Skip to main content

Join a server core to a domain

By

Objective: join a server core to a Windows domain.

Requirements: You need to know the username and password of an account that has permission to join a computer to the domain in question.

Type NETDOM JOIN machine /Domain:DomainName /userd:username /Passwordd:*

Machine is the name of the computer to be joined to the domain.
DomainName is the name of the domain that is being joined.
UserD is the username of an account with the Add Workstation to Domain user right.
PasswordD:* tells the computer that you will manually enter the password for this user and to prompt you for it.

Opitonally, you can specify which OU to place this computer object in. This is preferable if Active Directory is set to place all new computer objects in the Computers container. Since we cannot apply Group Policy to the Computers container, this represents a hole in your security. To do this, add this line after the domain name: /OU:ou path.

A common error when executing this command is in typing the /USERD and /PASSWORDD switches. The mistake is made in not adding the “D” to the end of the switch.

Exercise 1: Verify connectivity and name resolution to the domain controller.
A common problem at this stage is that the computer that you want to join to the domain cannot communicate with the server. Task 1 will help you set a static IP address to the client if necessary. Task 2 will add a DNS server to your IP settings.

Task 1: Get the name of the interface you want to set an IP address for.
· Type netsh interface ipv4 show interfaces
· Press Enter
· Record the name of the interface you want to set a static IP address for. Sample output is below.
Idx Met MTU State Name
--- --- ----- ----------- -------------------
3 5 1500 Connected Local Area Connection

· Local Area Connection is the name we are interested in.
· To simply the typing, you can also user the Idx value of 3.
· Type netsh interface ipv4 set address name=3 source=static address=10.10.1.10 mask=255.255.0.0
· Optionally, you can add a gateway address by appending gateway=address to the end of the command.
· In the Name parameter, we used the Idx value. We could have also typed “Local Area Network”.
· Type IPConfig /all and verify that all data is correct.

At this point, you should be able to ping the server by IP address, but not by name.

Task 2: Add a DNS server to the IP settings on the client.
· Type Netsh interface ipv4 add dns 3 10.10.1.1
· Press Enter

The “3” represents the index number of our NIC from Task 1. You can also put the full name of the adapter here. The address 10.10.1.1 is the IP address of the DNS server. At this point, you should be able to PING the server by name.



Exercise 2: Add the computer to the domain.
· Type NETDOM Join Geyser-Core /Domain:DomainName/userd:UserName /password:*
· When prompted, type in the password.
· You can verify this by checking Active Directory or by typing GPResult /r on the server core and verifying the data.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to list all the AD LDS instances on a server

By
AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.
Post a Comment
Read more

How to run GPResult on a remote client with PowerShell

By
In the past, to run the GPResult command, you would need to either physically visit this client, have the user do it, or use and RDP connection.  In all cases, this will disrupt the user.  First, you need PowerShell remoting enabled on the target machine.  You can do this via Group Policy . Open PowerShell and type this command. Invoke-Command –ScriptBlock {GPResult /r} –ComputerName <ComputerName> Replace <ComputerName> with the name of the target.  Remember, the target needs to be online and accessible to you.
Post a Comment
Read more

Error icon when creating a GPO Preference drive map

By
You may not have an error at all.  Take a look at the drive mapping below. The red triangle is what threw us off.  It is not an error.  It is simply a color representation of the Replace option of the Action field in the properties of the drive mappings. Create action This give you a green triangle. The Create action creates a new mapped drive for users. Replace Action The Replace action gives you a red triangle.  This action will delete and recreate mapped drives for users. The net result of the Replace action is to overwrite all existing settings associated with the mapped drive. If the drive mapping does not exist, then the Replace action creates a new drive mapping. Update Action The Update action will have a yellow triangle. Update will modify settings of an existing mapped drive for users. This action differs from Replace in that it only updates settings defined within the preference item. All other settings remain as configured on the mapped drive. If the
1 comment
Read more