Netdom Problem

Discussion:

Netdom Problem

(too old to reply)

Frank

2004-12-07 21:59:30 UTC

When I try to join a PC from the command line with netdom, I get the error:

"This machine is already joined to a domain.
The command failed to complete successfully."

If I remove it from the old domain first, I get:

"The account already exists.
The command failed to complete successfully."

The command syntax I'm using is:

netdom join PCNAME /domain:MYDNEWDOMAIN /OU:MYOFFICE
/userd:MYDNEWDOMAIN\user.me /Passwordd:*

The PC is joined to an NT 4.0 Domain. I have permission to add computers to
the W2KAD domain after the name has been added by someone else. I'm logged
on as a local administator.

I'd appreciate some help on this one.

TIA

Frank

Rebecca Chen [MSFT]

2004-12-08 10:56:36 UTC

Permalink

Hi Frank,

You need to remove the computer from the old domain first and then join it
to win 2k3 domain.

Please use the netdom reset command to disjoin from NT domain:

Resetting computer accounts in Windows 2000 and Windows XP
http://support.microsoft.com/kb/216393/EN-US/

Then , refer to the following KB to rejoin to win2k3 domain:
Description of Netdom.exe Syntax and Versions
http://support.microsoft.com/default.aspx?scid=kb;en-us;329721

HTH!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Frank

2004-12-10 17:01:58 UTC

Permalink

Thanks for your response. I checked out the links but didn't find anything
to help me out. Here is some more info.

Just a couple of things. I'm trying to join it to a Windows 2000 Domain vs.
a 2K3 domain. The computer name is already listed in the OU. When I run
the same command with a ' /verbose' I get the following output:
Type the password associated with the domain user:
Parameter /Domain is required for this operation
The machine PCNAME is not currently joined to a domain.
Proceeding with joining it to domain MYDNEWDOMAIN.
Joining domain MYDNEWDOMAIN
The computer rename attempt failed with error 2224.
The account already exists.

The command failed to complete successfully."
I am curious about the "The computer rename attempt failed with error 2224"
line? I don't believe I'm trying to rename it.

The output from the NetSetup.LOG is:
12/09 15:33:52 NetpDoDomainJoin
12/09 15:33:52 NetpMachineValidToJoin: 'PCNAME'
12/09 15:33:52 NetpGetLsaPrimaryDomain: status: 0x0
12/09 15:33:52 NetpMachineValidToJoin: status: 0x0
12/09 15:33:52 NetpJoinDomain
12/09 15:33:52 Machine: PCNAME
12/09 15:33:52 Domain: MYDNEWDOMAIN
12/09 15:33:52 MachineAccountOU: MYOFFICE
12/09 15:33:52 Account: MYDNEWDOMAIN\user.me
12/09 15:33:52 Options: 0x3
12/09 15:33:52 OS Version: 5.1
12/09 15:33:52 Build number: 2600
12/09 15:33:52 ServicePack: Service Pack 1
12/09 15:33:52 NetpValidateName: checking to see if 'MYDNEWDOMAIN' is valid
as type 3 name
12/09 15:33:52 NetpCheckDomainNameIsValid [ Exists ] for 'MYDNEWDOMAIN'
returned 0x0
12/09 15:33:52 NetpValidateName: name 'MYDNEWDOMAIN' is valid for type 3
12/09 15:33:52 NetpDsGetDcName: trying to find DC in domain 'MYDNEWDOMAIN',
flags: 0x1020
12/09 15:33:53 NetpDsGetDcName: found DC '\\MY-DC1' in the specified domain
12/09 15:33:53 NetpJoinDomain: status of connecting to dc '\\MY-DC1': 0x0
12/09 15:33:53 NetpGetLsaPrimaryDomain: status: 0x0
12/09 15:33:53 NetpGetDnsHostName: Read NV Hostname: PCNAME
12/09 15:33:53 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain
name: MYDNEWDOMAIN.state.ar.us
12/09 15:33:53 NetpLsaOpenSecret: status: 0xc0000034
12/09 15:33:53 NetpGetComputerObjectDn: Cracking account name
MYDNEWDOMAIN\PCNAME$ on \\MY-DC1
12/09 15:33:53 NetpGetComputerObjectDn: Crack results: (Account already
exists) DN =
CN=PCNAME,OU=Computers,OU=MYOFFICE,DC=MYDNEWDOMAIN,DC=state,DC=ar,DC=us
12/09 15:33:53 NetpGetComputerObjectDn: Passed OU doesn't match in size
cracked DN: 32 120
12/09 15:33:53 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed:
0x50
12/09 15:33:53 ldap_unbind status: 0x0
12/09 15:33:53 NetpJoinDomain: status of creating account in OU: 0x8b0
12/09 15:33:53 NetpJoinDomain: initiaing a rollback due to earlier errors
12/09 15:33:53 NetpLsaOpenSecret: status: 0x0
12/09 15:33:53 NetpJoinDomain: rollback: status of deleting secret: 0x0
12/09 15:33:53 NetpJoinDomain: status of disconnecting from '\\MY-DC1': 0x0
12/09 15:33:53 NetpDoDomainJoin: status: 0x8b0
Thanks again.

Post by Rebecca Chen [MSFT]
Hi Frank,
You need to remove the computer from the old domain first and then join it
to win 2k3 domain.
Resetting computer accounts in Windows 2000 and Windows XP
http://support.microsoft.com/kb/216393/EN-US/
Description of Netdom.exe Syntax and Versions
http://support.microsoft.com/default.aspx?scid=kb;en-us;329721
HTH!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Rebecca Chen [MSFT]

2004-12-13 13:56:43 UTC

Permalink

Hi Frank,

I have not found any clue about the error of "The computer rename attempt
failed with error 2224" , please put ">c:\test.txt" after "/verbose" to
output the result to c:\test.txt, send the test.txt to me at
v-***@microsoft.com for research.

In addition, you may be interested in the following link:
Change Computer Name + Join Domain Through Batch File
http://66.102.7.104/search?q=cache:3pQFlODdBasJ:www.experts-exchange.com/Ope
rating_Systems/Win2000/Q_21084833.html+batch+join+domain&hl=en

This response contains a reference to a third party World Wide Web site.
Microsoft can make no representation concerning the content of these sites.
Microsoft is providing this information only as a convenience to you: this
is to inform you that Microsoft has not tested any software or information
found on these sites and therefore cannot make any representations
regarding the quality, safety, or suitability of any software or
information found there. There are inherent dangers in the use of any
software found on the Internet, and Microsoft cautions you to make sure
that you completely understand the risk before retrieving any software on
the Internet.

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Rebecca Chen [MSFT]

2004-12-14 12:37:22 UTC

Permalink

Hi Frank,

How many DCs in your network? If there are several DCs, I suspect the user
accounts information have not been entirely replicated to the each DC.

I suggest you confirm 2 factors:
1. What is the result if you join the machine via GUI instead of netdom? If
you encounter the same error, please check the netsetup.log file to
identify which DC the machine account was created on.

2. What is the result if you use netdom to join other machines to the
domain?

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Rebecca Chen [MSFT]

2004-12-17 13:14:41 UTC

Permalink

Hi Frank,

Check your local DC to see if there the computer and user account you want
to migrate have existed, if so, delete them. Refer to the following article
to force a replication between different DCs.

Use the RepAdmin to force a replication and observe the result:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techre
f/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techre
f/en-us/repadmin_examples.asp

more details:

Repadmin.exe: Replication Diagnostics Tool
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techre
f/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techre
f/en-us/repadmin.asp

Try to use netdom again, if the issue persists, please help me gather the
following information:
1. Empty the event logs on both your DC and XP client.
2. Use netdom to reproduce this issue.
3. Take a screen shot of the error.
4. Refer to the following KB to gather MSPreport on both XP client and your
DC:
<http://support.microsoft.com/default.aspx?scid=kb;en-us;818742>

Zip the screen shot and MPSreport, send it to v-***@microsoft.com for
research.

Any update, let us get in touch!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Rebecca Chen [MSFT]

2004-12-21 08:58:47 UTC

Permalink

Hi Frank,

Thanks for getting back to me.

In order to isolate this issue, please help me gather the following
information:
1. Empty the event logs on both XP client and sever side.
2. Give the detailed steps one by one to reproduce this issue.
3. Reproduce this issue
4. Take a screen shot of the error message 2224.
5. Refer to the following KB to run MPSreport on both XP client and the
server side:
Download the MPS report tool from the following link and send the result
(CAB) file to me. This log file can help me clarify the computer
configuration.

<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
915706/MPSRPT_SETUPPerf.EXE>

1) Double click this file to run it.
2) After that, please go to C:\windows\MPSReports\Setup\Reports\Cab .
3) Find a file named [COMPUTERNAME]_MPSReports.CAB
4) Send this cab file to me at v-***@microsoft.com

The information will help us to analyze the computer/DC configuration to
find out some clues. You may need the administrator's help to run the
MPSreport.

NOTE: We may also need network trace log if the MPSreport cannot provide
valuable clues. About netmon, please refer to the following article:
148942 How to Capture Network Traffic with Network Monitor
http://support.microsoft.com/?id=148942

I look forward to your reply.

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.