Authenticating on Windows 2000 Server

I don't really have much experience with Active Directory, just enough to do a DCPROMO to upgrade my server to a domain controller.

Could someone help me with the steps, both on the server and client, for authenticating my Windows 2000 Professional machine on a Windows 2000 Server? When I try to connect from my Pro machine to the domain that I have setup I keep getting an error indicating that the domain cannot be found.

Thanks guys.

I don't have much experience with it beyond a training class a while back. The one main thing I do remember is that it depended on DNS quite a bit. In theory, the server should be the DNS server for the Pro machine. If thats not possible, there may be a way to work around it with host files, but I'm not sure what to put in there to have the Pro machine find the domain.

Believe it or not, I have been searching high and low on the net for information on how to acheive this... and found nothing.

Can anyone give me a starting point?

I'll dig up my Windows 2000 training material next time I am at work (Sunday). I should be able to hopefully dig up the info you need.

In your W2K pro machine did you actually ever join the domain? Go to network and dialup connections and look under Advanced/Network Identification and then go to properties. If you are a member of a workgroup then change it to domain and join your W2K AD Domain. Hope this helps.

Steve

Yeah, did that. That is where my problem is.

It asks for either the admin username or password (can't remember) and I think the computer name. That is when it tells me that it can't find the network resource.

Windows NT (and windows 2000) boxes have a negotiated computer account name and password. This is so the two computers can establish a security trust releationship. You cannot join an NT/2000 workstation to a domain unless you've got the necessary privileges.

If you are not the administrator of the network, you will most likely need to call the admin before you can join it to the domain. This is standard practice in any windows network, and your company probably already has a procedure in place for handling this situation.

I think that's the biggest problem... I'm the administrator of the network.

Heh.

Okay, something to know: The computer's name is inexorably linked to that security trust relationship I mentioned. If the trust happened to get broken (and there's a few different ways that could have happened, including if you imaged the drive and restored the image), then you will never be able to join the computer to the domain as long as it still has that name.

You might want to try renaming the computer to a previously-unused name, and then when you try to rejoin the domain, give it your domain administrator password in the box you mentioned.

Maybe I should start over and tell you the steps that I've taken. This is a brand new installation:

Install Windows 2000 Server on NTFS partition
Use DCPROMO to install Active Directory
Active Directory installs DNS and adds forward and reverse lookup zones
Use the network identification wizard on a Windows 2000 Professional to:
- specify this machine as part of a business network
- specifiy my company uses a network with a domain
- supply the wizard with the administrator's username/password and domain

When I do all of this, the system says that it cannot find an account for my computer of the specified domain. It asks me for the computer name and domain. I specify the name of my Professional machine as well as the domain I am trying to join.

This is where I get stuck. Any ideas?

supply the wizard with the administrator's username/password and domain

When you supplied the administrator's password, what format was it in?

Was it:

Administrator

or was it:

Domainname\Administrator

?

Sometimes, in Windows stuff, the latter is needed.

What format was the question "Administrator" or the format that I typed it in?

It asked me for "Administrator Username", "Administrator Password" and "Domain".

When it asked you for the administrator's user name... did you just type in "administrator"?

I don't know about that particular tool, so this is just a stab in the dark. But sometimes, on Windows systems, when dealing with cross-trust situations, you have to enter the name as "domainname\username" for it to work. Otherwise, it thinks you're talking about the local computer's user account, which is a different thing.

So, for instance, when it asks you for the domain administrator's user name, and your domain is called "foobar", then you sometimes have to enter: "foobar\Administrator" in order for it to work.

Again, this is just a stab in the dark as I haven't used that wizard tool.

Tony... I'll give that a shot and keep you updated.

Thanks for your help.

This all sounds totally familiar. I went through exactly the same process several months ago with my machines at home. I had exactly the same problem.

The the end I just gave up and plan to reinstall the server as a simple NT Domain PDC instead at some point.

Win2k bein so DNS dependent it sounds like you dont have your workstation DNS setup, or pointin to the wrong place. Try makin sure DNS is pointin at ur domain controller.
At least, thats what i did wrong last time i got that error.