[Guest]

I'm not using WINS. There are two W2K Servers and two W2K workstations. I had successfully added two XP Pro notebooks to the domain before I went on my business trip. When I came back, I could not add the XP notebook I had taken on the trip. I'm pretty sure someone in my office did something with DNS on the DC because the event logs had been wiped clean. The other two people with the admin priveleges would not own up to this!

 

[UKTec2]

OUCH,
OK, on top of your initial problem, u got a far bigger one, security....
Regarding domainadmin rights, do you use the default administrator account
or have you given admin rights to normal user accounts. I would increase
logging to track changes and implement some sort of change control if
possible. In my company if someone did what you described I would sack them
on the spot, simple as that. Also for now revoke there admin rights, make
the point that this sort of ****up and then coverup is not acceptable.

Regarding dns, are you using normal dns or integrated, sounds like the dc's
are not registering properly in dns, if this is so, you going to have to
repair it before you can progress.

Cheers

UKTec2

I'm not using WINS. There are two W2K Servers and two W2K workstations.

I had successfully added two XP Pro notebooks to the domain before I went on
my business trip. When I came back, I could not add the XP notebook I had
taken on the trip. I'm pretty sure someone in my office did something with
DNS on the DC because the event logs had been wiped clean. The other two
people with the admin priveleges would not own up to this!