Solved

Trouble joining pc's to the domain

Posted on 2006-07-06
6
314 Views
Last Modified: 2010-04-18
Any help would be greatly appreciated!!!

I have pc's that were in a Samba Linux domain. We have disjoined the pc's from that domain and are now trying to join them to a Wiindows Server 2003 domain. About half of the pc's are joining fine with no problems. The other half are not joining the domain. They automatically return an access is denied error when you try to join them. This has nothing to do with the accounts not having permission. I am using a domain admin account to add these pc's. The fact that some are joining no problem proves that it isn't with the account being used to add the computers. We are thinking that some settings may have been changed on the local pc's by being joined to a Linux (red hat) domain. Does anyone have ANY idea whatsoever about the local security policies and how they should be set in the local pc to allow for the pc to join a Server 2003 environment?????

0
Comment
Question by:snyderpaper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17054444
You can test the security setup theory by adding the compatws template discussed here.  I've also included the instructions for applying the template.  If reseting the security doesn't work we know we'll need to look elsewhere.

Information on Security Templates

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scedefaultpols.mspx?mfr=true


Apply a new Security Template

Apply a Security Template
1. Click Start, click Run, type mmc, and then click OK.
2. On the File menu, click Add/Remove Snap-in.
3. Click Add.
4. In the Available Stand Alone Snap-ins list, click Security Configuration and Analysis, click Add, click Close, and then click OK.
5. In the left pane, click Security Configuration and Analysis and view the instructions in the right pane.  
6. Right-click Security Configuration and Analysis, and then click Open Database.
7. In the File name box, type the name of the database file, and then click Open.
8. Click the security template that you want to use, and then click Open to import the entries that are contained in the template to the database.
9. Right-click Security Configuration and Analysis in the left pane, and then click Configure Computer Now.


Crow
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 17055283
COMPATWS.INF is for loosening the security to run applications that are non-compliant as normal Users - I don't think that's going to do much for you.

The problem may lie in the method used to image these PCs - did you run sysprep before imaging or are all these using the OEM builds that came with them?
0
 
LVL 2

Expert Comment

by:bleujaegel
ID: 17055971
Is this a fresh W2K3 install?  If not, is it possible that these machine accounts already existed in AD?  If so, delete them and try joining the domain again.  Anything in the event viewer?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 1

Author Comment

by:snyderpaper
ID: 17063407
I appreciate all of the responses. Let me answer all of your questions:

The problem may lie in the method used to image these PCs - did you run sysprep before imaging or are all these using the OEM builds that came with them?

They are using the OEM builds. Unfortunately, I have been hired on to a company to bring them into the 20th century and hopefully eventually into the 21st. None of these pc's were imaged so sysprep is not an issue.

Is this a fresh W2K3 install?  If not, is it possible that these machine accounts already existed in AD?  If so, delete them and try joining the domain again.  Anything in the event viewer?

As stated above these are not fresh installs. These machines did not exist in AD as they were previously on a Linux domain and are now being joined to a Windows domain. There were absolutely NO errors in the event logs on any of these pc's!

About half of the pc's joined the windows domain with no problem and the other half did not. Taking Crow's suggestion and some last minute information I got from the person who joined these pc's to the linux domain, I decided to reapply the local security policy. Unfortunately, this in and of itself did not fix the problem. I have been able to find a fix for the problem though. Using a combination of reapplying local security policy and then doing an operating system repair I was able to get them to join. There may have been an easier way to do this but I was completely stumped. I'm not sure what doing both of these in conjunction changed and allowed the pc's to join the windows domain. I am only glad that it did allow them to work.

Thanks for your input! This is my first post to experts exchange so I'm not entirely sure how to award the points. I suppose they will go to Crow as the suggestion's atleast helped to fix the problem.
0
 
LVL 1

Author Comment

by:snyderpaper
ID: 17067749
OK... I'm not sure how that happened. I clicked to give the points to Crow (or atleast I thought I did) can this be fixed???
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17069660
Yes, post a Q in Community Support linking to this one asking them for assistance.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question