Unable to Add Computer to Active Directory

[Grok]

Baffled. Apparently not many people have a problem adding a computer
to the active directory, because there are not many troubleshooting
guides for this particular problem.

1) AD: 199.222.xxx.xxx
2) Comp to Add: 64.53.xxx.xxx

Both are on internet, across town from one another, same ISP.

I have verified connectivity(ping), have made sure (2) is using (1) as
its only DNS, yet when I tell new comp to join the domain, I get a
dialog for the user account, type Administrator and the password.
After a long (30 secondsish) pause, I get a message "Network Path Not
Found". Yet the machines can and do see each other over TCPIP.

dcdiag indicates no problems with (1).

Does anyone have any ideas OR is there a step by step troubleshooting
guide to adding computers to the active directory that goes BEYOND DNS
problems?

Much advance thanks,

Grok

 

[Scott Harding - MS MVP]

If you are using the Internet to do this that may be the problem. Many ISP's
are closing ports on their routers and you may be running into problems
because of this. Do you have firewalls between these sites? Can you do an
nslookup from computer 2 and get an answer from computer 1? Does it find the
server when you do nslookups?

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

scrockel@***No_SPAM***hotmail.com

 

[Matjaz Ladava [MVP]]

Probably your ISP is blocking RPC traffic. You could instead implement a VPN
connection and then join computer to the domain. It is much safer this way.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

 

[Grok]

I think you are probably right. We were going to check for blocked
ports last night but didn't get around to it.

We're attempting to do a proof-of-concept where there is a server in
Texas we want to upgrade to new hardware AND Win2003 from Win2000, but
we don't want to lose all the user accounts, SAM, ACLs, NTFS
permissions on the 20+ websites it is hosting.

The idea is to build a 2000 to mimick the current server, install
active directory, then build the 2003 server, join it to the 2000
domain, make the 2003 a backup, kill the 2000, dcpromo the 2003, then
move the hard drive from the 2000 to the 2003 box. With any luck, all
the original accounts are intact and users won't notice a thing.

Grok

 

[Matjaz Ladava [MVP]]

VPN would be your choice to setup site-to-site network connection. It is
better that open internet. One thing that you must keep in mind. If you plan
to introduce Windows Server 2003 to your domain as DC you will have to
upgrade domain schema.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;325379

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com