Windows NT4 WS joining an Windows2000 Domain

You have an NT workstation, which is to be connected to an Windows 2000 Domain server.
While it is technically possible to access data on an Windows2000 Domain server using workgroup
access, on most systems the security policies will require you to "Join the Domain" to gain access
to the data (the procedure on the joining system is identical to Joining an NT4 Domain ).
(if you are connecting via a Router to the domain-server, you will first to handle the TCP/IP
routing and naming issues, see : Connection via a Router to a NT Domain Server )

Important note:
When loading up (installing) the NT4 workstation software on a PC and configuring the network, you will have already the option to join the Domain:

My experience (also confirmed by the suggestion in the Microsoft NT4 Server / Workstation training kit, with the 120 day trail-versions of NT4 WS and NT4 Server):
DO NOT JOIN THE DOMAIN DURING THE INITIAL NETWORK INSTALLATION !
Please, select at this time "Workgroup" and I suggest to enter as workgroup-name the name of the Domain, which you like to join later.
(If you attempt to join at this stage the domain, you will NOT become a fully qualified Domain member, some security items will not be install properly and you can get very strange and un-explainable problems later)

	Ok, it is a fake (=redesigned), since I was not able to make a screen-dump from the real logon screen.
	You are operating as a "Workgroup", not yet as a member of the Domain.

Make sure, that you can see the
NT4 Domain server in your
"Network Neighborhood"
(and the NT4 Domain server has
to be able to see your NT4 workstation)

If you made the logon to the NT4 workstation
with a username and password, which is
identical to a username (and password) already
defined in the Windows2000 Active Directory
User Management, then you can browse already
the shared resources on the Windows 2000 server.

This is ONLY possible, when on BOTH the
local NT4 Workstation and on the server the
EXACT same username and password are
defined: you are then working in Workgroup Networking mode.

This is also an important diagnostic check, since you are now at least sure,
that the network card is working, that the cabling is working and that you
have installed to proper protocol ( if you are not able to see the Server in the
Network Neighborhood and you are using TCP/IP protocol, start Trouble-Shooting
using the PING network test )

	make sure, that you have made the Logon to this NT4 workstation as a user with administrator rights on this system: You require to have Administrator rights for the following change of the network configuration ! In the Control-Panel Network-Applet, select now to "Change..."
	Select now to be a "Member of Domain", and enter the name of the Windows2000 Domain (NOT the name of the Windows 2000 Domain Server ! ) DO NOT YET CLICK ON "OK" ! Please, read/continue first the next section..

While a Windows95/98 system can simply join the Windows2000 Domain, the advanced Security
system on Windows 20000 requires, that on the Domain-server a "Computer Account" is created
for this NT4 workstation.

NOTE: in my experience, this "Computer Account" should only be created, once the NT4
workstation is configured for Workgroup-networking and the Windows 2000 Domain server
is able to see the NT4 workstation on the network and the NT4 system the Windows2000 server
("= see it in the Network Neighborhood").

There are now 2 possible methods to create the "Computer Account":

1) on the NT4 workstation
if you are yourself the administrator of the Windows 20000 Domain server
(or at least know the password of the administrator):

Put the Check-mark on:
"Create a Computer Account in the Domain"
and identify yourself to be entitled for this
activity by entering the User-name and
Password of the NT4-Domain Server
Administrator (or a user entitled to create
Computer Accounts)

2) on the Windows 2000 Domain-Server
usually, a regular user will NOT know the password of the Domain Administrator, and if the administrator is not present, then it is now the time to give the Domain Administrator a call, who
will use in the "Administrative Tools" the "Active Directory Users and Computers" to:

The computer account is created or defined , now you are ready to click the "OK" button on the window "Identification Changes":

	If the computer account was properly created, you will now be member of the Domain.
	On "Close", you will have to reboot.

After the reboot and pressing "Ctrl-Alt-Del", a new version of the Logon Windows is displayed (and it is a fake, since I could not make a screendump of the real one):

You can now decide, on which User-Database to use for your Logon:

-	the users defined ONLY on your local NT4 Workstation ("NT4WSP120") (which you may need to do to get the right of being a local Administrator to be able to modify the configuration)
-	the User Database defined on the Domain Server ("JHHOME") (but since in most cases you will NOT be the Domain Server Administrator, you will not be able to make a change to the configuration of the NT4 workstation)

Now, you need to have a Username (and password), which is defined in
the User-Manager of the Domain, to be able to logon:

You are now a member of the Domain, with it access-right (able to access data stored on the
Windows 20000 server), but also with its policies (="limitations") imposed for security reasons
by the Domain Administrator.