[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cannot Join Machines to Domain

Posted on 2006-04-05
16
Medium Priority
?
271 Views
Last Modified: 2010-04-18
This past weekend, I introduced my first Windows Server 2003 Domain controller to my existing Windows 2000 domain. Everything went very well, no errors/problems. All machines are properly logging in.

This issue is that I cannot join new machines to the domain. When I attempt to do this, the client says:

Following error occured attempting to join the domain <domain>
Access Denied

The account I am using to join the machine is the Administrator AD account with full rights to everything. Is there some new Permissions or Group Policy object that is preventing me from doing this? I had no problems with this before bringing in the 2003 DC.

Ideas?
0
Comment
Question by:jschweg
15 Comments
 
LVL 4

Expert Comment

by:omegamueller
ID: 16383685
Have you gotten rid of any old dc?

Time on the machine matches ther server?
Dns is good in your network?
0
 
LVL 4

Author Comment

by:jschweg
ID: 16383744
I have two active DC's, one Windows 2000 and one Windows Server 2003. Active Directory is clean, no old DC's

DNS is good

Time is good as well, matches the DC exactly
0
 
LVL 4

Author Comment

by:jschweg
ID: 16383838
Actually scratch what I said about any machine.. It's just one machine, I just joined a Windows 2000 Pro machine to the domain just now.

This particular machine is Windows XP, was previously part of the domain, but was disjoined. The old machine account has been removed from AD and is in a workgroup right now.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16383885
Make sure all clients and members of the domain are pointing to the internal Windows DNS servers only.  Don't point clients to ISP DNS servers...  DNS is needed for the client machine to "talk" to Active directory...

0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16383891
Are you using?

DOMAIN?

or

DOMAIN.local

syntax when joining the domain?
0
 
LVL 4

Author Comment

by:jschweg
ID: 16384260
It's actually only this ONE machine that won't join.

DNS is pointed to my AD integrated Domain Servers
It is currently in a Workgroup

I'm attempting to join the machine to the domain through the GUI on the workstation (My Computer/Properties/Computer Name)

I've tried both "domain" and "domain.com" same result
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16384331
you could try manually creating the computer account in the domain...then join.
0
 
LVL 4

Author Comment

by:jschweg
ID: 16384465
Did that already.

I guess I could try joining it with a different machine name, but I really shouldn't have to do that.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16384507
do you have a password associated with the administrator account?  You need a password...
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16384527
0
 
LVL 4

Author Comment

by:jschweg
ID: 16384593
I just renamed the machine, still no luck.

Plus, I'm not sure if the above article is valid because I just joined a new machine to the domain in the same manner 15 or so minutes ago.
0
 
LVL 4

Author Comment

by:jschweg
ID: 16384825
Yes, there is a password associated with the local administrator account I am logging in with, as well as the Administrator Account in AD (obviously).
0
 
LVL 3

Expert Comment

by:mandude0
ID: 16385843
I have never mixed 2000 and 2003 servers as DCs but which opne is being used for AD authintication? I may be moving in the wrong direction but this just popped into my head. May be better for server 2003? Shot in the dark.
0
 
LVL 4

Author Comment

by:jschweg
ID: 16385918
I actually just fixed it. I thank everyone for their responses.

I removed the Client for Microsoft Networks and re-installed it, joined the domain like a champ. Must have been something hosed up with that.
0
 

Accepted Solution

by:
GranMod earned 0 total points
ID: 16459514
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question