Problems joining machine to domain from a distance

[Jim Hatfield]

I had a call from a colleague today who has just got a new XP Pro
machine. He's in Sweden, I'm in the UK and we have a Lan-to-Lan
VPN connecting us.

The machine needs joining to the domain. To avoid having to talk
people through it I normally make an RDC connection and do it all
myself. However I was unable to log on as the local administrator -
even though we repeated the password back and forth over the phone
and I am certain I got it right, it wouldn't let me on. The error
was in Swedish but I'm pretty sure it was a "bad password" error.

So then I tried the tack of adding the machine to the domain in
AD Users and Computers and having him join it at his end. But it
rejected his domain account and password. At this time I didn't
know about the Delegation Of Control wizard, but I found out quick
enough - however that still didn't work. I checked and his account
has the right to join a machine to the domain, but no joy. I don't
want to give him the domain admin password so I have to wait until
the local admin person, who's out today, returns.

Why would I be unable to connect via RDC as the local administrator?
And why couldn't he join the machine to the domain even though his
account had the privilege to do so? I'd appreciate any pointers to
places where I can get info about this. I'm currently trying to
formulate the "right question" to search on support.microsoft.com
and google...

 

[Herb Martin]

I had a call from a colleague today who has just got a new XP Pro
machine. He's in Sweden, I'm in the UK and we have a Lan-to-Lan
VPN connecting us.

The machine needs joining to the domain. To avoid having to talk
people through it I normally make an RDC connection and do it all
myself. However I was unable to log on as the local administrator -
even though we repeated the password back and forth over the phone
and I am certain I got it right, it wouldn't let me on. The error
was in Swedish but I'm pretty sure it was a "bad password" error.

Doesn't sound like any of this has to do with your VPN
connections or with the domain.

This is about the username or password. Unless the
message is being mistranslated from the Swedish.

And if his machine is IN A DOMAIN it is not likely
a more complicated problem (like DNS causes in domains.)

So then I tried the tack of adding the machine to the domain in
AD Users and Computers and having him join it at his end.

Really irrelevant if you cannot logon to machine as admin.

But it
rejected his domain account and password.

He cannot use his domain account and password for LOGIN
to THAT machine until the machine is joined to the domain.

At this time I didn't
know about the Delegation Of Control wizard, but I found out quick
enough - however that still didn't work.

And it likely won't as it has practically nothing to do with
his being admin of his LOCAL machine and joining the
domain.

You would only need such things if you wish to delegate
control back to him AFTER he joins the machine to the
domain OR for delegating control of "other" things in AD.

I checked and his account
has the right to join a machine to the domain, but no joy. I don't
want to give him the domain admin password so I have to wait until
the local admin person, who's out today, returns.

And that too is irrelevant if you had already added the
computer account.

He can't do any of this unless he can logon to his machine
as an Admin (or you can do it for him.)

Why would I be unable to connect via RDC as the local administrator?

Bad password or bad Admin NAME?

Perhaps his computer has had the "Administrator" name changed?

Perhaps the name is in Swedish? (Just kidding because I have no
idea if national language versions use a different 'admin' name.)

And why couldn't he join the machine to the domain even though his
account had the privilege to do so?

I though HE failed to logon as admin OF HIS MACHINE too?

I'd appreciate any pointers to
places where I can get info about this. I'm currently trying to
formulate the "right question" to search on support.microsoft.com
and google...

Sounds like failure to use a local admin account to perform the task
of joining the domain.