1

I'm trying to join a Windows Server2012R2 to a Server2012R2 domain. I've added another server to this domain successfully. All servers are running via VMPlayer 12 from a Windows 10 host.

The new server cannot ping the IP address of the DC but it can ping it using the DC's name. The DC cannot ping the new server. Both servers are in the same subnet and both can ping the default gateway and also get to the Internet.

I'm using a Powershell script:

 Add-computer -DomainName bigcompany.com -OUPath “OU=Servers, DC=bigcompany,DC=COM” -Credential bigcompanyDC\Administrator -Restart

Where should I look to resolve this?

ALSO: I'm not sure why the Admin user for the DC logs in via bigcompanyDC rather than just bigcompany?

I'm learning Server 2012R2 administration.

Thanks to all for any comments, help, hints, etc.

RON

Ron
  • 113
  • Ron, you'll have better luck if you post this question at https://serverfault.com. – Sam Erde Jun 29 '17 at 16:19
  • I did and was told to ask it here. – Ron Jun 29 '17 at 17:26
  • What is the result of nslookup bigcompany.com? – FastEthernet Jun 29 '17 at 18:08
  • bigcompany.com is purely a domain name hosted by the DC (which is a VM). I set my dns servers to 8.8.8.8 but....maybe they should be...an internal address? (As I mentioned I am studying 2012R2 admin) – Ron Jun 29 '17 at 18:43
  • 2
    The server you are trying to join to the domain should point to the DC as its primary DNS server. So if the DC has an IP address of 10.10.10.1, the member server should have 10.10.10.1 as its primary DNS server. Then you should be able to join it to the domain. – FastEthernet Jun 29 '17 at 19:58
  • Thanks!!! I will reconfigure that and report back!! Appreciate it. – Ron Jun 29 '17 at 23:31
  • THANKS!!! That worked perfectly. It is much appreciated. (As an aside, I strongly believe that when studying something new(er) like server 2012R2 admin, making mistakes is a great way to learn since in the real world, things often do not go right. Again, thanks a lot. – Ron Jun 30 '17 at 03:04

1 Answers1

0

Verify that the DNS settings of the server and DC are correct. The member server should point to the DC as its primary DNS server, and the DC should point to itself (127.0.0.1) as its primary DNS server, if no other DCs are available. If another DC (that is also running DNS) is available, you should list the other DC as the primary DNS server, and the loopback address as the secondary DNS server.

When you attempt to join a domain, the client queries its DNS server for an SRV record named _ldap._tcp.dc._msdcs.DomainName (e.g. _ldap._tcp.dc._msdcs.contoso.com) to locate a domain controller for that domain. If your DNS settings are incorrect, the client will not be able to locate a DC and as a result be unable to join the domain.

Rule of thumb when troubleshooting AD issues: It is always DNS.

I'm not sure why the Admin user for the DC logs in via bigcompanyDC rather than just bigcompany?

It is possible that the NetBIOS name of the domain has been set to bigcompanyDC. You should be able to use bigcompany.com\Administrator as well. You can verify the NetBIOS name by doing either of the following:

  1. Run PowerShell on the domain controller and run the following commands:

    Import-Module ActiveDirectory

Get-ADDomain –Identity domain.com

or using the graphical interface:

  1. On the domain controller, open Active Directory Users and Computers from the Tools menu of Server Manager
  2. Right-click the domain in the left pane and click Properties. The NetBIOS name will be shown in the textbox below Domain name (pre-Windows 2000):

enter image description here

DNS Records that are required for proper functionality of Active Directory
DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry
Finding the NetBIOS Name of a Domain

FastEthernet
  • 5,017
  • First off, I want to that you very much for your replies. Both the original reply, which I followed and that worked, and this one are exactly what I was looking for. I especially wanted to know what exactly is going on when the client queries its DNS server in order to join to a domain.

    I am extremely appreciative!!

     – Ron Jun 30 '17 at 12:57
  • You're very welcome :) If my answer solved your issues, please click the checkmark next to it to mark it as the accepted answer. Thanks! – FastEthernet Jun 30 '17 at 13:06
  • An additional question: When I run get-childitem :env on the non-domain computer which I successfully added to my domain, I get the following line:

    userdomain: 410Server2 (which is the hostname of the server) but this server is part of bigcompany.com, so why doesn't that show up? In fact, bigcompany.com does not appear anywhere when I run get-childitem env:

     – Ron Jun 30 '17 at 14:07
  • Are you by any chance logged on as a local user? Run whoami and review the output. – FastEthernet Jun 30 '17 at 14:14
  • 410servrer2\administrator – Ron Jun 30 '17 at 14:39
  • That's a local user. You need to sign out, select "Other user" and then sign in as a domain user, e.g. Bob@bigcompany.com – FastEthernet Jun 30 '17 at 14:45