Let us find the configuration sheet on your Windows 8 machine so that it
can join
a domain; I began by
clicking on the Computer (Icon), then Properties. That took me to the Control Panel
System and Security, System. The next step, which you can see on the screen below,
is to click on 'Change
settings'.
Connecting to the Domain
From the System Properties sheet, Click on 'Change' and set the
radio button to 'Domain:' now type the name of YOUR domain in the 'Member
of' box. See screenshot below.
In my example I used BigDom, if this did not join my Windows 8 machine to
the domain, I would have typed the fully qualified domain name, e.g.
BigDom.Local Incidentally you could use the same technique to
join a Workgroup.
Guy Recommends 3 Free Active Directory Tools
SolarWinds have produced three Active Directory add-ons. These free utilities
have been approved by Microsoft, and will help to manage your domain by:
Microsoft client operating systems have been joining Windows domains since NT
3.5. Each new client employs the above technique, but for each successive
operating system Microsoft introduce
adjustments to the under-the-covers joining procedure, which seem to throw up
connection problems for certain DNS and security configurations.
a) Is this a permissions problem? Make sure you have the domain
administrator's password.
b) Or more likely, is it a connectivity problem, your Windows 8 machine
cannot connect to the domain controller?
Check the Basics Can you ping the Domain Controller?
Can you view the server from
the Control Panel, Network? If yes, then examine the Windows 8 client's
TCP/IP values.
Microsoft's Detailed Troubleshooting Advice
The domain name "BigDom" might be a NetBIOS domain name, which
differs from the DNS name. If this is the
case, verify that the domain name is properly registered with WINS.
If you are certain that the name is not a NetBIOS domain name, then
Microsoft supplied this information to help troubleshoot your DNS configuration.
The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate an Active Directory Domain
Controller (AD DC) for domain "BigDom":
The error was: "DNS name does not exist." (error code 0x0000232B
RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.BigDom
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not
registered in DNS. These records are registered with a DNS server
automatically when a AD DC is added to a domain. They are updated by the AD
DC at set intervals. This computer is configured to use DNS servers with the
following IP addresses:
192.168.1.200
- One or more of the following zones do not include delegation to its
child zone:
BigDom . (the root zone)
Note: This information is intended for a network administrator. If you
are not your network's administrator, notify the administrator that you
received this information, which has been recorded in the file
C:\Windows\debug\dcdiag.txt.
Full Computer Name - System Icon One way of
launching the System Icon is to hold down the Windows key and press the
Pause / Break key.
My first suggestion is to line-up the client's computer name with the
domain name.
Click on 'More..' and append the full dns name to the simple computer
name, and append the full dns name, for example
Win8.BigDom.local. After the reboot try again to join Windows 8 to the domain.
Check DNS with Ipconfig Despite your best efforts to
make your Windows 8 machine part of an Active Directory domain, you still
get error messages such as:
'The following error occurred attempting to
join the domain. An attempt to resolve the DNS of a DC failed'
It is vital that the
Windows 8 computer can resolve the domain name of the Active Directory that
you are trying to join.
Ipconfig /all always reveals interesting information, particularly the DNS
configuration.
Follow up by testing with ping: ping server.domain.com.
Plain ping server, yields useful clues as to whether it's a firewall
problem or a faulty DNS configuration at the Windows 8 client. The situation maybe that ping or ICMP packets are allowed through the firewall, but the ports needed to join the domain are blocked.
NSLookup may also help troubleshoot DNS problems.
TCP/IP Adapter Settings Visit the Network and Sharing Center
(in the Control Panel), select the adapter then check:
'Change adapter settings'. Does it have the
correct DNS server in the TCP/IPv4 property sheet?
If it already receives an IP Address and a DNS server address via DHCP then this
less likely to be the root problem, nevertheless you could manually edit the
DNS IP address:
'Use the following DNS server addresses: Preferred DNS server'
Another
idea is to specifically set the DNS address to the Windows Server, normally this is one
and the same machine, but if DNS has its own server, this may enable
you to join Windows 8 to the domain. If you experiment with different values for the IP address you don't need to reboot
Some people prefer to disable IPv6, then try again to change from
a member of a Workgroup to member of a Domain.
Tip 1: Ipconfig /flushdns clears the cache if you are
trying to ping different TCP/IP addresses.
Client for Microsoft Networks Only once have I seen a
machine where the Client for Microsoft was missing, as this is required for
joining a Windows domain make sure its box is ticked. (See right)
I have also heard of problems with a disabled Netlogon service being the root cause
of a Windows 8 machine failing to join a domain. Check this and
dependent services by launching services.msc.
Tip 2: It's always worth comparing the setting is a second machine,
preferably one which has joined the domain.
Bridged Ethernet for Virtual Machines I have not tried
it myself, but I read that changing the networking setting under Virtual
Machine to Bridged Ethernet allowed Windows 8 to connect to domain.
Tip z: When things go wrong, and I eventually find a
solution in the logs, I always vow that next time I will start
troubleshooting in system Event Log!
Encouraging computers to sleep when not in use is a great idea -
until you are away from your desk and need a file on that remote sleeping machine!
Wake-On-LAN really will save you that long walk to awaken a hibernating
machine; however my reason for encouraging you to download this utility is
just because it's so much fun sending those 'Magic Packets'. As Wake-On-LAN (WOL) is free, see
if I am right, and you get a kick from arousing those sleeping machines.
WOL also has business uses for example, wakening machines so that they can have
their patches applied.
This is Guy's most contentious
advice; almost nobody else recommends this albeit temporary security breach. There are two reason that I disable the firewall
when I am troubleshooting, firstly it has been to know to suddenly
enable the Windows 8 computer to join the domain. Secondly, if I don't
disable the firewall my brain cannot seem to move on, and it fixates on that
idea when I really want to try another troubleshooting tactic.
I found the firewall settings thus: Control Panel, Windows Firewall. In a more sophisticated domain, you
will
probably have other firewall settings, however the principle is the same.
Windows Server 2008: Firewall Status - Off
Windows 8 Computer: Firewall Status - On
As a compromise you could keep the firewall turned on for the public
network, and try turning off for the work or private location.
One sign that it was indeed a firewall problem was when I ran the command: ping server. I got a reply from not from plain server, but from server.domain.com. This was an indication that not only were the
ICMP (ping) ports open, but also that DNS was correctly configured and resolved my request for server to the fully qualified server.domain.com.
As I only got this response after disabling the firewall, my conclusion was firewall was blocking the ports needed
for Windows 8 to join the domain.
Even by opening
ports, 389, 135, 88 and 53 I still could not join the domain. This is why I took the ruthless approach and just temporarily turned the Windows Firewall Off on the server
side.
»
Rumours and Red Herrings About Joining a Domain
WINS
I heard a rumour that the only way to solve problems such as 'The following
error occurred attempting to join the domain', was to enable WINS. All
I can say is that WINS did not help in my situation.
Creating a
Computer Account in Active Directory
While there is no harm in creating a computer account in the name of the machine that you want to join to the domain, this is neither essential, nor is it the root cause of this error. The only
problem that creating a computer solves is if the account that is trying to join the
Windows 8 machine to the domain, is NOT a Domain Admin. Even in this situation,
Windows 8 provides a dialog box so that
you can enter the name of Domain Admin and thus overcome permission problems.
Window 8 either joins the Active Directory domain easily, or else requires a
deal of troubleshooting involving DNS name resolution.
In my troubleshooting experiments one way of persuading a
Windows 8 machine to join an Active Directory domain was turning off the
firewall at the Windows Server 2003 end. In my opinion 'The following error occurred attempting to join the domain' is most likely to be a firewall problem. The other possibility is that the
TCP/IP settings for DNS are incorrect. Fortunately it's easy to check the DNS name resolution by using ipconfig and ping.
If you like this page then please share it with your friends
