none
Can't join new windows 7 computer to domain

    Question

  • Hello every one,

     

    I am trying to add a new computer to our domain. we have about 25 computers that already are on it but were joined prior to some network issues we had which resulted in DNS and DHCP being handled by our modem instead of our server. The server has AD set up on it. Whenever I try to join the domain I get "An Active Directory Domain Controller (AD DC) for the domain "domain.domain" could not be contacted. ensure that the domain name is typed correctly. If the name is correct, click Details for trouble shooting information." and under details was

    "The following error occurred when DNS was queried for the service location

    (SRV) resource record used to locate a domain controller for domain
    smallbusiness.local:

    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for
    _ldap._tcp.dc._msdcs.smallbusiness.local

    Common causes of this error include the following:

    - The DNS SRV records required to locate a domain controller for the domain
    are not registered in DNS. These records are registered with a DNS server
    automatically when a domain controller is added to a domain. They are
    updated by the domain controller at set intervals. This computer is
    configured to use DNS servers with following IP addresses:

    192.168.0.254


    - One or more of the following zones do not include delegation to its child
    zone:

    smallbusiness.local
    local
    .. (the root zone)

    I also tried powershell using "add-computer" but came back with "the specified domain either does not exist or could not be contacted." I can ping the server by IP and it's computer name.

     

    Thank you for your help.

    Tuesday, November 01, 2011 6:55 PM

Answers

  • The GPOs settings will depend.  In this case, the computer is still a member of the domain.  Just because you are not directly authenticated, doesn't mean that all of the settings will disappear.

    With regard to the design, I would recommend that you look over the link I provided.  With regard to bridging or routing, I would say that if you have an internet router, you can simply bridge the connection to that device.  If you have multiple routers on the private side of the connection, the design adds additional complexity which is not required.

    In a SOHO design, the internal hosts would use an internal DNS server hosting the AD zone.  That DC/DNS server could then use the root hints for internet name resolution, or just forward DNS to the ISP.

    For more information on Forwarders, take a look at this link:

    http://itgeared.com/configure-dns-forwarding-in-windows

     


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube
    Wednesday, November 02, 2011 1:23 PM

All replies

  • Take a look at the IP configuration for your workstations that you are trying to join to the domain.  Their DNS client settings should be pointing to the internal DNS servers that host the DNS zone for the domain...ONLY.  Your computers should not be pointing to the internet router, not even as a secondary.

    It is important that when a host points to more than one DNS server, any of the DNS servers that are expected to respond, will respond with the same result.

    In an example where you point to the DC/DNS as primary and the router as secondary, if for some reason the computer queries the router, it will not be able to resolve your internal namespace.

    If you would like, feel free to post the results of IPCONFIG /ALL from one of the computers having an issue.

     


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube
    Tuesday, November 01, 2011 7:14 PM
  • I tried setting the DNS IP to the server but when I did that it would no longer connect to the internet. If everything is set to automatically obtain then there are no problems connecting.

    This is from the PC that is giving me problems:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . :PC1-PC
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : att.net

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : att.net
       Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
       Physical Address. . . . . . . . . : 00-1C-C0-BB-58-C0
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::c92a:4fa8:b033:8629%10(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.0.22(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Tuesday, November 01, 2011 8:41:49 AM
       Lease Expires . . . . . . . . . . : Tuesday, November 01, 2011 3:00:33 PM
       Default Gateway . . . . . . . . . : fe80::e4b1:a416:d633:ac8%10
                                           192.168.0.254
       DHCP Server . . . . . . . . . . . : 192.168.0.254
       DHCPv6 IAID . . . . . . . . . . . : 234888384
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-39-F8-45-00-1C-C0-BB-58-C0
       DNS Servers . . . . . . . . . . . : 192.168.0.254
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.att.net:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : att.net
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cab:1e7b:3f57:ffe9(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::2cab:1e7b:3f57:ffe9%12(Preferred) 
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    and this is from one that is currently attached:

    Windows IP Configuration
       Host Name . . . . . . . . . . . . : User03
       Primary Dns Suffix  . . . . . . . : texdoor.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : texdoor.local
                                           att.net
    Ethernet adapter Local Area Connection 4:
       Connection-specific DNS Suffix  . : att.net
       Description . . . . . . . . . . . : Realtek PCIe FE Family Controller #2
       Physical Address. . . . . . . . . : 00-E0-4D-95-7A-66
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::18ee:f379:9a02:b0ff%14(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.0.30(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Monday, October 31, 2011 12:23:16 PM
       Lease Expires . . . . . . . . . . : Tuesday, November 01, 2011 3:23:26 PM
       Default Gateway . . . . . . . . . : fe80::e4b1:a416:d633:ac8%14
                                           192.168.0.254
       DHCP Server . . . . . . . . . . . : 192.168.0.254
       DHCPv6 IAID . . . . . . . . . . . : 402710605
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-BD-89-33-00-24-8C-75-4D-8C
       DNS Servers . . . . . . . . . . . : 192.168.0.254
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Tunnel adapter Local Area Connection* 11:
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28ed:534:9c6b:8cae(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::28ed:534:9c6b:8cae%11(Preferred) 
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled
    Tunnel adapter isatap.att.net:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : att.net
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tuesday, November 01, 2011 7:42 PM
  • So what is happening is that your local DNS server is most likely not configured correctly.  Either the DNS server will be configured to use root hints, or is configured to forward.  If its configured to forward, make sure that the IPs that it is using are valid.

    From the configuration above, it appears to me, that even on the computer that is not giving you an issue, you are really not even logging into the domain.  You are probably logged in using cached credentials or logging in with a local account.

    If your computers are pointed to the router for DNS, there is no way you are going to be able to join the domain, unless you configure the router to forward to your internal DNS server for your AD domain.

    You may want to look over this article which discusses the recommended settings for a SOHO network:

    http://itgeared.com/designing-active-directory-for-soho 

     

     

     


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube
    Tuesday, November 01, 2011 7:55 PM
  • Interesting. So if my computer (the one that is "connected") is not actually connecting to the domain, does that mean that the cached profile contains things like GPOs? I'm educated enough to understand what all these things are generally, but when it comes to specifics, i'm largely in the dark. For example, If I go into internet options in internet explorer I see "Some settings are managed by your system administrator". is that a GPO that is cached to the local hd? Is it a GPO at all?

     

    Also, as I understand it, our modem used to be a bridged mode and so it just forwarded the internet connection to the next piece of equipment down the line, being the firewall.  When we came across network issues is when we took it off bridge mode and it started handling DNS/DHCP. If we were to change it back to bridge mode, would it automatically pick up where it left off since it was setup and working before we made the changes to the modem?

    Tuesday, November 01, 2011 9:13 PM
  • hai,

     r u able to ping with AD SERVER from that workstation...... 

    if your dnd is working properly then if u ping you will get reply....

    As [JM]

     said local DNS server is most likely not configured correctly..Check that too.... The ipconfig /all is not displaying normal values.. Tats v have a doubt that ur DNS server is not configured correctly..........

    Regards fazil [Please remember to click this as marked as helpful if u find it useful.. This can be beneficial to other community members reading the thread.]
    Wednesday, November 02, 2011 5:26 AM
  • The GPOs settings will depend.  In this case, the computer is still a member of the domain.  Just because you are not directly authenticated, doesn't mean that all of the settings will disappear.

    With regard to the design, I would recommend that you look over the link I provided.  With regard to bridging or routing, I would say that if you have an internet router, you can simply bridge the connection to that device.  If you have multiple routers on the private side of the connection, the design adds additional complexity which is not required.

    In a SOHO design, the internal hosts would use an internal DNS server hosting the AD zone.  That DC/DNS server could then use the root hints for internet name resolution, or just forward DNS to the ISP.

    For more information on Forwarders, take a look at this link:

    http://itgeared.com/configure-dns-forwarding-in-windows

     


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube
    Wednesday, November 02, 2011 1:23 PM