none
Cannot join Server 2012 machine to domain

    Question

  • I am trying to join a clean  Server 2012 machine configured with Active Directory Domain Services and DNS features enabled to a domain (alekatest.com) which I have purchased. The Active Directory Domain Services option in Server Manager advises me that the server requires promotion to a Domain Controller, but if I select "Add a domain controller to an existing domain" and enter "alekatest.com", and supply Domain Admin  credentials I get a message "Encountered an error contacting domain alekatest.com. The server is not operational". The DNS server has address 10.0.0.2.
    .

    When I try and change from workgroup to new domain alekatest.com, it fails with the message "No records found for given DNS query. The query was for the SRV record for _ldap._tcp.dc._msdcs.alekatest.com". The server is connected by Ethernet to a wireless router in a home network.

    The ipconfig/all data from the server is:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SERVER2012
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connecti
       Physical Address. . . . . . . . . : 00-26-B9-82-D5-76
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.0.138
       DNS Servers . . . . . . . . . . . : 10.0.0.2
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:386b:2023:f5ff:fffd(Prefer
       Link-local IPv6 Address . . . . . : fe80::386b:2023:f5ff:fffd%14(Preferred)
       Default Gateway . . . . . . . . . : ::
       DHCPv6 IAID . . . . . . . . . . . : 335544320
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-FC-79-E8-00-26-B9-82-D5-76
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.{6945E26E-B530-4271-8CF1-AD4BC13AF147}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Reusable ISATAP Interface {74B5ED96-D12C-413B-9ED4-5B6270328AE0}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Reusable ISATAP Interface {A9E91CEE-5350-4ACA-934D-D2AA5188B694}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    I can ping alekatest.com from the server:

    Pinging alekatest.com [203.170.87.12] with 32 bytes of data:
    Reply from 203.170.87.12: bytes=32 time=86ms TTL=50
    Reply from 203.170.87.12: bytes=32 time=109ms TTL=50
    Reply from 203.170.87.12: bytes=32 time=106ms TTL=50
    Reply from 203.170.87.12: bytes=32 time=81ms TTL=50

    and  nslookup alekatest.com returns

    Server:  UnKnown
    Address:  10.0.0.2

    Non-authoritative answer:
    Name:    alekatest.com
    Address:  203.170.87.12

    if I try to return srv records from alekatest.com as follows, no records are returned

    PS C:\Users\Administrator> nslookup
    Default Server:  UnKnown
    Address:  10.0.0.2

    > set q=srv
    > _ldap._tcp.dc._msdcs.alekatest.com
    Server:  UnKnown
    Address:  10.0.0.2

    _ldap._tcp.dc._msdcs.alekatest.com
            primary name server = ns1.crazydomains.com
            responsible mail addr = dns.crazydomains.com
            serial  = 2010010101
            refresh = 7200 (2 hours)
            retry   = 120 (2 mins)
            expire  = 1209600 (14 days)
            default TTL = 3600 (1 hour)

    In order to add an srv record I would appear to need to access the server ns1.crazydomains.com, which I doubt is possible.

    Any help would be much appreciated

    Saturday, May 17, 2014 5:50 AM

All replies

  • You're confusing DNS Domains and Active Directory Domains. While there are similarities the two are and do completely different things.

    A DNS domain, in your case alekatest.com hosted by crazydomains.com is used to direct people to resources, for instance on the internet, to get to things like your website, email etc. It's not specific to Windows, and generally speaking after purchasing it from a 3rd party you control what the DNS records are through that 3rd party.

    An Active Directory domain is what you're referring to when you talk about joining a machine to a domain, setting up users on a domain, controlling access to resources on your network etc. This doesn't require you to purchase a domain from a 3rd party, and could potentially be called anything you like.

    So, in terms of your AD server, assuming you don't already have an AD domain configured on another AD controller on the network, when you do the setup you'll need to select the option to create a new domain. You could then set it to use alekatest.com, but that isn't recommended as you can get into all kinds of issues with your local and public DNS records conflicting, so unless you know what you're doing and why you're doing it I'd suggest avoiding that. A better idea would be to set the AD domain to something like alekatest.local. That would then become the local domain, so for instance your users would login as akekatest\<username> on the domain, and your local machines can then be joined to that domain.

    Once all that is done, if you did need to have local records for alekatest.com pointing to local resources, there's nothing stopping you from adding that zone into DNS Manager on the AD server and configuring the records accordingly, however be aware that once you did that your server would assume that it has all the records for the domain. So if you had a website configured on www.alekatest.com and had the DNS records for that pointing to your website hosted somewhere else via your domain provider, if you didn't re-create that same record on your local copy of the domain then you'll be unable to reach that website from your local network (since your users will be trying to find it locally rather than on the internet).

    Hope that makes sense.

    Saturday, May 17, 2014 8:27 AM
  • Thanks for your clarification Keith. Will try that.
    Saturday, May 17, 2014 8:39 AM
  • Hi,

    Anything updates now?

    If you need further assistance, please feel free to let us know.

    Best regards,

    Susie

    Monday, May 19, 2014 7:31 AM
  • Tried reinstalling Server 2012 but found problems in setting it up as a domain controller as described in

    social.technet.microsoft.com/Forums/windowsserver/en-US/6a3a6b1f-df4c-45fb-b4b8-edae811bb5b8/clean-server2012-install-will-not-work-as-domain-controller?forum=winserver8setup#6a3a6b1f-df4c-45fb-b4b8-edae811bb5b8

    If you could offer any suggestions for this problem it would be much appreciated

    Simon Kravis

    Monday, May 19, 2014 8:28 AM