Active Directory: Joining a Domain

All IT Professionals cross their fingers when joining a computer to a domain. This is because everything has to be perfect; one mistake and it fails. In this guide, I will attempt to explain important settings, which are often configured incorrectly. Be mindful of the DNS information provided below. Incorrectly configured DNS settings account for 90% of Active Directory problems.

• Your first DNS entry in your TCP/IP settings must be your Primary Domain Controller. If you only have one domain control, your secondary DNS server should be blank!! By including DNS servers from outside of your domain, it is extremely possible that your computers will fail to register with Active Directory's DNS. Initially, a secondary outside DNS server will not cause an issue. However, this will cause you major network resource problems down the road. If you did not have the correct DNS settings, restart your computer after making the change. This will ensure you are registered with DNS. If you use DHCP on your network, please update your DHCP server to give out the correct DNS information to your clients!
• On your Primary Domain Controller, your primary DNS setting must be 127.0.0.1 (alternatively, it can be the actual IP address of itself). The only time you have a secondary DNS server is if you have more than one server running Active Directory, otherwise it should be blank. Place ISP provided DNS IP addresses in your actual Administrative Tools: DNS snap-in, otherwise all computers on your network will only resolve local addresses.
• You need to be able to ping the name of your Primary Domain Controller. If you ping SERVER1 and do not get a result, first try to ping the IP Address manually (i.e. ping 192.168.1.10). This will help narrow down your point of failure. Are you even able to get onto the Internet? Unless you are doing some weird VPN or building-to-building configuration, make sure your netmask, network, and gateway are the same as on the server.
• Try disabling the firewalls on both the server and the client computer. While on XP machines this can be done by killing the service, I have seen Server 2008 and Windows 7 machines completely lose network access when the Windows Firewall Service was shutdown. To prevent this from happening, use the Windows Firewall with Advanced Security window to manually turn off your firewall instead of killing the service.
• When joining a domain, you can enter just the domain name (i.e. "contoso") or you can enter the Fully Qualified Domain Name (FQDN) "contoso.local". Sometimes a computer will not let you join unless you use the FQDN, but other times it fails until you drop off the ".local". Make sure to try it both ways.
• It's not a bad idea to install all of the Microsoft Updates on the server as well as on the client computers, including any optional group policy client side updates.
• If all else fails, sometimes the File and Printer Sharing protocol, located in the Network Adapter settings for your Primary Domain Controller, must be uninstalled and then reinstalled. This is done by unchecking it in the properties of your "Local Area Connection", restarting your server and then rechecking it again. I have only had to do this one time in my entire career.
• If you do not see an option to join a domain, you are most likely running a Home version of Windows. You need to have Windows XP Professional, Windows Vista Business, Windows Vista Ultimate, Windows 7 Professional or Windows 7 Ultimate in order to connect to a domain.

If you encounter any errors or problems that this guide was unable to resolve, please post your error message below. One of the techs here will be more than happy to give you some pointers and help you resolve your issue.

About James Watt

James Watt is currently President of Tech Direct Services, an IT firm located in Pittsburgh, PA. His firm supports numerous clients on various platforms. He has 10+ years of Windows and Linux experience as well as an Associates Degree in Information Technology.