Joining a Windows 7 machine to a domain
Dear all,
I have been told and also experienced, that if a windows7 machine is joined to a domain (Server 2008 R2), there can be trouble, if the time on the joining machine differs more then 5 Minutes to the Server, that the machine is joined but many things in the
background go wrong as for example GPO which are not pushed and maybe even more.
The strange thing is, you are able to login to the domain and to work with the client.
Is there a way, that after a machine has been joined, I can check, that the joining completed correctly ?
Unfortunaltey, this is a new field to me...
Thank you very much for your help and greetings from Switzerland :)
Mike
it is a fact that kerberos authentication will fail if there is too much of a time skew. In many cases, but not all, the computer will failback to NTLM authentication, which explains that some functions work correctly.
By default, joining the domain will reconfigure the time service so it will sync time with the domaincontrollers. If you experience time synchronisation issues, you should take a look primarily on the domain controllers. the dc holding the PDC emulator FSMO
should sync with an external source and all dc's should sync with that "pdc".
Note time service needs connectivity on NTP port (udp/tcp123) to the dc's in it's site to be able to sync time.
http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb727060.aspx
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
i think it is a good idea to make sure time is ok before you join, because if the time skew is too large (>15hrs by default),
Windows time will fail to sync. One way would be to make sure clients can connect to time.windows.com, the default time service configured for clients. Also make sure the pdc has not too much skew compared to time.windows.com.
MCP/MCSA/MCTS/MCITP
Similar Messages
-
IMac 8.1 and joining to Windows 2003 active directory domain
My boss just purchased a new iMac and he wants me to join it to our Windows 2003 AD. Does anyone have a step-by-step procedure on how to do this or can someone give me stepwise pointers on hoe to do this.
I try joining the iMac to the win2003 domain but keep getting this message
"Unable to add the domain - An unexpected error of type -14120 (eDSAuthFailed) occured.The error message (eDSAuthFailed) means that your creddentials failed to authenticate you. That means that either you've provided incorrect creddentials, or the AD server is not configured to allow that machine into its domain.
The basic process for binding, though, is pretty straight-forward (by GUI). Here's a good example: http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/Article ID/234/PageID/359/Default.aspx -
CUPC - Unable to log in from Windows machine not on domain
Hi,
We are unable to login to CUPC (ver 8.5.3.192248) on a windows machine that is not on the domain, however connected to the network (e.g. we can ping CUPS IP and FQDN). We've tried pointing the client to the FQDN address as well as IP Address. We get "Login Failed" message (so no "Unable to connect to network" message). The user can log in just fine on a machine that is on the domain, so everything back end should be ok.
Thanks!
JoshI am using version 8.5.5 and that works fine on a Windows 7 that is not in the domain.
The only thing I had to do was add the server name to the hosts file, I have both the server name and the FQDN as in
192.168.1.1 cups cups.mycompany.com
You can define the server by IP address but it seems to move internally to the server name and it needs to be able to map that to an IP address
Graham -
Dear Sir
My name is sandeep and i have a technical issue with MS office Outlook 2007 standard. the problem is i have windows 8.1 pro. and i have installed office 2007 standard on it. i have also joined this windows 8.1 to Domain Network(I have
domain Server on Windows server 2008R2) now problem is that when i login with domain user on this windows 8.1 and configure my MS outlook the it prompts user name and password again and again showing error "
Server responded -ERR access denied" and if i login windows 8.1 with its local administrator user the all runs file then ms outlook does
not prompt for username and password. this problem with only windows 8.1 domain login.. please suggest what to do and how this problem will be resolved..
Regards
sandeep KumarHi,
Did it work correctly before when logging in with domain user account? If so, please try opening Control Panel > Credential Manager and remove the cached credential entry of the Outlook account, and then restart Outlook to test the issue again.
See:
https://support.microsoft.com/en-us/kb/2762344/en-us
Please also try logging into your email account from webmail access to see if there is any error.
Please let me know the result.
Regards,
Steve Fan
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Windows machines can't join domain after 10.5.4 upgrade
Howdy folks,
I have a ticket open with Apple on this but am posting here in hopes that someone might have an idea for me.
I upgraded our Mac OS X Server 10.5.3 to 10.5.4 on Sunday, and this morning several users reported that their PCs running Windows XP SP2 were unable to login to the Windows domain hosted on this machine. It's the primary domain controller for the Windows users.
One thing to note is that I had to reinstall the server completely because the 10.5.4 patcher crashed, creating all kinds of mayhem. I did a fresh install of OS X Server 10.5 and immediately applied the 10.5.4 combo updater to it. I had to restore the Open Directory from an archival copy, and the SMB was created fresh. Not sure why but the SMB services weren't preserved by the Server settings export command in Server Admin.
I thought unbinding the PC from the Windows domain and then rebinding it with a new name would help, but I've been completely unable to add older computers to the domain, even after removing the old computer records first.
I've got a reproducible failure mode for this problem on a Windows XP virtual machine running on VMware Fusion on my Mac. Here's the method I've been using to create the failure:
1. Change Windows XP System name to something new that doesn't already have a computer record on the Mac OS X Server and reboot.
2. After the reboot, run "NewSID" program on Windows to globally change my Windows machine's SID to a new, random value, and reboot again.
3. Attempt to use the Network ID wizard in the Windows Control Panel to re-add the machine to the domain under a new name so there's no conflict with any old computer records floating around in Open Directory. After it prompts me to enter the username, password and domain name for a user who's authorized to add machines to the domain, I get a dialog box that displays this error:
"Your computer could not be joined to the domain because the following error has occurred:
An internal error occurred."
Not too informative.
Here are the error messages I see in /var/log/samba/log.smbd (searching for the new computer name in the search field):
netbios connect: name1=BIGMAC name2=JEFFVM6
netbios connect: local=bigmac remote=jeffvm6, name type = 0
opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'JEFFVM6$'
odssam_getgrnam gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Groups record for 'JEFFVM6$'!
opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'JEFFVM6$'
kDSStdAuthNewUser was successful for account "jeffvm6$"
At that point it's impossible to join the computer to the domain no matter what. The most puzzling thing is that SOME of our users were able to login without any problems whatever. The ones that were either physically off or somewhere else when the 10.5.4 upgrade was applied are the only PCs that seem to be having problems.
Any help at all is appreciated. I suspect this is some kind of a SID conflict because the SMB server had to be recreated from scratch, but have no idea how to fix the client, the server, or both to make the computer account creation process work.The problem is fixed.
The issue boils down to an argument between the Open Directory server on bigmac (the OS X Server machine) and the SMB server on bigmac. The crucial information I needed to solve this problem was located here: http://www.radiotope.com/node/61
The Open Directory database had to be restored from a backup following this weekend's problematic upgrade, and it had a different value for the SID for the Windows domain than the one used by the SMB server software itself. Even stranger was that the Open Directory database actually had the wrong domain name! The It was listed as "BIGMAC" in Open Directory, even though it was set to the correct Windows domain name in the SMB server.
The solution was to demote the SMB server from a Primary Domain Controller to a Standalone Machine, and then repromote it. Although I changed no values in the settings, and did not modify the plist containing the SID in the Open Directory via the Inspector in Workgroup Admin, after the SMB PDC was repromoted, the SIDs and the domain names in Open Directory and the SMB config agreed with each othe. Now new machines can join the domain and users can login just as they did before. No client-side modifications are necessary.
Hope this is helpful to someone else. It was quite the hair-pulling experience for a while there.
Jeff Kirk -
Cannot join Server 2012 machine to domain
I am trying to join a clean Server 2012 machine configured with Active Directory Domain Services and DNS features enabled to a domain (alekatest.com) which I have purchased. The Active Directory Domain Services option in Server Manager advises me that
the server requires promotion to a Domain Controller, but if I select "Add a domain controller to an existing domain" and enter "alekatest.com", and supply Domain Admin credentials I get a message "Encountered an error contacting
domain alekatest.com. The server is not operational". The DNS server has address 10.0.0.2.
When I try and change from workgroup to new domain alekatest.com, it fails with the message "No records found for given DNS query. The query was for the SRV record for _ldap._tcp.dc._msdcs.alekatest.com". The server is connected by Ethernet to
a wireless router in a home network.
The ipconfig/all data from the server is:
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2012
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connecti
Physical Address. . . . . . . . . : 00-26-B9-82-D5-76
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.138
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:386b:2023:f5ff:fffd(Prefer
Link-local IPv6 Address . . . . . : fe80::386b:2023:f5ff:fffd%14(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 335544320
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-FC-79-E8-00-26-B9-82-D5-76
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{6945E26E-B530-4271-8CF1-AD4BC13AF147}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {74B5ED96-D12C-413B-9ED4-5B6270328AE0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {A9E91CEE-5350-4ACA-934D-D2AA5188B694}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I can ping alekatest.com from the server:
Pinging alekatest.com [203.170.87.12] with 32 bytes of data:
Reply from 203.170.87.12: bytes=32 time=86ms TTL=50
Reply from 203.170.87.12: bytes=32 time=109ms TTL=50
Reply from 203.170.87.12: bytes=32 time=106ms TTL=50
Reply from 203.170.87.12: bytes=32 time=81ms TTL=50
and nslookup alekatest.com returns
Server: UnKnown
Address: 10.0.0.2
Non-authoritative answer:
Name: alekatest.com
Address: 203.170.87.12
if I try to return srv records from alekatest.com as follows, no records are returned
PS C:\Users\Administrator> nslookup
Default Server: UnKnown
Address: 10.0.0.2
> set q=srv
> _ldap._tcp.dc._msdcs.alekatest.com
Server: UnKnown
Address: 10.0.0.2
_ldap._tcp.dc._msdcs.alekatest.com
primary name server = ns1.crazydomains.com
responsible mail addr = dns.crazydomains.com
serial = 2010010101
refresh = 7200 (2 hours)
retry = 120 (2 mins)
expire = 1209600 (14 days)
default TTL = 3600 (1 hour)
In order to add an srv record I would appear to need to access the server ns1.crazydomains.com, which I doubt is possible.
Any help would be much appreciatedYou're confusing DNS Domains and Active Directory Domains. While there are similarities the two are and do completely different things.
A DNS domain, in your case alekatest.com hosted by crazydomains.com is used to direct people to resources, for instance on the internet, to get to things like your website, email etc. It's not specific to Windows, and generally speaking after purchasing
it from a 3rd party you control what the DNS records are through that 3rd party.
An Active Directory domain is what you're referring to when you talk about joining a machine to a domain, setting up users on a domain, controlling access to resources on your network etc. This doesn't require you to purchase a domain from a 3rd party, and
could potentially be called anything you like.
So, in terms of your AD server, assuming you don't already have an AD domain configured on another AD controller on the network, when you do the setup you'll need to select the option to create a new domain. You could then set it to use alekatest.com, but
that isn't recommended as you can get into all kinds of issues with your local and public DNS records conflicting, so unless you know what you're doing and why you're doing it I'd suggest avoiding that. A better idea would be to set the AD domain to something
like alekatest.local. That would then become the local domain, so for instance your users would login as akekatest\<username> on the domain, and your local machines can then be joined to that domain.
Once all that is done, if you did need to have local records for alekatest.com pointing to local resources, there's nothing stopping you from adding that zone into DNS Manager on the AD server and configuring the records accordingly, however be aware that
once you did that your server would assume that it has all the records for the domain. So if you had a website configured on
www.alekatest.com and had the DNS records for that pointing to your website hosted somewhere else via your domain provider, if you didn't re-create that same record on your local copy of the domain then you'll be unable
to reach that website from your local network (since your users will be trying to find it locally rather than on the internet).
Hope that makes sense. -
Problems to join a virtual machine on Domain.
Hi Everybody
Im trying to join my windows 8 virtual machine on a Domain mounted in Windows server 2012, but I.m not able to do it, when I try, i receive the below message.
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "tcsgdl.com":
The query was for the SRV record for _ldap._tcp.dc._msdcs.tcsgdl.com
The following domain controllers were identified by the query:
tcsgdldc01.tcsgdl.com
However no domain controllers could be contacted.
Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
Thanks in advance, if you require extra information just let me know.Hi Susie
Yes, DC is hosting DNS Role, DC and Client are pointing to DC.
nslookup on client:
C:\Users\gdladm>NSLOOKUP
Default Server: UnKnown
Address: 169.254.187.10
> SERVER 169.254.187.10
Server: [169.254.187.10]
Address: 169.254.187.10
*** 169.254.187.10 can't find SERVER: Server failed
Outputs "IPCONFIG / ALL"
Client:
C:\Users\gdladm>IPCONFIG /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PCTEST
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connec
n
Physical Address. . . . . . . . . : 00-50-56-3B-E7-C2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.187.40(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 169.254.187.10
DNS Servers . . . . . . . . . . . : 169.254.187.10
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{D09F1650-4E09-4AA8-B2C0-326D66081D0B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DC:
C:\Users\Administrator.TCSGDLDC01>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : TCSGDLDC01
Primary Dns Suffix . . . . . . . : TCSGDL.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : TCSGDL.COM
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
n
Physical Address. . . . . . . . . : 00-50-56-39-BD-69
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.187.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 169.254.187.1
DNS Servers . . . . . . . . . . . : 169.254.187.40
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{D728DFCE-4C40-4236-82BF-2B2BFD10641B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Thanks for the support, if any information is required please let me know.
-
Windows 7 MDT Offline Domain Join
In a scenario where a user does not have access to the corporate network, a mostly automated media-based refresh is implemented.
- Refresh laptops from Windows XP/Vista to Windows 7
- MDT task sequence, OS, drivers, apps, contained on a supplied DVD
- User needs only to select the task sequence from the Wizard menu, all else is automated
- Hardlink user state capture and migration
The problem exists with joining the offline computer to the corporate domain. If the domain join fails, the user can't log on to his/her restored domain user profile.
Does anyone have any experience or tips related to using the Win7/2008 djoin.exe utility with an automated MDT task sequence? I can't find much information on it, and it's new to me.
I gather that you have to join the object at the domain first, then extract the required metadata, and somehow inject this individual computer data (aka Base64 blob) in the 'Microsoft-Windows-UnattendJoin/Identification/Provisioning' section of the unattend.xml
... but how to do that with some type of variable? I'd like to avoid creating a customized DVD for every single computer in the field.
I'll keep searching, but if anyone has done this before please let me know your experiences.Appreciate the reply, but I've already read through that. I'm looking for information specific to MDT and suggestion on how to include the process in a [semi] automated task sequence in a media-based offline scenario.
A general idea would be to compile a text file of target computer names, run a script to execute djoin.exe against the list to provision all the computers, generating a base64 blob text file for each. Then, store that repository of files in the deployment
share so it is included on the MDT media. Call the file as a Run Command step using the computer name variable during the task sequence State Restore phase to execute the offline join. eg:
cmd.exe /c djoin.exe /requestODJ /loadfile %ScriptRoot%\Blobs\%OSDComputerName%.txt /windowspath %windir% /localos
In testing, provisioning an existing computer on the DC breaks any domain relationship because the computer account is reset by the /reuse parameter. The relationship can be fixed by running the /requestODJ command on the computer - essentially 'rejoining'
the machine to the domain - but it presents a problem for the time lapse between pre-staging computers and distributing the media. Since the users are all currently running XP or Vista, it doesn't make sense to explore a theory of re-using the same blob
data multiple times, such as immediately after provisioning and then again during the reimage.
I'm opening a call with MS support, but still interested to hear if anyone has used this utility with MDT at all. -
What benefits are there to joining a Windows domain?
My company has one mac user with a Macbook Air, we have a Windows 2008 r2 domain.
I'm wondering if it is worth joining him to the domain, what benefits are there for a mac user?
We use Exchange 2007 and change our passwords every 90 days.
One concern is when the user is out of the office the cached password can become out of sync with the domain passowrd.
This is an anoyance and can be confusing.
Any advice would be much appriciated.
Thanks.Greetings.
I am a 1 of 2 Mac users in a company that otherwise is using Windoz. I do not join the domain though, because I really see no reason to. I can get to the printers, to the web, to the Exchange and to the SharePoint. Though mostly I need SVN and cloud services anyway.
Thus no real reason. Unless there is some specific stuff that is setup on the network that is only available to windows machines authenticated with a certificate and joined to the windows domain, like for instance a split tunnel VPN or something along those lines, there is really no need to be "on the domain" connected to the LAN works just fine if not better.
HOWEVER
There is that annoying bit about the passwords.
Some sysadmins like to setup password expiration, thus forcing us mortals to rotate three (almost identical) passwords every three months. In this case you just need to setup a reminder on your calendar that prompts you a week in advance to change your password.
How to change your password? You have options:
OPTION 1
Now. If your Mac has OS pre Lion (no higher then 10.6) then you have old samba installed by default and that comes with "smbpasswd" command. To change the password just open the mighty mac terminal and type:
smbpasswd -r YOUR_WINDOWS_DOMAIN_CONTROLLER_IP -U username
Then the output will be something like this:
Old SMB password: ********
New SMB password: *********
Retype new SMB password: *********
Password changed for user username
Of cause replace the YOUR_WINDOWS_DOMAIN_CONTROLLER_IP with the IP of your domain controller. Do not know your domain controller IP? run Google "net lookup master" command. I think older macs have it. (not sure)
if you are running Lion, you do not have smbpasswd command. I think Apple either wrote their implimentation of samba or just use some stripped down wersion of it, not sure. It has to do with some dreary and borring licensing thing.
You can either install samba yourself form sources... Thus if you are brave and adventurous here is a walk through http://forums.sonos.com/showthread.php?t=24022 or you can use optopn two:
OPTION 2
If your company has not gone to the cloud hosting and still use the old-school home grown Exchange hosted in the broom closet, you might have a web version of the M$ Exchange running. The URLs usually something like: https://owa.yourcompanyname.com. If you have that then the sysadmins may have the password change feature enabled there. Login to your web interface for Outlook (OWA), In the top right corner choose the "Change Password" feature and use it.
If this is not an option because either your sysadmin is not running OWA or the password change feature is not enabled you have still have options.
OPTION 3:
If you are working for a company that loves Windows and their products you might have an M$ Office installed on your Mac. Thus you might have Remote Desktop Connection (RDC) utility. If not you can download it here: http://www.microsoft.com/mac/remote-desktop-client. Then remote desktop to a machine in your office and you will get to it's login screen where you can change the windows domain password. (This requires a machine to which you can remote desktop)
OPTION 4:
Walk up to any Windowz box that no one is using, CTRL + ALT + DEL one time and this will give you the login screen, you can change password form there.
OPTION 5:
Ask your sysadmin to setup your password to never expire, or add the policy for your user so that you can change it in OWA (see option 2) -
Can not join a Windows XP machine to OS X Server 10.5.3 Open Directory
I have setup an OS X Server for testing before we deploy it to the network for production. And I trying to join the Windows XP machine to the Domain which I set up in Server Admin under SMB and I get an error "A domain controller for the domain "DomainName" could not be contacted". I have setup WINS, DCHP and DNS. I ping the OS X Server using the it's Fully qualified domain name and I can see the server under network neighbourhood but I can not login into.
Hi Guys,
Here is more info on my SMB configuration, I still can't join a Windows XP machine to OS X Server 10.5.3 PDC. Hope this configuration helps in anyway.
smb:realm = "GRIDIRON01.OT.GRIDIRONINTERNAL.COM"
smb:logon drive = "H:"
smb:logon path = "\\%N\profiles\%u"
smb:workgroup = "pctopia"
smb:wins support = yes
smb:map to guest = "Never"
smb:enable print services = "yes"
smb:wins server = emptyarray
smb:security = "USER"
smb:server string = "gridiron01"
smb:ntlm auth = "yes"
smb:netbios name = "gridiron01"
smb:max smbd processes = 0
smb:os level = 65
smb:preferred master = yes
smb:add user script = "/usr/bin/opendirectorypdbconfig -c createuseraccount -r %u -n /LDAPv3/127.0.0.1"
smb:lanman auth = "yes"
smb:domain logons = yes
smb:domain master = yes
smb:use spnego = yes
smb:use kerberos keytab = yes
smb:adminCommands:homes = yes
smb:adminCommands:serverRole = "primarydomaincontroller"
smb:adminCommands:ldapRole = "1.1 - hosting a master LDAP directory server\n"
smb:auth methods = "odsam"
smb:dos charset = "CP437"
smb:enable disk services = "yes"
smb:log level = 1
smb:add machine script = "/usr/bin/opendirectorypdbconfig -c createcomputeraccount -r %u -n /LDAPv3/127.0.0.1" -
Unable to join the client machine into domain in low banswidth 16kbps
Hi,<o:p></o:p>
I'm unable to join the client machine into domain which is in low bandwidth 16 kbps.but i can able join other machine into domain which is having
more bandwidth,please help me on this issue<o:p></o:p>Depending on the version of your domain, you could try an offline join.
http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=WS.10).aspx
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights.
I would say that it depends on the client OS (Windows 7 or Windows 8) if offline domain join could be used or not, not that much regarding the level of the domain, you can always use the
/downlevel switch to target a DC running Windows Server 2003 for example.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
OSX Server constantly drops Windows machines from domain
We have a 100 or so windows xp machines joined to the windows domain running on our Leopard server. Sometimes the xp machine cannot login to the domain. Says cannot connect to domain controller. This happens a LOT and happend in 10.4 and 10.5 server as well. Seems to be worse in 10.6.
The only way to fix the XP machine is to remove it from the domain, then readd it. This works until the next day when the server decides to forget about the machine again. All DNS and WINS entries are correct. The XP machine can connect to the domain controller and browse it by name and ip.
Does anyone now how to make the OSX server remember xp machines and quit doing this? It happens about 5 times a week so it's frustrating. If I join the XP machine to our real domain controller on a windows 2003 server it never loses it connection. Only when I join it to the PDC running on the mac server does it lose the domain abilities.
Lannie
PS Is there something under the hood I need to check, something misconfigured? Same symptoms on 10.4 through 10.6. Each version was a fresh build from scratch.With Apple using domain technology from 10 years ago and not supporting Windows 7 I think I got my answer. Plus the fact you cannot buy a xserve now. Moving on to Windows boxes.
-
Can A Windows 2000 Client Join A Windows 2012 Domain ?
I have set up a Server 2012 VM that I have configured as a DC. The desktop environment consists of Windows 7, Windows XP and a few Windows 2000 machines. All desktops can JOIN the 2012 domain, but when I try to add domain users to any of the
Windows 2000 (SP4) workstations, it fails with the error "The trust relationship between this workstation and the primary domain failed".
Unjoining the workstation from the domain (or going into ADUC and deleting the Win 2000 computer from the domain) and trying again yields the same result. I do not have this problem when the Windows 2000 machines are joined to a Server 2008 R2 domain.
At this point, I'm leaning towards setting it up as a 2008 R2 DC, and moving to a 2012 DC once we have weaned ourselves off of the Windows 2000 desktops. Is there any hope of getting things to work with a 2012 DC from the start ?Hi,
Based on my research, Windows 2000 client is not supported for Windows 2012 DC.
Windows client and Windows Server operating systems that are supported to join Windows Server 2012 domains
The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012:
Client operating systems: Windows 8, Windows 7, Windows Vista, Windows XP
Computers that run Windows 8 are also able to join domains that have domain controllers that run earlier version of Windows Server, including Windows Server 2003 or later. In this case however, some Windows 8 features may require additional configuration or
may not be available. For more information about those features and other recommendations for managing Windows 8 clients in downlevel domains, see
Running Windows 8 member computers in Windows Server 2003 domains.
Server operating systems: Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003
Cataleya Li
TechNet Community Support -
Hi,
Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."
DC:windows Server 2008 R2
Domain functional level:Windows Server 2003
When Winxp join domain, have no this error message.
I checked http://support.microsoft.com/kb/2018583?wa=wsignin1.0 does't work.
There have 3 suggestion in this article:
1.The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined.
Doesnt's work.
2.Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain.
On my DC, I run netstat -an, reslut as below:
UDP 192.168.20.3:137 *:*
3.The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
We are not using IPV6.
This server recently updated from Windows Server 2003 to Windows Server 2008 R2. Before upgrade, when Win7 and Win2008 join this domain, also have the same error message.
Please help to check this issue.
Thank you very much.
BR
Guo YingHuiHi Guo Ying,
I have faced this critical error which makes over-writes the host names in the domain when you join.
For example: Already you had a host name called as PC.domain.com in the domain.com Domain.
When you try to add the another host name called as PC in the domain.com Domain, it doesn't give you the duplicate name error on the network it does over-write the existing host name called as PC.domain.com & it will add the new host name into the domain.
Host name which got over-written will get removed from the domain. I faced this issue in my project. My DPM host name got removed from the Domain & new host name got joined into the domain which halted my backups for one day.
Final Resolution is as follows:
You need to start the dns console on the DC & drop down the domain name.
Select the _msdcs when you click on _msdcs it will show the Name Server's list on the right hand side.
You need to add the Domain Naming Master under the _msdcs or add all the domain controllers which you had.
After you add the Name server's try joining the PC OR Laptop to the domain which is successfully joins it.
Regards
Anand S
Thanks & Regards Anand Sunka MCSA+CCNA+MCTS -
Windows 8.1 will not allow me to join a domain
I am trying to join laptops running Windows 8.1 to domain. When I go to properties for This Computer, Join a domain wizard is greyed out. Can I join a Windows 8.1 computer to a domain?Have you verified that your Windows 8.1 is a Pro or Enterprise edition? The Basic edition cannot join a domain.
-
Domain name when my windows machine (pc) is on VPN
Hi!
Last week I had issue to get doman name Solaris machines and with the help of folks here I could solve the issue. After a gap of 1 week I have to work on the same assignment and now I have issue to get domain name when my windows machine (pc) is on VPN. It may be possible, with VPN I may not be able to get the domain.
h1. What is needed?
I am looking for a java Api which can return me "myCompany.com", when my PC is on VPN.
Following if the out put of ipconfig
C:\Documents and Settings\sgupta>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : guest.myCompany.com
IP Address. . . . . . . . . . . . : 10.202.0.76
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.202.0.254
PPP adapter MyCompanytronix US Aventail VPN:
Connection-specific DNS Suffix . : myCompany.com
IP Address. . . . . . . . . . . . : 128.181.213.220
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
h1. What is already tried?
<ol><li>I have tried InetAddress API's but they return "global.myCompanytronix.com" from the local configuration.</li>
<li>I also tried the following library to get the domain name and that fails to get the same.</li>
<ol><li>[http://www.dnsjava.org/|http://www.dnsjava.org/]. </li>
</ol>
</ol>
Kindly give me some clues if you have.Update-PROBLEM FIXED by verizon support. I called my local verizon wireless store, who quickly got me tech support after running through a few things. I didn't know you could disable power management for just one device, but verizon tech support did! So you go into device manager, expand universal serial bus controllers, right click the first "root hub", click the power tab, and see if your device shows up. If it doesn't, continue this process through all the root hubs until it does.
When you find it, select it, and click the power management tab on the far right. Uncheck "allow the computer to turn off this device to save power". Restart the computer to save this setting. Then test it by putting the computer to sleep.
It did take about 30 seconds until the pantech uml 290 was connected, but it connected successfully three times in a row. I'm very happy with both the verizon store and verizon tech support. They were both very helpful and pleasant to talk t, and efficiently resolved the problem. I still think you pay too much for mobile broadband, and am a little put off that the problem existed in the first place, but I'm very happy to have this problem resolved.
One other piece of info. I got was that there is an upgrade, pantech 295 usb modem for only 30.00. So if I have any more problems I'll just try that. (It's still a wired, not wireless device, which I prefer.)
Maybe you are looking for
-
How to update two tables at the same time using jdbc
Plz will anybody tell me what is the code or query in jdbc by which you insert entry in one table and simultaneously it goes in another table? Thanks in advance
-
Blue ray component hook up to casio projector with RGB 15 pin input
need help can not find this cord VGA to RCA Component RGB Cable. any ideas
-
Display the paysalary of the employee to his responsability in MSS
Good Morning, There are an Iview in where the chief can Display the paysalary of the employee to his responsability in MSS? How can solve this issue. Kind Regards
-
Has any managed to post VAT/TAX through a standard GL journal and manage to get the VAT to show as deductable on the Tax Return. I am trying to find a way of claiming back VAT from purchase previously posted at full cost due to no VAT evidence. Two p
-
Incompatible versions -- gsearch.jsp
When i enter http://localhost/ultrasearch/query/jsp/gsearch.jsp the page display Incompatible versions: PL/SQL Package Version: null Ultra Search Query Tool Version: 1.0.3.0.0