Re: Lost Domain Server and Password Failure

From: Steven L Umbach (sumbach_at_N0spam.ameritech.net)
Date: 05/21/04 

Date: Fri, 21 May 2004 11:05:18 -0500

When a computer joins a domain it has a computer account in Active Directory
on the domain controllers. When a computer is a member of a workgroup it is
strictly for netbios browsing convenience as shown in My Network places.

First you need to make sure that the domain controller is configured
correctly. It is extremely important that the domain controller point to
itself as it's ONLY preferred dns server in tcp/ip properties via it's
static IP address and them the clients must point to the domain controller
only as their preferred dns server. Read the link below for more information
on dns. After you have verified that dns is correctly configured, then you
could try joining computers to the domain. If you have computer accounts in
AD you may want to delete them before trying to rejoin the computer and you
may have to manually logon to them as an administrator and temporarily place
them in a workgroup first before attempting to join the domain. Computer
account passwords expire after thirty days and if there as been a time
greater than that since the computer has contacted a domain controller the
secure channel to the domain controller will be broken for sure. Computers
do not have to be on the same subnet, they just need connectivity.

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382

Two extremely helpful tools for diagnosing domain problems are netdiag and
dcdiag. They are located on the install cd under the support/tools folder
where you will need to run setup. I would first run netdiag and then dcdiag
on the domain controller looking for any failed tests/errors/warnings
particularly related to dns, domain membership, and dclist. Fatal errors are
a sure sign of bad things. After you get your domain controller configured
properly run netdiag on one of the workstations that you want to add to the
domain looking for the same. Of course on non domain machine will not yet
show domain membership, but one joined to the domain will if everything is
configured correctly. Also make sure you can ping the domain controller by
IP address and fully qualified domain name before you attempt to join it to
the domain and you have configured it to have the domain controller as it's
preferred dns server. --- Steve

"WorkHard" <anonymous@discussions.microsoft.com> wrote in message
news:1016b01c43f05$928a2590$a501280a@phx.gbl...
> Thanks in advance for you help.
>
> Recently, a small business asked that I assist them with
> getting their network back up and running.
>
> I went to visit and discovered that the domain controller
> server was not functioning. The Network Administrator
> had rebuilt the server. This person is no longer with
> the company.
>
> The domain name that had been built is maindomain. About
> 7 clients had been placed in the maindomain. The 7
> clients were not taken out of the maindomain before it
> went away.
>
> When I try to create a new user, I get an error.(Why?...I
> think it is trying to authenticate the userid on the DC)
>
> Since this is a small network, with a fresh server
> install. I decided to create workgroups rather than use
> a DC. Thus I create a Workgroup name ROCK.
>
> As a test, I added one of the clients to the new ROCK
> workgroup. The clients was rebooted. Now the user can
> not log in.
>
> I notice that the ability to login to a domain was gone
> and it appears that one can only log in locally.
>
> Questions:
> Does the ability to log in to a domain fields only show
> up when their is a domain on the subnet?
> Is a reinstall of the client (running win 2k
> orofessional) the only option?
>
> How can I successfully add other clients to the ROCK
> workgroup?
>
> Please help
>

Relevant Pages

  • Re: Cannot join domain Network path not found
    ... I have tried to disjoin the clients from the workgroup and re-join the ... The NT 4 domain controller was not demoted prior to ...
    (microsoft.public.win2000.general)
  • Re: force xp domain member to drop from domain?
    ... When I click the "workgroup" radio and type in a workgroup name (any ... controller, Windows XP SP3 client). ... then shutdown both the domain controller and the XP client. ... a computer from being a domain member to being a workgroup member. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How ti configure a web server ?
    ... > domain controller, a domain member or just a workgroup. ... Being a standalone (workgroup) machine carries less performance overhead ...
    (microsoft.public.win2000.security)
  • Re: Newbie question about workgroups vs. domains
    ... As Henry explains in his post, no it has to be a domain controller. ... I've seen posts from more than a few people over the years who buy SBS ... workgroup server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant see other computers/nodes on network!
    ... Your Windows Server 2003 machine is an Active Directory domain controller ... If your clients are XP Home, ... workgroup to the NetBIOS name of the Active Directory domain - eg. NetBIOS ...
    (microsoft.public.windows.server.networking)
Quantcast