none
Can't join Win 7 to domain

    Question

  • Hi,

    I previously used an XP computer on the domain wth a name like 'mylaptop'.

    I replaced the drive and have Windows 7 Ultimate installed and am unable to join the computer 'mylaptop' to the domain. I've done these things...

    1. Ran NSLOOKUP to verify I can see the domain controller
    2. Manually entered the DC IP number in DNS
    3. Disable IPv6
    4. Enabled netbios over TCP
    5. Can successfully ping both DCs
    6. Disabled all firewalls
    7. Tweaked secpol.msc settings as described in other posts
    8. Asked the domain administrator to manually remove the computer from the domain.

    I'm not an admin, but I was given rights to join a computer to the domain. I can successfully use remoted desktop to get to other computers. I can browse the network and manually enter credentials to see shares. Networking seems to be OK.

    When I attempt to join, I get the message:

    Your computer could not be joined to the domain because the following error has occurred: No mapping between account names and security IDs was done.

    or this error:

    The join operation was not successful. The could be because an existing computer account having the name xxxx was previously created using a different set of credentials. Access is denied.

    Any help is appreciated

    Monday, August 17, 2009 3:43 AM

All replies

  •    You will either have to change the name of your computer or get a domain admin to remove the existing computer account which has the name you want to use.

    Bill
    Monday, August 17, 2009 4:38 AM
  • Hi Bill,

    Already tried removing the account from the domain (item #8). Also tried to join with a new name with same errors.

    Any other thoughts?

    Monday, August 17, 2009 2:39 PM
  • Hi Bill,

    Tried PowerShell add-computer with no success.

    Also tried suggestions below with no success...

    LukeSkywalker wrote:
    Hello,

    Before I go any further, this posting is a solution (or an article to give ideas) for those people that are having problems with Vista in a corporate or advanced home networking environment. Sometimes, I am so upset by the problems I encounter when using computers that I have to do my bit for world peace and share some knowledge in the vain hope that others may be spared the frustration.

    Problem: When adding a computer running Windows Vista to a domain, you receive the following error:

    Access Denied

    In fact, there's a lot more to the error message than this, but it ends with those two words. I've tried to recall the rest of the long message but the jist of it is that its saying it could be caused by an existing computer account on the domain and to rename the machine or remove the account - which is all lies.

    Solution: Unsecure your Vista PC, because afterall, there's no way of pinpointing which of the millions of restrictions are preventing you from getting on with your life.

    I admit that I have muddied the waters somewhat as another error I was receiving told me that the SRV record for my DC was not available in DNS*, but essentially I did the following:

    Ensured that the problem was due to local rights by entering an intentionally incorrect domain administrator username and password - this gave a different error message
    Opened MMC (mmc.exe) and added the Local Computer Policy snap-in (File menu).
    Navigated to Computer Configuration\Windows Settings\Security Settings\Local Policies
    Opened User Rights Assignments
    Added the Administrators group to the right: Add workstations to domain
    Opened Security Options
    Disabled the option: Domain member: Digitally encrypt or sign secure channel data (always)
    Disabled the option: Domain member: Disable machine account password changes
    Disabled the option: User Account Control: Admin approval mode for the Built-in Administrator account
    Set "Elevate without prompting" on: User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode
    Disabled the option: User Account Control: Run all administrators in Admin Approval Mode
    Opened Windows Firewall with Advanced Security
    Switched off Windows Firewall for all three profiles
    Ensured that my time settings and timezone were the same as the server's
    Upgraded my newly installed Windows 2000 domain controller to SP3
    Note that once you've joined the domain, the local policy will become obsolete anyway.

    Now Reboot. Although apparently happening live (Vista doesn't hesitate in putting up a red shield in the system tray as soon as you tweak the settings), the solution needs a restart. I only did this after reading that with UAC switched on, your administrative account actually runs Explorer with two security tokens, and most activities are performed using the plebian user token (so you're never really an admin) - this led me to think that the add to domain wizard was actually running in pleb mode. The restart worked and I was able to get myself on my domain. The end.

    I must admit that it is a shame that Windows cannot tell you what settings are effecting a security block. The solution becomes one of all or nothing; my new-build apartment has a legally required smoke-detector just above the door to the kitchen - you know, that place where you make heat and smoke - consequently I've had to crippled it with a rubber item usually associated with birth control. So I am unprotected from fire in the living room and I am unprotected by Microsoft's new security features.

     
     

    Monday, August 17, 2009 4:13 PM
  • Update:

    I took the laptop to a domain admin and he was able to join the computer to the domain. It appears that even though I have rights to join to a domain, in XP, that doesn't mean it will work in Win7. Is there another permission that needs to be granted for a non-domain admin to be able to join to a domain?

    Thx

    Tuesday, August 18, 2009 12:40 AM
  • The domain users has permission to join the computer to the domain by default. We do not need any other additional permission.
    Wednesday, August 19, 2009 7:44 AM
  • can't join a win 2008 domain Windows Server 2008 R2

    When joining a domain a recivied a error that the logon failure: user name or bad password , I'm an using the admin name and password to join I have 3 vista computer that have join the domain i can't even remote to the win7 computer password wrong or user name bad

    1. Ran NSLOOKUP to verify I can see the domain controller
    2. Manually entered the DC IP number in DNS
    3. Disable IPv6
    4. Enabled netbios over TCP
    5. Can successfully ping both DCs
    6. Disabled all firewalls


    I need help
    Wednesday, August 26, 2009 8:01 PM
  • I had the same issue. I re-installed the OS (AKA restore) and it worked. The best way is to join B4 installing anything else.

    Bobac

    Wednesday, March 31, 2010 3:36 PM
  • I had the exact same issue and all I did to fix it was to use the full login when it prompts me for the domain rights i.e. domainname\username.  It may be an issue with the domain not resolving properly so also check that the correct domain is entered and that the computer actually has access to your domain controller.  Try domainname instead of domainname.company.com. 
    Friday, June 01, 2012 6:34 PM
  • Hi all,

    I had this same issue. I checked and confirmed that its issue with the windows lived messenger credentials which stored in your control panel. Go-> control panel-> credential manager->in generic credentials you can see id: virtualapp/didlogical select and remove from vault. Try to rejoin the domain will fix it.

    Monday, July 16, 2012 3:16 PM