Windows NT4 WS joining an Windows2000 Domain
You have an NT workstation, which is to be
connected to an Windows 2000 Domain server.
While it is technically possible to access data on an Windows2000
Domain server using workgroup
access, on most systems the security policies will require you to
"Join the Domain" to gain
to the data (the procedure on the joining system is identical to Joining an NT4 Domain ).
(if you are connecting via a Router to
the domain-server, you will first to handle the TCP/IP
routing and naming issues, see : Connection via a Router to
a NT Domain Server )
When loading up (installing) the NT4 workstation software on a PC
and configuring the
network, you will have already the
option to join the Domain:
My experience (also confirmed by the
suggestion in the Microsoft NT4 Server / Workstation training
kit, with the 120 day trail-versions of NT4 WS and NT4 Server):
DO NOT JOIN THE DOMAIN DURING
THE INITIAL NETWORK INSTALLATION !
Please, select at this time "Workgroup"
and I suggest to enter as workgroup-name the name of the Domain,
which you like to join later.
(If you attempt to join at this stage
the domain, you will NOT become a fully qualified Domain member,
some security items will not be install properly and you can get
very strange and un-explainable problems later)
NT4 workstation is installed properly, you get
the NT4 Logon-prompt:
||Ok, it is a fake
I was not able to make a screen-dump
from the real logon screen.
||You are operating as a
"Workgroup", not yet as
a member of the Domain.
||Make sure, that
you can see the
NT4 Domain server in your
(and the NT4 Domain server has
to be able to see your NT4 workstation)
||If you made the logon to the NT4 workstation
with a username and password, which is
identical to a username (and password) already
defined in the Windows2000 Active
User Management, then you can browse already
the shared resources on the Windows 2000 server.
This is ONLY possible, when on BOTH the
local NT4 Workstation and on the server the
EXACT same username and password are
defined: you are then working in Workgroup Networking
This is also an important diagnostic check,
since you are now at least sure,
that the network card is working, that the cabling is working and
have installed to proper protocol ( if you are not able to see
the Server in the
Network Neighborhood and you are using TCP/IP protocol, start
using the PING network test )
||make sure, that you have made the Logon
to this NT4 workstation as a user with
administrator rights on this system:
You require to have Administrator rights
the following change of the network configuration !
In the Control-Panel Network-Applet,
select now to "Change..."
||Select now to be a "Member
and enter the name of the Windows2000 Domain
(NOT the name of the Windows 2000
Domain Server ! )
DO NOT YET CLICK
ON "OK" !
Please, read/continue first the next
While a Windows95/98 system can simply join the Windows2000
Domain, the advanced Security
system on Windows 20000 requires, that on the Domain-server a
"Computer Account" is created
for this NT4 workstation.
NOTE: in my experience, this "Computer
Account" should only be created, once the
workstation is configured for Workgroup-networking and the
Windows 2000 Domain server
is able to see the NT4 workstation on the network and the NT4 system the Windows2000
("= see it in the Network
There are now 2 possible
methods to create the "Computer Account":
1) on the NT4 workstation
if you are yourself the administrator of the Windows 20000 Domain
(or at least know the password of the
||Put the Check-mark on:
"Create a Computer
Account in the Domain"
and identify yourself to be entitled for this
activity by entering the User-name and
Password of the NT4-Domain Server
Administrator (or a user entitled to
2) on the Windows 2000 Domain-Server
usually, a regular user will NOT know the password of the Domain
Administrator, and if the administrator is not present, then it
is now the time to give the Domain Administrator a call, who
will use in the "Administrative Tools"
the "Active Directory Users and Computers" to:
||- select in the left
- use the menu "Actions" or
make a right-click to select
- "New" / "Computer"
||- enter the Computer
it will create a valid name for
(a valid NetBIOS name)
- since an NT4 workstation
is a "pre-Windows2000"
computer, you need to
place the checkmark.
The computer account is
created or defined , now you are ready to click the
"OK" button on the window "Identification Changes":
||If the computer
account was properly created,
you will now be member of the Domain.
you will have to reboot.
After the reboot and pressing "Ctrl-Alt-Del", a new
version of the Logon Windows is displayed (and it is a fake, since I could not make a
screendump of the real one):
You can now decide, on which User-Database to use for your Logon:
||the users defined ONLY on your local
NT4 Workstation ("NT4WSP120")
(which you may need to do to get
the right of being a local Administrator
to be able to modify the configuration)
||the User Database defined on the
Domain Server ("JHHOME")
(but since in most cases you will NOT be the Domain
Server Administrator, you will
not be able to make a change to the configuration of the
Now, you need to have a Username (and
password), which is defined in
the User-Manager of the Domain, to be able to logon:
You are now a member of the Domain, with it access-right (able to
access data stored on the
Windows 20000 server), but also with its policies
(="limitations") imposed for security reasons
by the Domain Administrator.
||After an NT4 system has
Windows 2000 domain, it will be
listed in :
Active Directory Users and Computers
in the section Computers