Saturday, August 25, 2007

Problems adding a Vista machine to a domain

A few months ago, I had trouble adding a Windows Longhorn machine to our domain. Yesterday, I experienced the problem again while trying to add my new laptop, which is running Windows Vista Ultimate, to our domain. Personally, I think there is something wrong with our domain controller, but I can't prove it. Plus, searching the web has revealed that only a select few of us unlucky individuals are experiencing this problem. At any rate, I fixed the problem as follows:

Update: I recently sat down with a fellow co-worker and he managed to add his Vista machine to our domain using Step 3 & 4 only.

Step 1:
On the Local Security Policy form change the Network Security: LAN Manager authentication level to the proper setting for your domain.

I could not login to another computer on our domain much less add my computer to the domain until I adjusted my Network Security: LAN Manager authentication level to Send LM and NTLM - use NTLMv2 session security if negotiated; however, you might want to login to a share on an existing computer in your domain to see if you need to do this. Even better, check the Network Security: LAN Manager authentication level on an existing XP machine registered in your domain to get the correct setting.

How to get to
Local Security Policy form:
Start->Control Panel->System and Maintenance->Administrative Tools->Local Security Policy

On the Local Security Policy form, click on the Security Options tree node:
Security Settings->Local Policies->Security Options

In the policy column, look for Network Security: LAN Manager authentication level
and change the Security Setting column to
the proper setting for your domain.



At this point, you should be able to login to a share on a computer in your domain. If not, reboot and try it again.


Step 2:
Give administrators the right to add a computer to a domain.

On the Local Security Policy form, click on the User Rights Assignments tree node:
Security Settings->Local Security Policy->User Rights Assignments

In the policy column, look for Add workstations to a domain and change the Security Setting column to Administrator




Step 3:
Change the computer name to the desired name.


How to get to the Computer Name/Domain changes dialog:
Start->
Control Panel->System and Maintenance->System
In the Computer name, domain and workgroup settings, left click "Change settings"




Step 4:
Use Netdom.exe to add the computer to the domain.

netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:UserPassword

Notes:
  • Yes, there is a letter "d" after user and password in the netdom command.
  • I could not find the netdom.exe application on Vista. I cheated and installed it on an XP machine and copied the netdom.exe to my Vista laptop. On your XP installation disk, you must run the setup.exe under Support/Tools. Afterwards, you will find it under c:\program files\Support Tools\Netdom.exe


References:

3 comments:

Nazz said...

can i do the same from command line or with some batch files

Dave said...

Nazz,

The netdom command was run from the command line.

Dave

Anonymous said...

this fixed the problem I was having too...thanks for leaving it around to be found.