Add workgroups to a domain
Hello guys,At this moment we are working with 5 different fysical sites. All of the sites have a different vlan. On one site are the servers with all of the services. At this moment the other sites are configured as workgroups. They all have there own router. If they want to do something on the server users can create a terminal session to access data ect..
Now recently all buildings are connected by a fiber. I would like to know what I have to do to connect these computers from the current workgroup to our domain?Change dns to our proper dns server on every router in the workgroup and then just add the pc to the domain? At this moment every router in the workgroup has dhcp functionality and set dns to the dns servers of the internet provider.Will the vlans still have there value after the change? I can imagine that there will be...
This topic first appeared in the Spiceworks Community
Hi
I never tried this to join remotecomputers to the domain but you can download this utility called PsExec and with the help of Netdom command you can add the computers to the domain form one computer.
http://technet.microsoft.com/en-gb/sysinternals/bb897553.aspx
Download this software and put all the files form the zip file to c:\windows\system32 folder.
Open Command promt as domain admin account once in command prompt type
psexec.exe \\remotecomputername cmd
this will take you the remote computer cmd
then use the netdom command
netdom join %computername% /domain:nameof the domain /userd:domainadminuser/passwordd:domainadminpassword /reboot:0
hope this help.
Thanks
Similar Messages
-
How to add workgroup machine in wsus group for patching
Team,
I need to add workgroup system in wsus for patching , can any one help me on this
what are steps to achive this task.
Regards, TriyambakHi,
I’m writing to just check in to see if the suggestions were helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow
it up.
Best Regards.
Steven Lee
TechNet Subscriber Support
If you are TechNet Subscription user
and have any feedback on our support quality, please send your feedback here. -
Cannot add Computers to DSfW domain
We have been running DSfW for a couple of years.
Recently we found we couldn't add computers to the domain any longer. Also using the MMC all the existing computers are of type mSDSComputer which the team suggest what is normally there.
Both DSfW servers are running SLES10 sp3 and eDir 8.8sp3
The logs show the following error:
Aug 11 19:00:33 dsfw1 xadsd: [NETLOGON] PC02335$ opened secure channel
Aug 11 19:00:33 dsfw1 xadsd: [NETLOGON] Setting account password for object <cn=PC1234,cn=Computers,dc=company,dc=com>
Aug 11 19:00:33 dsfw1 xadsd: [NETLOGON] Setting account password failed: Access Denied.
Googling didn't reveal much useful info.
Thanks
SimonHi,
Thanks for responding.
Originally Posted by psahukar
Hi,
Can you please try creating a computer in MMC as the same user (used for adding the computer into the domain). If the computer creation works then I think the admin rights of that user is fine.
So I would next doubt on the password policy settings. Have the NMAS password policy settings changed that you know of ?
Also try creating a user and see how it goes.
Thanks,
Praveen Kumar
Tried adding via MMC - we get an error "Windows cannot create the object because: The requested operation did not satisfy one or more constraints associated with the class of the object"
I have followed TID 7010319 as we had an issue with ldap groups thinking this may also be the problem. But it doesn't appear to be. Also as mentioned in my OP the item type in MMC is mSDSComputer which appears as an unknown object for all the currently registered computer objects.
TIA -
Cannot add users to new domains anymore
I got messaging server and delegated admin to work just fine recently until I tried getting LDAP authentication to work so LDAP users could log into Sunrays.
I used idsconfig and saw that it added a bunch of stuff to the directory so I deleted that stuff after I realized I couldn't add users to a new domain anymore. It just says "cannot create user - unknown error". I can still add users to old domains just fine.
And I tried both DA and commadmin, neither work. Heres my Messaging server and DA version:
Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
SunOS testy.i-n-control.com 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire-V440
Delegated Administrator 6.3-0.09
I turned on debugging for DA and heres the output:
TRACE [Wed Aug 02 10:10:47 MDT 2006] Default people container = ou=People,o=domain,dc=mail,dc=example,dc=com
TRACE [Wed Aug 02 10:10:47 MDT 2006] ServerPushThread: setting stop flag
TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager: progress thread stopped
TRACE [Wed Aug 02 10:10:47 MDT 2006] com.iplanet.am.sdk.AMException: Unable to create entry.
at com.iplanet.am.sdk.ldap.DirectoryManager.processInternalException(DirectoryManager.java:433)
at com.iplanet.am.sdk.ldap.DirectoryManager.createUser(DirectoryManager.java:1046)
at com.iplanet.am.sdk.ldap.DirectoryManager.createEntry(DirectoryManager.java:1525)
at com.iplanet.am.sdk.AMDirectoryManager.createEntry(AMDirectoryManager.java:651)
at com.iplanet.am.sdk.AMCacheManager.createEntry(AMCacheManager.java:337)
at com.iplanet.am.sdk.AMObjectImpl.create(AMObjectImpl.java:1009)
at com.iplanet.am.sdk.AMPeopleContainerImpl.createUser(AMPeopleContainerImpl.java:285)
at sun.comm.cli.server.servlet.CreateUser.create(CreateUser.java:677)
at sun.comm.cli.server.servlet.CreateUser.doTask(CreateUser.java:91)
at sun.comm.cli.server.servlet.commTaskManager.execute(commTaskManager.java:196)
at sun.comm.cli.server.servlet.commServlet.doPost(commServlet.java:90)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
TRACE [Wed Aug 02 10:10:47 MDT 2006] After AM Exception , msg being sent is Unable to create entry.^324^NONE
TRACE [Wed Aug 02 10:10:47 MDT 2006] in CLIPageData constructor:status = 1
TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager - execute => generateOutput
TRACE [Wed Aug 02 10:10:47 MDT 2006] In CLIPageGenerator ....
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : cliData.status = 1
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.OK = 0
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.FAIL = 1
TRACE [Wed Aug 02 10:10:47 MDT 2006] Failed: Unable to create entry.^324^NONE
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - Printing successfull results
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - status => FAIL
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - message => Unable to create entry.^324^NONE
TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
TRACE [Wed Aug 02 10:10:49 MDT 2006] ServerPushThread: done
TRACE [Wed Aug 02 10:10:58 MDT 2006] sun.comm.cli.server.servlet.commLDAPAuth: shutting down. Total access count = 1
Message was edited by:
nate.wheelerFrankly, I'm new to LDAP so I don't know really what
changed.No time like the present to start learning.
Its weird, I can do some things, but not
others. Like I can assign service packages, but not
change the login id or password of a user. So it
doesn't look like amadmin can't change things.LDAP provides "ACI", or Access Control settings that can be changed, and create exactly the kinds of things you're looking at.
The Directory Console can view ACI
>
The password encryption seemed to have changed from
{SSHA} to {CRYPT}. Although I have no idea how to
switch it back or where to look to see if it did.Unlikely to have made any difference. That should be transparent to the application using DS.
Most of our applications don't compare the password entry, but attempt a BIND for that very reason.
Again, I'd be looking at your LDAP access logs for a clue to what's happening.
>
Message was edited by:
nate.wheeler -
I have imac 10.6.8 how to add it to my domain server windows 2003
i have imac 10.6.8 how to add it to my domain server windows 2003
and .
i cant find the directory access anyOne option is to create a new partition (~30- 50 GB), install the new OS, and ‘test drive’ it. If you like/don’t like it it, you can then remove the partition. Do a backup before you do anything. By doing this, if you don’t like it you won’t have to go though the revert process.
Check to make sure your applications are compatible.
Application Compatibility
Applications Compatibility (2) -
SCCM 2007 OSD to add computer account to domain
Running SCCM 2007 R2 OSD to add computer account to domain has always been working, until recently after I added Intel 217/218 NIC drivers to the PE boot image.
The task sequence "Apply Network Settings" runs successfully though. It broke other TS steps too, such as enabling BitLocker, because, I guess, if the computer is not domain-joined, it won't be able to write recovery key to AD. I can use the same
network account to manually add the computer to domain. This doesn't seem to be a network issue, because the NIC drivers are applied, and software installation in the TS runs with no issue.
Here's the deployment log:
==============================[ OSDNetSettings.exe ]===========================
Command line: "osdnetsettings.exe" configure Setting %SystemRoot% to "D:\Windows"
Loading existing answer file "D:\Windows\panther\unattend\unattend.xml"
Configuring global network settings
Join type: 0 Joining domain: MyDomainName
Getting namespace "Microsoft-Windows-UnattendedJoin" for architecture "amd64"
DNS domain: DNS domain search order: IP filter sec enabled: false
No adapters found in environment.
Performing global configuration only.
Writing configuration information to D:\Windows\panther\unattend\unattend.xml
Successfully saved configuration information to D:\Windows\panther\unattend\unattend.xml
Configuring "OSDNetSettings.exe finalize" to run on first boot OSDNetSettings
finished: 0x00000000
Thanks and regards.Running SCCM 2007 R2 OSD to add computer account to domain has always been working, until recently after I added Intel 217/218 NIC drivers to the PE boot image.
The task sequence "Apply Network Settings" runs successfully though. It broke other TS steps too, such as enabling BitLocker, because, I guess, if the computer is not domain-joined, it won't be able to write recovery key to AD. I can use the same
network account to manually add the computer to domain. This doesn't seem to be a network issue, because the NIC drivers are applied, and software installation in the TS runs with no issue.
Here's the deployment log:
==============================[ OSDNetSettings.exe ]===========================
Command line: "osdnetsettings.exe" configure Setting %SystemRoot% to "D:\Windows"
Loading existing answer file "D:\Windows\panther\unattend\unattend.xml"
Configuring global network settings
Join type: 0 Joining domain: MyDomainName
Getting namespace "Microsoft-Windows-UnattendedJoin" for architecture "amd64"
DNS domain: DNS domain search order: IP filter sec enabled: false
No adapters found in environment.
Performing global configuration only.
Writing configuration information to D:\Windows\panther\unattend\unattend.xml
Successfully saved configuration information to D:\Windows\panther\unattend\unattend.xml
Configuring "OSDNetSettings.exe finalize" to run on first boot OSDNetSettings
finished: 0x00000000
Thanks and regards. -
Moving R/3 & XI from a Workgroup to a Domain
Hi
The previous BASIS person installed an R/3 4.7 system and a XI 3.0 (NW04) system on to servers belonging to a WORKGROUP with the same name as the actual Domain here. As he is no longer on the project I can not ask him about the "logic" of this.
I need to promote the two systems (both active DEV systems) with many thousands of hours of work invested in each one before I install QAS & PRD in the right Domain.
I know I need to create the Domain SAPServiceDEV & devadm accounts for each systems and to make sure these Domain accounts are part of the local security policy as well as give them access to the SAPMount & SAPLOC shares and probably various other things with permissions.
I wondered if anyone has had to do a workgroup to domain promote for an active SAP system.
Thanks
Matt Milneno, you'll need to manually move those files. the following has a link to a 2min video showing you how to do that: http://blogs.adobe.com/jkost/2012/04/upgrading-your-lightroom-3-catalog-to-lightrom-4.html
-
RDS 2012 R2 cannot add 3rd party (parent domain) licensing server
Hi,
I have a RDS 2012 R2 farm and i cannot add a 3rd party licensing server that is in a parent domain (forest root domain - hosted by our corp HQ). I will edit deployment properties for the deployment in the first CB server to add a licensing server in per
user mode. Seemes to work, however no licenses are given to SH servers. Have made GPO aswell to explicitly specify licensing server and mode, however i think this should not be neccessary.
Any ideas?
This posting is provided "AS IS" with no warranties or guarantees and confers no rightsHi,
Thank you for posting in Windows Server Forum.
1. In Server Manager -- RDS -- Overview -- Tasks -- Edit Deployment Properties -- RD Licensing tab, please make sure that the Licensing mode is set to match the type of licenses you purchased, and that the FQDN of your RD Licensing server is listed.
2. In Server Manager -- RDS -- Collections -- <your collection> -- Host Servers, please make sure that your RDSH server is listed. If you have more than one server with the RDSH Role Service in your deployment make sure that all of them are
listed. If they are not you may click Tasks -- Add RD Session Host Servers (make sure the servers are part of the Server Manager server pool prior to this).
3. On Server 1, please open an Administrator PowerShell prompt and enter the following command:
Add-WindowsFeature RDS-Licensing-UI
4. After the above powershell command completes you should be able to open RD Licensing Manager (licmgr.exe) on Server 1 if you need to. Please note that it is more important to have the licensing configured properly in deployment properties and your
RDSH servers part of a collection than it is to be able to open RD Licensing Manager on both of your servers.
(Above one quoted from beneath thread)
Source:
RDS 2012 Can't add a licensing server
In addition, check below article.
RD Licensing Configuration on Windows Server 2012
Hope it helps!
Thanks.
Dharmesh Solanki -
Can i add a windows 2008 domain controller in a open directory ?
i want to add an windows 2008 r2 domain controller to a open directory .
is this possible, and replicated all users to active directory?Yes, You must establish a two-way trust between the central forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the central forest.
Also you can refer below link
http://technet.microsoft.com/en-us/library/gg670909%28v=ocs.14%29.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical -
I'm trying to add our Synology RS2212 NAS to the DSFW domain ...
The crypic error back from the NAS is : "join domain fail"
Interestingly, the server does get added to the Computers container
Since the NAS logs are useless, what are the best DSFW logs to try and
trace the problem
SteveOriginally Posted by thhg
I'm trying to add our Synology RS2212 NAS to the DSFW domain ...
The crypic error back from the NAS is : "join domain fail"
Interestingly, the server does get added to the Computers container
Since the NAS logs are useless, what are the best DSFW logs to try and
trace the problem
Steve
Generally in such cases samba is the culprit, and occasionally ldap.
Is it possible to take trace of packets exchanged by the server and check for smb and ldap filters.
See for the failure condition in the trace. We can take it from there.... -
Network Access Account, used by only Workgroup Computers or Domain Computers also?
Our environment has a few servers that are in a workgroup (not ideal, but is an application requirement on these few boxes) rather than being on the domain. We have to patch these servers routinely and would like to use SCCM 2012 to do so. As
I understand it all that is needed is to configure the Network Access Account for the site and install the client manually on the workgroup computers, correct? My next question is, do the domain computers continue to use their computer accounts to access
network locations during content deployment or will they too use the newly configured network access account? Or, does the client first attempt to use its computer account and if that fails then results to using the SCCM Network Access Account?
I've searched everywhere and can't seem to find this info. Thanks in advance if you can point me in the right direction.Hi,
I haven't seen any table like this for the Configuration Manager 2012 so this is for 2007, I haven't heard of any changes to this and the conclusion is that the account is used more often than you would think depending on what you are doing with the client.
http://technet.microsoft.com/en-us/library/bb680398.aspx
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec -
Procedure to migrate workgroup server to domain?
Hi, One of my satellite offices has been working with a server 2008 file server as a workgroup. The administrator has created local accounts on the server for all of the users.
We are about to embark on moving the fileserver to the domain, and then the user workstations. Is it possible to join the fileserver to the domain, and then create user accounts, apply appropriate ACLs, then move the workstations over to the
domain over a period of a week or two, and still allow workgroup users to access files, or will access to files be granted only to domain users?
If anyone can point me to some best practices for workgroup>domain migration, I'd love to do some reading.
Thanks,
KevinHi Kevin,
Workgroup users can access a domain-joined server with one of the following two options:
1. Set local user account and password which is the same as workgroup users (and passwords).
2. Share folders to Everyone, and including anonymous account in Everyone group (this is a group policy).
So basically you can join the server to domain.
If you have any feedback on our support, please send to [email protected] -
Install AADSync on a Workgroup server (non-domain joined)
Does anyone has experiences with installing AADSync on a non-domain joined server (workgroup). A company with multiple forests wants to have a "neutral" server for the identity synchronisation. It looks like the tool is installing fine, but can
there be some configuration issues?This is supported. See here:
"Your computer can be stand-alone, a member server or a domain controller. "
ref: http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx
Mike Crowley | MVP
My Blog --
Planet Technologies -
Hi Experts,
I have scenario where I have TWO 2008 R2 AD forests with cross forest trust and also I have some workgroup Win7 Machines.
I wanted to deploy AD RMS in any one forest (Say Forest A), as forced by customer
Is it possible that My forest B users can protect documents with AD RMS in Forest (A)
OR
Is it possible that my workgroup computers can protect documents with AD RMS of Forest A? Can I use user credentials from forest A to protect documents on workgroup computer
OR
Lets take a scenario:
I create user in forest A with addition of email address of forest B user
I share this ID to respective forest B user, forest B user logged on to forest B computer
Now can forest B computers can protect documents with AD RMS from forest A by entering forest A user id \ password when RMS prompts for authentication?
Thanks in advance
Thanks Best Regards MaheshCan anybody shade some light on this please?
Thanks Best Regards Mahesh -
Hi, everyone
I need to get connected to a corporate domain, which is Windows based server.
I have both the name and address of the domain, my user name and password.
But my MBP says all the time that either "server is not existing...." or "can notfind server...."
I would appreciate some help solving this.
Thanks.
IgorHi BDAqua,
Why should we create a user again? The point is I am going to join this Mac Mini to a windows domain controller. Windows domain controller means a centralized database of an organization. It is communicating with my Domain controller. But the issue is it is not founding my domain node while joining to a domain. Please find the attached screen shots for your reference. If you have worked on this please send me step by step configuration.
Maybe you are looking for
-
I accidentally agreed to set up my work laptop icloud account to merge with my other devices and want to keep the work information separate. How can I change the setting for the PC at work?
-
Other apps in the app store are almost all of the apps are running iOS 7
I am very sad...since my iPod touch 4 dosen't have iOS 7 Almost all of the apps in the app store are running ios 7 and i cant even download Any apps
-
FCP 7 crashing on render and when exporting quicktime movie & rendering
Hi Guys, I recently upgraded to Lion and am still using Final Cut Studio 3. I have a 1.37min sequence which i wanted to export and burn the DVD. My normal workflow for this is: - Export/quicktime movie/make self contained - Open compressor and conver
-
Problems trying to restore Time Machine backup to a new computer
Hi there- I recently purchased a new MacBook Pro and want to downgrade it from Lion to Snow Leopard. I have Time Machine backups from my slightly older MacBook Pro running Snow Leopard. However, when I attempt to restore from the Snow Leopard backup,
-
Sequence generating duplicate numbers
Hi guys, this might be more of a DBA question type... we had a situation where we copied data (once full schema and other time only tables ) from one database to another but ended up having sequence problem because new sequence was generating numbers