Adding Win2K PRO Workstations to a Win2K domain 5

[LATech]

Hello,

This may be a bit lengthy, and I apologize beforehand.
I just came into my job here (a public school), and I need some help/advice. They orginally had a old Novell server running their Student Information software and accounting software and a Win NT 4.0 Server (at another location on campus) used as a student software (learning software) handler along with running WIN PROXY (DHCP) for the district's Internet access. I came aboard and and replaced their Novell server with a Win 2K Server. Afterwhich I had to go through and setup everyone that uses the Student Information software to connect to the Win 2K server with no probs. They all use Win 95/98 Workstations. I setup the Win 2K server as a domain/active directory. I have not had ANY problems setting up the Win 95/98 workstations (runs their login scripts and everything).....BUT, I just received about 40 new computers and had them put Win 2K Professional on them, and I cannot get them to connect correctly to the Win 2K Server. I have to set them up to connect to the Win 2K Server as a WORKGROUP, and NOT a domain....which is strange, cause the Win 2K Server IS setup as a domain controller. I then have to log onto the Win 2K PRO workstation and create an actual user account on the computer with the same login that is used for the Win 2K Server (and rename the computer to the login of the person that connects to the Win 2K Server) before it will connect....Even then, it will not ask for a domain login/password, it is just concerned about the computer's login/pass....after you login, you can go browse My Network and you will be in the workgroup (domain) as everyone else, and see all network resources. It did not load the login script from SYSVOL like it does for the Win 95/98 machines....it seems like it is not even logging onto the network, just uses the resources when it needs them (and you have to be logged onto that computer with the same computer name, as the login setup in AD). I have to physically map network drives through Win Explorer on each station....PLEASE HELP!!! what am I doing wrong? Do I have my Server/Workstations setup incorrectly? The deal is, the Win 2K PRO Workstations that I have to setup that do NOT use the Win 2K Server (put them on the domain of the Win NT 4.0 Server) work just fine.....they see the Win nt 4.0 domain AS a domain, but do not see the Win 2K Server as a domain. ANY IDEAS? Please help!!!

Thanks

Chris Nelson
Technology Coordinator
Little Axe Public Schools
Norman, OK

 

[Mammoth]

Try this. AD uses DNS so make sure that you have the DNS server service running and that your DC's are listed as hosts. Win 95/98 can't log on locally to a domain so it does not matter for them that is why it works for them. Make sure you specify the W2KPro machines to log into the domain. Under Start>Settings>Control Panel>System>Network Identification. When you are at the log on screen you should notice a button for options. Press it and make sure that it lists your domain. Remember that AD uses DNS so make sure that your primary DNS is set to your DNS server for your domain. If you need more detailed help just goto http:\\

http://www.labmice.net

.

 

[ProfFate]

Yes, I'm very sure you cannot use an underscore "_". AD is tied into DNS, and an "_" is not a legal character in DNS. You can use a dash “-“, but not an “_”. Are you sure there is an "_" in the Domain Name? Because, when you created your domain, it would have failed right then! It would have forced you to pick a different name, before you were allowed to continue.

Mike

 

[LATech]

Yes, I am positive it did not make me try again....my domain is setup as LITTLE_AXE :-(
OK, and Mammoth, you have me a little confused (sorry :-( ) My Win 2K Server is running DNS (under services). Our main domain controller (for littleaxe.k12.ok.us) is our Win NT 4.0 Server. Maybe I have this one set up incorrectly or something.....does my new Win 2K Server need to be a back up domain controller or something? sorry guys, a bit new to this :-(

Thanks alot!

Chris Nelson
Technology Coordinator
Little Axe Public Schools

 

[butchrecon]

You cannot setup a Win2K machine as a BDC. With AD on it and no other DC's (Win2K) it will automatically take charge of your network. The thing we have to look at is settings. I know this is redundant but have you checked all TCP/IP settings and names on the Win2K machines? James Collins
Systems Support Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.

 

[LATech]

redundant is fine with me! as long as it gets things going
checked TCP/IP settings? well, they are not specifying a DNS server (automatically detects IP address etc.) because our NT 4.0 Server is the Internet server (running WIN Proxy/DNS). So the TCP/IP settings will be blank on the Win 2K machines (workstations). As far as names, I have each computer name setup as the individual user's name (ie "cnelson&quot.
Does this help or change anything?

Thanks,


Chris Nelson
Technology Coordinator
Little Axe Public Schools

 

[butchrecon]

Set up DNS as the same as your proxy and see if that helps. When you set up AD you had to point AD there correct (to the Internet server)? James Collins
Systems Support Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.

 

[chesneyj]

I have this exact problem. My server is ALLIANCE. No "_" characters or other illegal ones. All other machines are setup and running fine. I am trying to get a new laptop with Win 2000 pro to connect to the server. I have tried using the same name for the workgroup and using TEST. Everytime I try to join, I get the error "the specified domain either does not exist or could not be contacted." If I try to use the wizard, it states the same thing. Sometimes (I've been at this off and on for a month) it will see the domain and realize that the computer account I created is there but won't connect. I can't find anything on Microsoft's site about this problem.

Brenda Sherrod
Network Admin.
Alliance Architects, Inc.

 

[LATech]

If I setup the Win 2K Server the eaxct same as the Internet Server (NT 4.0), will it not effect the network state (workstations)? Will it not confuse (having two domain controllers with DNS/WIN Proxy)? Guess am confused on that.
And yes, during the initial setup of AD, I pointed it to the Internet Server as well (whether or not it went through or not, Ido not remember).

 

[butchrecon]

Then for the install of all other Win2K machine for DNS point them to the proxy/internet server address. You set up the Win2K server the same as the NT4? Why? Is that from what I typed? I apologize if I typed it that way. It does look confusing. Setup the DNS settings on all the Win2K machines to point to your DNS server (Which is the proxy server correct?) I apologize if I confused you and caused any messups with that. James Collins
Systems Support Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.

 

[nandfred]

I've had similiar login problems with a win2k pro against an AD domain, until I tried typing user@domain in the login box, then it worked

 

[LATech]

ok, if I setup the the Win 2K workstations to have the Internet server as their DC, then how will they be logging into my Win 2K Server and running their scripts?
And BTW, I did not setup the Win 2K Server exactly like the NT 4.0 server.....I just setup the Win 2K Server as a domain controller for the LITTLE_AXE domain....I have yet to change the domain name to NOT have an "_" in it yet, for it will cause WAY too much downtime....will have to do that on a holiday or weekend sometime.

Thanks,

Chris Nelson
Technology Coordinator
Little Axe Public Schools

 

[butchrecon]

Dont set them up to have the internet server as their DC just have thier (Win2K PC's) DNS settings point to the internet server. keep everything else like you had it. Once thier DNS seetings address point to the proxy then attempt to add them to the domain. James Collins
Systems Support Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.

 

[LATech]

oh, ok...I see now....thank you, and I will try it, and I will let you know sometime tomorrow.


Thanks again!


Chris Nelson
Technology Coordinator
Little Axe Public Schools

 

[jjgraf]

The best thing for this guy at this point would be to reinstall the W2K Pro and during the setup add the computer to the domain.

Step one delete all the computers out of the Active Directory. this will clear setup issues on the Domain Controller when communicating to the W2K Pro.

Step 2 Insure DHCP has been authorized to asign IP address to that Domain Little_Axe, and you enable update for DNS clients that do not support dynamic update

Step 3 Insure DNS is configured correctly and has all the correct entrys. If not the boot time for the Workstation is to be about 10 to 15 minutes as everything has to Time out trying find the Server and port/services are located on

Step 4 Insure the PDC has the NTP service running and configured to sysnic time from outside. If this is not running you will get errors and the clients will not be able to log on, Kerbose security uses the Local time to configure the password and encryption

Step 5 Review Domain Security Policy and turn everthing to Not Defined. The reason i say this since is you seem not to have a great deal of knowledge about NT or W2K. Just leave the default settings

Step 6 do the Same for Domain Controller Security Policy

Step 7 get the W2K Pro cd stick it in and reinstall the OS. Durig the Setup it will give you an option to join a domain or workgroup.
Join the Domain Little_Axe, a box will appear asking for a username and password. This needs to be a Domain Administrator or Administrator account located on the Domain Controller.

During the setup leave the Administrator Password blank during setup. you can change it lattter. This is strictly located to the on the client machine. This will not effect the Domain Controller Administrator account in any way.

When the system boots up you be given a log in screen with an options button click it. then on the drop down box select the domain little_AXE then log in.

Step 8 Go to the Domain Controller Add the all the users you need to add. Set the password to 1 then enable change password at next log in.

Step 9 have a user log in see what happens.

Special note what every you define in the Domain Security Policy the Workstations will download and apply to the system. Nothing you do for the most part on the Workstation can effect the Domain Controller

The domain Controller is 3rd in line to GOD.

Hope this helps

I'm not proof reading this at all.

 

[jjgraf]

If i sound nasty i'm sorry.

After you get up and running get a security consultant in there to review what you have done.

Under this setup the system has some hudge security holes.

Also take some classes on W2K. And start reading some O'Reilly books on Active Directory.

What i have proscribe probably is the best solution for you if you can't get things to work tommorrow.

by the Way W2K setup cd is bootable. don't install over the top, delete the Partition and insure it's NTFS. not to be mean if i just lost you there get some help. I'm afraid these people are bright but helping people over the web is only so good.



NTFS partition can keep people from deleting files on the computers and offers better security. I would strongly suggest this because your at a public school and kids will be kids.

Also remove the diskette and Cd drives, less of a chance to get a virus and people installing other crab. I don't trust Anti Virus Software it is only as good as the last update.

 

[LATech]

Hello, and thanks for your posting(s).
I may have seemed quite ignorant about this setup....for I was (am). Win 2K Server is new to me. I am knowledgable with Win 2K PRO, but Server is new to me. I have been working with NT 4.0 and Novell the past couple years setting up schools all over the state of Oklahoma. This migrating a Win 2K Server into a Win NT 4.0 Server environment is what has baffled me....I guess it is a matter of "ownership". As far as the Win 2K PRO workstations, I have tried to point them to the LITTLE_AXE domain on initial setup, but it said the network path could not be found. Yes, my weakness is in AD, for that is new to me (and everyone else I believ). I do understand the NTFS file system, and yes, I understand about the virus/kids getting into it (since it is a school). None of the children will have any access nor be running any programs from the WIN 2K Server, that is what the NT 4 Server is for. The Win 2K Server is JUST for the Student Accounting software that we run (at 4 sites).
I guess my main problem is just HOW to migrate this Win 2K Server into the NT 4.0 domain, and make the Win 2K Server JUST the domain for the people that use the Student Accounting Software.
I did not initially have the actual computers added to AD, this was only done very recently, which did not make a change before or after it was done (besides able to audit/control the Win 2K Stations----which I can do).
I understand about Group Policy settings, so that is not a problem at all. I am however, unfamiliar with Kerbose and how it works.
As far as reinstalling the server or anything, that is totally impossible, since school has started and they very much rely on the Student Accounting Software. I was just looking for a fix on this environment issue without re-vamping the whole network between NT 4.0 and Win 2K (and adding Win 2K PRO stations to the network).
I do have a question, you did not mention anything about LITTLE_AXE having a "_" in it...is that true or untrue?!? If so, that very well could be the problem.
And as far as DHCP, it is running on the NT 4.0 Server (since it is the dedicated Internet server for the district), so is there a need to enable it on the Win 2K Server?


Thanks alot for all your help and patience


Chris Nelson
Technology Coordinator
Little Axe Public Schools

 

[cmptrnerd]

Try installing and setting up wins server. If NT4.0 server
has wins installed. Make sure that in TCP/IP setup on WIn2kpro has the wins server ip address.

Also make sure you have no drives mapped to the Win2k server
that you are joining the domain, since this will give you a error. Open my computer and disconnect drive if this is the case.

You might want to also connect these PC's to win2k server with Hub that eliminates the rest of network. Example connect hub and just win2kpro pc and server, or 1 reverse cable.

Hope this helps

Mark
mark@acsconsult.com

 

[jjgraf]

You do not need wins and it's a pain to get running and keep up. allso adds overhead on the network.

I did not say reinstall the W2k sever. just the W2K pro

Some questions.

which machine is the PDC the NT4 or W2K

which machine is the DHCP server.

Are you running DNS


on the Kerbose Security.

KerBose is the default encrytion method for communication between W2K server and Pro.

Upgrading a NT 4.0 PDC to W2K Active Directory is a complete nightmare. I have tryied twice and both times the conversion missed setups.

By the way W2k Pro is almost idenitcal to W2K server. Just that you can not run alot of services on Pro.

What might be best for you is destory the Active Directory running the dcpromo. then treat the W2K server as a member server in an NT domain.

then join the W2K pro's to the NT domain.

Answer my questions first?????

justin@emproshunts.com

 

[LATech]

I could have swore that I setup the Win 2K server as a BDC....I know I am running in "mixed" mode.
The DHCP server is the Win NT 4.0.
Yes, I am running DNS on both NT and Win 2K.....I tried setting up the NT 4.0 server as the Win 2K server's DNS Server, but it doesn't want to take it for some reason (or am doing it incorrectly).
__________________________________________________________


I would have no problem destroying the AD and making the Win 2K Server a member server of the NT 4.0 domain, but that would be some horrendous downtime (have about 150 workstations to go BACK and RE-setup :-( ) If that is the only option, that will have to be taken care of on a weekend or a holiday when kids are out.
I do plan however to upgrade the NT 4.0 Server to Win 2K (by the way, how big of a nightmare is that?) in the next 2 months.

Thanks again!

Chris Nelson
Technology Coordinator
Little Axe Public Schools

 

[butchrecon]

Upgrading can be a pain. You cannot install a Win2K AD server as a PDC. It will take control no matter what you do> MS suggest that You FIRST upgrade your PDC before adding any AD servers to you system. As some one else suggested blow it away and make it a member server. Then make Upgrade your PDC to win2K with AD and then add any other Win2K AD servers. In Win2K there really is no concept of PDC and BDC. They are all DC's. James Collins
Systems Support Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.