If you are using ADMT, then you won't really be doing a netdom. So, you won't have the dc switch available for use. If you are using ADMT, you need to get the V3 version. This lets you target a specific DC for the migration process. Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Kamlesh Parmar Sent: Sun 9/11/2005 9:13 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Restricting machine to specific DC for domain join Thanks Dean, No you haven't misunderstood the scenario, its just that I didn't mention the whole information, We are using ADMTv2 to migrate computers (fairly large number), and on a big scale we received a error: Domain affiliation didn't change, and investigating DNS, netsetup.log etc, we found that, ports are blocked. And you have to admit, as KB says, this DC options is a hidden gem. And glad to discover with your help. I will whip up a small script, using netdom.exe for that DC. And join those machines using this script. Regards, Kamlesh On 9/11/05, Dean Wells <[EMAIL PROTECTED]> wrote: This seems a little obvious so I may have misunderstood your scenario, nonetheless - http://support.microsoft.com/kb/266651/EN-US/ -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> http://msetechnology.com <http://msetechnology.com/> ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Saturday, September 10, 2005 12:25 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Restricting machine to specific DC for domain join Dear All, At one of the locations, firewall restricts port 139, 445 towards other locations. And we are mass migrating computers from this location to our domain. And We know that, normal 2k/XP machine when asked to join domain, will run LDAP query _ldap._tcp.dc._msdcs.domainname will go to first DC of returned from the result, and try to create account there. And if the first DC of the result, is remote DC, this attempts is thwarted by firewall, as client can't make initial connection to remote DC's IPC$ Can we do something about this, Like making sure that for DC Join process, clients go to specific DC only.? Regards, Kamlesh -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Fortune and Love befriend the bold" ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Fortune and Love befriend the bold" ~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/