Re: Upgrade PDC to AD

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Herb Martin (news_at_LearnQuick.com)
Date: 01/04/05 

Date: Mon, 3 Jan 2005 21:12:18 -0600

"Scottm" <scottm@eta-utah.com> wrote in message
news:1104798775.025610.231850@f14g2000cwb.googlegroups.com...
> I did a Upgrade install of my NT 4.0 PDC to 2003 and
> performed the AD install. The computer and user accounts
> were successfully transfered (from NT domain), the problem
> is that the client workstations cannot login into the
> domain unless I remove them from the domain (to
> workgroup), and then readd them to the domain.
> The clients that have not been readded have the following
> error:
>
> Windows cannot connect to the domain either because the
> domain controller is down or otherwise unavailable

It actually sounds like a DNS error -- perhaps the computers
don't have the DNS name in their OWN DNS properties but
I am not 100% sure how that causes (and is automatically
fixed.)

It is also worth trying to RESET a computer account before
re-adding it to the domain (AD Users and Computer, right
click, reset...)

> I have about 200 clients, and don't want to have to
> manually remove and then add each workstation. Does anyone
> know why the AD domain controller won't authenticate
> without readding the workstations?

It could be (related) to your DNS setup but again it doesn't
quite fit one of the well-known patters. I suspect that during
the re-add something else is being changed....

DNS for AD
    1) Dynamic for the zone supporting AD
    2) All internal DNS clients NIC\IP properties must specify SOLELY
        that internal, dynamic DNS server (set.)
    3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

    nltest /dsregdns /server:DC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain. 

-- 
Herb Martin
>

Relevant Pages

  • Re: Domain controller cannot ping workstations by FQDN
    ... ping dc1.mycompany.com // OK ... Disjointed namespace.- AD domain name doesn't match the Primary DNS ... Using an ISP's DNS in IP properties of the DC and clients. ... This means the client workstations did not register ...
    (microsoft.public.windows.server.dns)
  • RE: 2 users 1 workstation
    ... I first checked the DNS forward look up, ... Updated the registry keys for the clients and security policies, ... Migrate-- strBat - [C:\Program Files\Microsoft Windows Small Business ... what it is (i created most of the user accounts of the same way, ...
    (microsoft.public.windows.server.sbs)
  • Re: Clients cant browse to certain websites or URLs
    ... > IP config on server: ... > DNS Suffix Search List ... ... > The workstations are all set to autodect, ... >>> still won't come up on the clients. ...
    (microsoft.public.windows.server.sbs)
  • Re: Default GP Applies to some but not all users
    ... I am trying to set up security on W2K and XP clients ... All the user accounts are in the User folder in Active ... I am able to ping dc.domain.local so I gess DNS is okay ... >OU where the GPO is linked ...
    (microsoft.public.win2000.group_policy)
  • Re: UNC, VPN site to site
    ... Are all the clients (including the XP ... > On Site A are all Microsoft ressources (DNS, Wins, PDC) We use Win NT4 ... > At the same moment, for other workstations on site B, applications are ... > For WinXP we continue to have these problems. ...
    (microsoft.public.windows.server.networking)