Access Denied Joining a domain

[Xtremist]

Just re installed 2K3 on my server because the old OS corrupted. It was previouslly the domain controller. with about 5 machines on it

I now cannot re join these machines to the domain, i get access denied message after putting in the user name and password in the join box.

I read somewhere this could be down to me not demoting the server before i formatted it so the work stations are getting confused :s

I have one machine that has never been on the domain before and that connects fine as i ran a test to see if it would.

The machines that cannot join the domain will not authenticate to let me access shares either.

How can i resolve this?

[]SK[]

If you didn't remove the machines from the old domain they will still be trying to authenticate with the old DC.

You should logon locally to the machine and put them back into a workgroup. If you don't know the local admin user and password you could look at resetting it (UBCD will allow this. You can also try "SystemRescueCd")

Sounds like you've created a lot of work for yourself. I guess you have no backup of AD from before?

[MurkWorks]

If it was a single domain controller for the domain then you better have a System State backup, or you probably have lost all your domain settings. If you had multiple domain controllers then you need to remove the old DC from AD by running ntdsutil to purge the old server out. Then you can later rejoin it.

[Xtremist]

no i have no backup of AD, this is only a home network not a business. i just want to be able to re join my pcs to the domain. im not fussed about getting old settings back.

and i have gone to the pcs locally and put them onto a work group, re started then tried to re join the domain. no luck stil get the same error.

[]SK[]

Access Denied to me means incorrect username and/or password.

[Grunt]

Remote onto each machine with local admin account.

Change each from Domain to Workgroup (just call it whatever)(if you get asked for a UN/PW, put test/test)

It will ask you to reboot the machine. DONT! just click the red X

Then put it back to Domain and enter UN/PW for domain joining account.

Reboot machine

Test

[]SK[]

Why would test/test work for a username and password?

[Grunt]

afaik it doesn't really matter. the only username and password that is needed is the one for the DC.

We do this quite often for PC's at my work. (remote desktop technician)

[Xtremist]

nope didnt work, i need to some how clear the records from the old DC out of the computer in trying to connect from. There must be a way to flush these records

[]SK[]

There is, move them into a workgroup.

You need to make sure you are logging on locally not using the domain profile. If you log into the domain profile the machine will constantly be trying to talk to the non-existent DC.

[Xtremist]

i am logging in locally, ive put the machine onto a workgroup successfully, but i cannot get it back on the domain.

i put in the domain, it asks for UN/PASS i put in the main administrator for the domain user credentials and i still get that error.

[Geoff_Vass]

Maybe try entering the credentials as DOMAIN\USER instead of just USER.

Also, are the DNS settings correct? If the machines are still using, say 192.168.0.2 as the DNS, but the server is now 192.168.0.3, it won't be able to see the domain controller.

[profets]

yeah, like Geoff_Vass says, enter domainname\username when doing the credentials.

also, regarding an earlier post with test/test.. when removing a computer from a domain to put into workgroup instead, the username/pass that its asking for would be used to properly disjoin the computer from the actual AD - which of course is no longer around so you can fill it with anything like test\test. it may give an error about not being able to remove the computer account from the domain but its all good

[MurkWorks]

Is your server configured to be a DNS server? Are your workstations pointed to the server as their DNS server? If yes, make another user account. Make it domain admin. Try joining the machines that account.