Requirements when Joining a Domain
What are the network setting required for a computer to join a domain?
In order to be able to join a Windows 2000 or Windows Server 2003 domain you must properly configure your XP/W2K computer.
Note: XP Home Edition is not designed to join domains; only workgroups. To join domains, use XP Professional version or above.
A network Interface Card (NIC) – Duh, but unless you have one (or a wireless connection) how do you expect to connect to the server?
Physically be connected to the LAN – Windows XP (and 2000) has an LAN auto sensing feature. Whenever you disconnect from the network, a balloon appears in the task bar area notifying you of the disconnection status. Without a physically connected network the NIC looses it’s IP settings, thus preventing you from connecting to the network (which was disconnected in the first place) or viewing your IP configuration.
A valid IP address – Valid for the network you’re connected to. You can either configure one manually, receive one from a local DHCP Server, or leave it as is and receive an APIPA address. If it’s an APIPA address you’re asking for potential problems, as APIPA and AD do not go together hand-in-hand.
All-time connectivity to the Domain Controller – Or at least one of them. The IP address you’ve configured (or leased) should be good enough to enable you to connect to one of the Domain Controllers on your Domain. Test your connectivity with PING.
A properly configured DNS server – Without a properly configured DNS server your workstation will not be able to connect to the domain. Even if it did (for example you had a working DNS server but you somehow messed it up or shut it down) it will take a lot of time to actually log-on, and many AD related administration tasks will not work.
The DNS server must hold a zone with the exact name of the AD domain you’re trying to join. It also must hold 4 SRV folders (you can tell by the "_" in their name). If it doesn’t, you either misspelled the domain name or DNS zone, or the zone is not configured to accept dynamic registrations, or it’s not a Windows 2000 DNS server, or the Domain Controller does not have a working connection with the DNS server (firewall problems, improper IP configuration, IPSec etc.)
All-time connectivity to the DNS server – Test your connection to the DNS server by PINGing it and performing an NSLOOKUP query.
Local Administrative power – A simple user won’t do. You must be the local Administrator.
Correct domain name, Administrator’s name and password – Misspelled your domain name? You won’t get to the Username and Password prompt!
Got your domain name right? You’ll be asked for a valid username and password. To be safe, enter one that has Domain Admins rights, although you could get away with less, depending on your AD configuration.
No Internet Connection Sharing please – ICS will mess up your network. Do not use it. Use RRAS and NAT instead. It will work if it has to, but ICS and AD do not go together hand-in-hand. You are warned.
That’s about it.