Skip to main content

Join a server core to a domain

By

Objective: join a server core to a Windows domain.

Requirements: You need to know the username and password of an account that has permission to join a computer to the domain in question.

Type NETDOM JOIN machine /Domain:DomainName /userd:username /Passwordd:*

Machine is the name of the computer to be joined to the domain.
DomainName is the name of the domain that is being joined.
UserD is the username of an account with the Add Workstation to Domain user right.
PasswordD:* tells the computer that you will manually enter the password for this user and to prompt you for it.

Opitonally, you can specify which OU to place this computer object in. This is preferable if Active Directory is set to place all new computer objects in the Computers container. Since we cannot apply Group Policy to the Computers container, this represents a hole in your security. To do this, add this line after the domain name: /OU:ou path.

A common error when executing this command is in typing the /USERD and /PASSWORDD switches. The mistake is made in not adding the “D” to the end of the switch.

Exercise 1: Verify connectivity and name resolution to the domain controller.
A common problem at this stage is that the computer that you want to join to the domain cannot communicate with the server. Task 1 will help you set a static IP address to the client if necessary. Task 2 will add a DNS server to your IP settings.

Task 1: Get the name of the interface you want to set an IP address for.
· Type netsh interface ipv4 show interfaces
· Press Enter
· Record the name of the interface you want to set a static IP address for. Sample output is below.
Idx Met MTU State Name
--- --- ----- ----------- -------------------
3 5 1500 Connected Local Area Connection

· Local Area Connection is the name we are interested in.
· To simply the typing, you can also user the Idx value of 3.
· Type netsh interface ipv4 set address name=3 source=static address=10.10.1.10 mask=255.255.0.0
· Optionally, you can add a gateway address by appending gateway=address to the end of the command.
· In the Name parameter, we used the Idx value. We could have also typed “Local Area Network”.
· Type IPConfig /all and verify that all data is correct.

At this point, you should be able to ping the server by IP address, but not by name.

Task 2: Add a DNS server to the IP settings on the client.
· Type Netsh interface ipv4 add dns 3 10.10.1.1
· Press Enter

The “3” represents the index number of our NIC from Task 1. You can also put the full name of the adapter here. The address 10.10.1.1 is the IP address of the DNS server. At this point, you should be able to PING the server by name.



Exercise 2: Add the computer to the domain.
· Type NETDOM Join Geyser-Core /Domain:DomainName/userd:UserName /password:*
· When prompted, type in the password.
· You can verify this by checking Active Directory or by typing GPResult /r on the server core and verifying the data.

Labels:

Comments

Post a Comment

Popular posts from this blog

Sticky Key problem between Windows Server 2012 and LogMeIn

By
This week I instructed my first class using Windows Server 2012 accessed via LogMeIn and discovered a Sticky Key problem every time you press the Shift key. Here is my solution to resolve this.  First off, in the Preferences of LogMeIn for the connection to the Windows Server, click General . Change the Keyboard and mouse priority to Host side user and click Apply at the bottom. On the Windows 2012 server, open the Control Panel – Ease of Access – Change how your keyboard works . Uncheck Turn on Sticky Keys . Click Set up Sticky Keys . Uncheck Turn on Sticky Keys when SHIFT is pressed five times . Click OK twice. If you are using Windows Server 2012 as a Hyper-V host, you will need to redo the Easy of Use settings on each guest operating system in order to avoid the Sticky Key Problem. Updated Information: March 20, 2013 If you continue to have problems, Uncheck Turn on Filter Keys .
6 comments
Read more

With the AD Recycle Bin Turned on, What Happens when you Create a User Account with a Password that does not meet the Password Policy?

By
This was an interesting observation from one of my Windows Server 2012 classes.  While working with the AD Recycle bin in a lab, one of my students discovered some interesting accounts that were created. When he created user accounts that did not meet password complexity requirements, an account is temporarily made and then deleted.  When a new password is provided that meets the password requirements, then a new account is made. We discovered this in two places.  First off in the Active Directory Administrative Center.  This is what caused the initial confusion.  Take a look.  This is in the Deleted Objects OU. You can see multiple deleted accounts for Test2 and one for Test3.  Test3 is a valid, functioning user account.  Using the PowerShell command Get-ADObject –IncludeDeletedObjects –Filter * –Properties ObjectSID we can see that indeed, two accounts were created, with one of them deleted. Notice the RID portion of the SID is different. ...
Post a Comment
Read more

Where did a User’s Account Get Locked Out?

By
Updated: May 15, 2015 When this article was originally published, two extra carriage returns were add causing the code to malfunction.  The code below is correct.   My client for this week’s PowerShell class had a really interesting question. They needed to know where an account is being locked out at. OK, interesting. Apparently users hop around clients and forget to log off, leading to eventual lock out of their accounts. The accounts can be unlocked, but are then relocked after Active Directory replication. This problem is solved in two parts. The first one is to modify the event auditing on the network. The second part is resolved with PowerShell. The first part involves creating a group policy that will encompass your Domain Controllers. In this GPO, make these changes. Expand Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Advanced Audit Policy Configuration \ Audit Policies \ Account Management Double click User Account Management C...
18 comments
Read more