BobGipson
asked on
Why can't I join my Server 2003 to an existing domain?
I am unable to join my Server 2003 to an existing domain. Any ideas? Existing domain controller is Server 2000. In AD it lists my Server 2003 under "computers." What does that mean?
ASKER
Jay_Jay70,
I'm trying to work my way into understanding the relationship of these two servers step by step. Feel like I am walking up a mountain on my hands.
In AD on domain controller there are no other listings under "computers" other than the Server 2003. Can it be that no other computers in our shop are members of the domain?
I'm trying to work my way into understanding the relationship of these two servers step by step. Feel like I am walking up a mountain on my hands.
In AD on domain controller there are no other listings under "computers" other than the Server 2003. Can it be that no other computers in our shop are members of the domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jay_Jay70,
In response to another question about promoting the 2003 Server to domain controller, RobWill replied:
"As for group policy, simply joining the server to the existing to domain should allow it to receive and apply policies created on your existing domain controller. Making it a domain controller would allow you to create the policies on that DC as well, and they would be in turn replicated with the other domain controller and applied to the appropriate computers and servers within the domain."
If my 2k3 is a member of the domain should I then be able to access group policy on it someway --- inherited from the 2k domain controller?
Thanks.
In response to another question about promoting the 2003 Server to domain controller, RobWill replied:
"As for group policy, simply joining the server to the existing to domain should allow it to receive and apply policies created on your existing domain controller. Making it a domain controller would allow you to create the policies on that DC as well, and they would be in turn replicated with the other domain controller and applied to the appropriate computers and servers within the domain."
If my 2k3 is a member of the domain should I then be able to access group policy on it someway --- inherited from the 2k domain controller?
Thanks.
ASKER
Jay_Jay70,
I just tried your search suggestion on the domain controller. I searched for all computers in the entire directory and only the 2k dc and the 2k3 server showed up. Me thinks I don't have much of a network here. Some 25 or so other computers access files and data on these two servers. How are they actually related to the servers?
Thanks.
I just tried your search suggestion on the domain controller. I searched for all computers in the entire directory and only the 2k dc and the 2k3 server showed up. Me thinks I don't have much of a network here. Some 25 or so other computers access files and data on these two servers. How are they actually related to the servers?
Thanks.
ASKER
You are being so helpful on this, I just bumpted the points.
AH Bob, I didnt realise this was related - no worries,
what Rob means, is that policies held on your Domain Controller will be applied to this server, exactly the same as it would a computer.
When you run the dcpromo wizard, it creates another database of users and computer and policies.
when you run dcpromo, you have to add it as an additional Dc in an already existing Domain, otherwise you can use the adminpak to simply view and modify the AD database stored on your current DC
what Rob means, is that policies held on your Domain Controller will be applied to this server, exactly the same as it would a computer.
When you run the dcpromo wizard, it creates another database of users and computer and policies.
when you run dcpromo, you have to add it as an additional Dc in an already existing Domain, otherwise you can use the adminpak to simply view and modify the AD database stored on your current DC
by the sounds of it the computers havent been actually joined to the domain
at the moment they are just accessing shares
if you go to a client, right click on my computer, network ID Tab, and see if it is a member of a domain or not
at the moment they are just accessing shares
if you go to a client, right click on my computer, network ID Tab, and see if it is a member of a domain or not
ASKER
Jay_Jay70,
Wow, I think that explains a lot! I've been trying to set local policies on the 2k3 server to restrict remote desktop users and they weren't working. Is that because I don't have group policy on the 2k3 or because it is inheriting its rights from the domain controller and passing them along to the remote desktop users?
Thanks.
Wow, I think that explains a lot! I've been trying to set local policies on the 2k3 server to restrict remote desktop users and they weren't working. Is that because I don't have group policy on the 2k3 or because it is inheriting its rights from the domain controller and passing them along to the remote desktop users?
Thanks.
sorry Bob i had to pop out for a bit :)
Local Polcies apply only to the local machine :) Group Policy on Active Directory will pass the settings down to the client machines, but the clients have to be members of the domain
I am more than happy to write up som steps for you on how to implement Group Policy and how to add users to a domain and all that kind of fun if you would like, step one though is joining the machines into the domain itself,
at the moment the only policy you have set by the sounds of it is the local policy on a machine
Local Polcies apply only to the local machine :) Group Policy on Active Directory will pass the settings down to the client machines, but the clients have to be members of the domain
I am more than happy to write up som steps for you on how to implement Group Policy and how to add users to a domain and all that kind of fun if you would like, step one though is joining the machines into the domain itself,
at the moment the only policy you have set by the sounds of it is the local policy on a machine
ASKER
Jay,
A list of steps would be great! Any help would be appreciated.
Points cannot be the motivation for the help you give folks like me. What drives you and the other experts?
I'm awarding the points now. I do hope you will respond with the list of steps.
Thanks for all your help.
A list of steps would be great! Any help would be appreciated.
Points cannot be the motivation for the help you give folks like me. What drives you and the other experts?
I'm awarding the points now. I do hope you will respond with the list of steps.
Thanks for all your help.
Hey Bob,
true points mean nothing, I got helped out once by Robwill and ever since then i have done the same, it is also the best way to builld knowledge and forces you to learn :)
i will write these steps up for you today, will include some Group Policy Links and Basic tools you can use in the future :)
true points mean nothing, I got helped out once by Robwill and ever since then i have done the same, it is also the best way to builld knowledge and forces you to learn :)
i will write these steps up for you today, will include some Group Policy Links and Basic tools you can use in the future :)
Ok Here we go,
This link will provide you step by step Instructions on installing Active Directory on your Domain Controller which you have already done, buts its a good reference for next time
It also explains how to manage the Active Directory Users and Groups Snap in to manage all your users
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/admng.mspx
The Bottom of that link shows you how to join the domain at the client level
This next link is courtesy of MKBean, it explains how to create and manage group policies to completely lock down and customise your users
http://www.adminprep.com/articles/default.asp?action=show&articleid=55
http://www.adminprep.com/articles/default.asp?action=show&articleid=82
Thats basically all you need to get started, any other little things that you find on the way will be easily ironed out, and i am more than happy to help
As far as shares and access goes now, once all your machines are joined in to the domain, your security is 110% stronger and easier to manages, instead of having to add individual users to shares, you can add groups from AD etc
I promise this will make life much more fun :)
Another Couple of fun tools for when you get a bit more familiar with AD
1) Folder Redirection / Roaming Profiles
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
2) SOftware Deployment
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
If you get stuck feel free to post and ill help you
Cheers and Good Luck
James
This link will provide you step by step Instructions on installing Active Directory on your Domain Controller which you have already done, buts its a good reference for next time
It also explains how to manage the Active Directory Users and Groups Snap in to manage all your users
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/admng.mspx
The Bottom of that link shows you how to join the domain at the client level
This next link is courtesy of MKBean, it explains how to create and manage group policies to completely lock down and customise your users
http://www.adminprep.com/articles/default.asp?action=show&articleid=55
http://www.adminprep.com/articles/default.asp?action=show&articleid=82
Thats basically all you need to get started, any other little things that you find on the way will be easily ironed out, and i am more than happy to help
As far as shares and access goes now, once all your machines are joined in to the domain, your security is 110% stronger and easier to manages, instead of having to add individual users to shares, you can add groups from AD etc
I promise this will make life much more fun :)
Another Couple of fun tools for when you get a bit more familiar with AD
1) Folder Redirection / Roaming Profiles
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
2) SOftware Deployment
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
If you get stuck feel free to post and ill help you
Cheers and Good Luck
James
ASKER
James,
Thanks a million. You've given me enough homework to keep me busy for a long while.
Bob
Thanks a million. You've given me enough homework to keep me busy for a long while.
Bob
Ha well make sure you enjoy it, maybe its strange but new technologies and new networks can be great fun
what are you trying to acheive - by the sounds of it your server IS a member of the domain
are you trying to add as a new Domain Controller?