If you are using ADMT, then you won't really be doing a netdom. So, you won't
have the dc switch available for use. If you are using ADMT, you need to get
the V3 version. This lets you target a specific DC for the migration process.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Kamlesh Parmar
Sent: Sun 9/11/2005 9:13 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Restricting machine to specific DC for domain join
Thanks Dean,
No you haven't misunderstood the scenario, its just that I didn't mention the
whole information,
We are using ADMTv2 to migrate computers (fairly large number),
and on a big scale we received a error: Domain affiliation didn't change,
and investigating DNS, netsetup.log etc, we found that, ports are blocked.
And you have to admit, as KB says, this DC options is a hidden gem. And glad
to discover with your help.
I will whip up a small script, using netdom.exe for that DC.
And join those machines using this script.
Regards,
Kamlesh
On 9/11/05, Dean Wells <[EMAIL PROTECTED]> wrote:
This seems a little obvious so I may have misunderstood your
scenario, nonetheless -
http://support.microsoft.com/kb/266651/EN-US/
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
http://msetechnology.com <http://msetechnology.com/>
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Saturday, September 10, 2005 12:25 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Restricting machine to specific DC for domain
join
Dear All,
At one of the locations, firewall restricts port 139, 445 towards
other locations.
And we are mass migrating computers from this location to our domain.
And We know that, normal 2k/XP machine when asked to join domain,
will run LDAP query _ldap._tcp.dc._msdcs.domainname
will go to first DC of returned from the result, and try to create
account there.
And if the first DC of the result, is remote DC, this attempts is
thwarted by firewall, as client can't make initial connection to remote DC's
IPC$
Can we do something about this,
Like making sure that for DC Join process, clients go to specific DC
only.?
Regards,
Kamlesh
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
