In this article, we'll accept a look at why it's not possible to join a new calculator to the Active Directory domain with an error Agile Directory Domain Controller could non be contacted.

Agile Directory Domain Controller Could Not Exist Contacted Error: What Does It Looks Like and How to Gear up It?

A user or an administrator tries to join a new Windows workstation or server to the domain. To exercise this, open the System Properties on the workstation, press Modify settings > Modify. Enter a new computer proper name, and select that this calculator should be a member of a specified domain. Enter your AD domain FQDN name. After clicking on the OK button, y'all may receive an error:

An Agile Directory Domain Controller (Advertizing DC) for the domain "theitbros.com" could not exist contacted.
Ensure that the domain name is typed correctly.

If the proper name is right, click Details for troubleshooting information.

an active directory domain controller cannot be contacted

Click the Details push for more than data most the error. In most cases, there you will see an error "DNS name does not exist" (error codes 0x0000232B RCODE_NAME_ERROR, 0x0000267C DNS_ERROR_NO_DNS_SERVER, and 0x00002746 WSAECONNRESET).

The domain name "DOMAIN_NAME" might be a NetBIOS domain name. If this is the case, verify that the domain proper noun is properly registered with WINS.

If you lot are certain that the name is not a NetBIOS domain name, and then the following data tin can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Agile Directory Domain Controller (Ad DC) for domain "DOMAIN_NAME":

The error was: "DNS name does not be."

(fault code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.DOMAIN_NAME

Common causes of this error include the post-obit:

– The DNS SRV records required to locate a Advertizement DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at ready intervals. This computer is configured to apply DNS servers with the post-obit IP addresses:

xx.xx.xx.xx

twenty.xx.xx.twenty

– One or more than of the following zones exercise not include delegation to its child
zone:

Domain_name
local
.. (the root zone)

an active directory domain controller for the domain could not be contacted

Check If the IP Settings on Your Computer are Correct

Nearly often, this problem is related to wrong IP or DNS settings on your calculator, DNS misconfiguration on the domain controller side, or firewall ports blocking.

First of all, check if your estimator has the right IP accost on the master network interface. The IP address tin be obtained from a DHCP server, or manually specified in the network adapter settings. The current network settings of the reckoner tin exist obtained using the command:

ipconfig /all

an active directory domain controller (ad dc) for the domain could not be contacted

Make certain the DNS Client service is running using Go-Service cmdlet:

Get-Service dnscache

an active directory controller cannot be contacted

Open the hosts file (C:\Windows\System32\Drivers\etc\hosts) on the figurer using notepad.exe or another text editor, and make sure at that place are no entries for your domain or domain controller names. If such entries exist, delete them.

You can display the contents of the hosts file with the control:

get-content C:\Windows\System32\Drivers\etc\hosts

active directory domain controller could not be contacted

And then clear the DNS cache, and restart the service from the elevated command prompt:

ipconfig /flushdns  net cease dnscache && net kickoff dnscache

Next, check if the domain controller is accessible from the client. Open up a command prompt, and run the following commands:

ping your_domain_name.com

And:

tracert your_domain_name.com

Make certain your domain controller is responding and reachable.

an active directory could not be contacted

Note. In addition, information technology's recommended to check the availability of the domain controller from other workstations on the same IP network.

If the DC is reachable, try to add the received IP address every bit a DNS server in the Advanced TCP/IP settings of your network connection.

  1. Open Command Panel > Network and Internet > Network and Sharing Center > Modify adapter settings;
  2. Select network adapter that is connected to your corporate network, right-click on it, and select Properties;
    the specified domain controller cannot be contacted
  3. Select Net Protocol Version 4 (TCP/IPv4), and click Properties;
  4. Press the Advanced button, and go to the DNS tab;
  5. On the DNS tab printing Add, and enter the IP address of your DNS server (domain controller). Don't use Public DNS IPs in preferred and alternative fields, similar viii.viii.eight.eight (google) or i.1.1.1 (cloudflare);
    domain could not be contacted
  6. Click OK (if several IP addresses are listed in the DNS server listing, move the IP address of your DC to the top of the listing);
    ad dc could not be contacted
  7. Save the changes and restart the workstation;
  8. Try to join your workstation to the AD domain.

Verify if the access to the DNS service on the domain controller is not blocked by firewalls. The easiest mode to check the availability of port 53 on a DC is to use PowerShell:

test-netconnection 192.168.ane.eleven -port 53

In our example, TcpTestSucceeded: True ways that the DNS service on the DC is accessible.

an active directory domain controller (ad dc) could not be contacted

Too, bank check if your computer can resolve the domain proper name to the right IP accost of the domain controller. Use the Resolve-DNSName cmdlet with the FQDN of your domain to which you are trying to bring together your workstation:

Resolve-DNSName theitbros.com

an active directory domain controller could not be contacted

The command should return one or more records of DNS servers.

Also, make sure the computer can contact the DNS server that hosts the DNS zone or can resolve DNS names in that domain. Make sure the right DNS server is configured on this customer equally preferred and the client is connected to this server. Confirm you lot can notice a domain and access the domain controller from the computer using the control:

nltest /dsgetdc:theitbros.com

the system cannot contact a domain controller to service the authentication request

If your computer successfully discovered the domain and domain controller, the command should return information nearly the domain, Advertizement site, and services running on the DC:

DC: \\DC01.theitbros.com  Address: \\192.168.1.15  Dom Guid: 4216f343-2949-21c3-8caa-6d7cbcdb1690  Dom Proper name: theitbros.com  Forest Proper noun: theitbros.com  Dc Site Name: NY  Our Site Name: NY  Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS  The command completed successfully.

Hint. Another helpful guide that can aid you troubleshooting DC connectivity over RPC is "The RPC Server is Unavailable"

Sometimes, in the Netsetup.log file you can find useful information near errors in joining a computer to an Active Directory domain. It is Windows clients log the details of domain join operation. This log can be establish here %windir%\debug\Netsetup.log. Carefully examine the errors in the Netsetup.log file, they may help you in finding the trouble of not existence able to connect to the Active Directory domain.

The most typical errors are:

  • An try to resolve the DNS name of a DC in the domain existence joined has failed. Please verify this client is configured to achieve a DNS server that can resolve DNS names in the target domain;
  • An operation was attempted on a nonexistent network connection — restart the reckoner, brand sure that you lot blazon the DNS name and not the NetBIOS name;
  • Multiple connections to a server or shared resource by the aforementioned user, using more than one user name, are non allowed. Disconnect all previous connections to the server or shared resources and try again — reboot your device;
  • Network proper name cannot be constitute — make sure your calculator can access the DNS server hosting the domain's DNS zone;
  • No more connections can be fabricated to this remote computer at this fourth dimension because in that location are already every bit many connections as the reckoner can accept — remove all mapped drives and reboot the reckoner.

Also, endeavour to temporarily disable the born Windows Firewall, and all third-party applications with antivirus/firewalls modules (Symantec, MacAfee, Windows Defender, etc.), that tin can block network ports to access the domain controller. After disabling the firewalls, try to join the estimator to the domain.

Here is the minimum list of network protocols, ports, and services that must not be blocked in firewalls between a client and a domain controller in society to successfully join a device to the Agile Directory domain:

  • UDP 53 — DNS traffic;
  • TCP and UDP 88 — Kerberos authentication;
  • UDP 123 — Windows Fourth dimension Sync with DC;
  • TCP 135 — Remote Procedure Call RPC Locator;
  • TCP and UDP 139 — NetBIOS Session Service;
  • TCP and UDP 389 (LDAP, DC Locator, Internet Logon) or TCP 636 (LDAP over SSL);
  • TCP 445 (SMB/CIFS, Net Logon);
  • TCP 49152-65535 — RPC ports, randomly allocated high TCP ports.

Check the Replication and DNS SRV Records on the Domain Controller

If the above method didn't help, check if in the DNS zone of your domain controller in that location is an SRV record of the location of the DC.

Open up an elevated Command prompt, and run the following commands:

nslookup  set type=all  _ldap._tcp.dc.msdcs.your_domain_name.com

Verify if the specified DNS server has an SRV tape in the following course:

_ldap._tcp.dc._msdcs.your_domain_name.com SRV service location:

domain controller could not be contacted

If the specified SRV tape is missing, it means your computer is configured to use a DNS server that does not accept a correct SRV record with the location of the domain controller.

If you can't change the DNS settings on your computer, yous can manually add together 2 records (SRV and A) to your existing DNS server which assistance yous to resolve the domain controller's IP address:

  • _ldap._tcp.dc.msdcs.your_domain_name.com — is an SRV resource record that points to the domain controller that hosts the ADDS role;
  • Resources A record that identifies the IP address for the DC listed in the _ldap._tcp.dc.msdcs.your_domain_name.com SRV resource record.

Verify if the domain controller is configured to use the aforementioned DNS server, or bank check if the replication on the DNS server that the customer uses is successful (use the repadmin tool to bank check replication status). Likewise, make sure the DNS server allows dynamic updates.

Restart the Netlogon service on the domain controller with the control:

net stop netlogon && net start netlogon

(or only try to reboot the DC)

On startup, it volition attempt to register the necessary SRV records on the DNS server.

Likewise, you lot can re-register domain controller DNS records using the command:

ipconfig /registerdns

Wait for a while for the records to announced in DNS and replicate across the domain.

It is also recommended to verify if the SYSVOL and NETLOGON network shared folders are created and accessible on the domain controller (run the net share command on the closest DC).

however no domain controllers could be contacted.

If the SYSVOL and NETLOGON directories are missing in the shares list:

  1. Check the IP and DNS settings on your DC (the domain controller shouldn't receive an IP accost from a DHCP server, use only a static IP address);
  2. Verify if the C:\Windows\SYSVOL domain directory contains Policies and Scripts folders;
    no domain controllers could be contacted
  3. If yous did not migrate Sysvol replication from FRS to DFS, to replicate Sysvol from PDC to all DCs in the domain, you need to stop the File Replication Service (net stop NtFrs). Then run the Regedit and go to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/RestoreProcess at Startup, here change the value of BurFlags DWORD parameter to D4 (hex) on PDC, and to D2 (hex) on all additional domain controllers. After that, start the service:
    net start NtFrs

    And cheque if the directory DCName SYSVOL appears and is attainable on the problem DC.

Accessing Legacy Domain Controllers Using the SMB v1 Protocol

If you utilise domain controllers running Windows Server 2008/2003/2000, and you lot are trying to join Windows 10 1803 (or newer) or Windows Server 2022 to the domain, y'all must enable SMBv1 protocol support on the client-side (this protocol is disabled past default in the newer Windows Os). The customer SMB1Protocol-Customer allows your figurer to admission legacy servers.

To enable SMBv1 support in Windows x, go to Control Panel > Programs > Plough Windows features on or off. Expand the node SMB 1.0/CIFS File Sharing Back up, enable the SMB ane.0/CIFS Client choice, and save the changes.

however no domain controllers could be contacted

You can check SMB i.0/CIFS Client protocol condition on your Windows 10 computer using the PowerShell command:

Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol-Client"

domain controller cannot be contacted

If the SMB1Client protocol status is Disabled, you lot tin can enable it using:

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client

You can check if SMBv1 Client is enabled on Windows Server 2022 or 2022, with the following PowerShell command:

Get-WindowsFeature | Where-Object {$_.name -eq "FS-SMB1"} | ft Proper noun,Installstate

the following domain controller cannot be contacted

In club to install SMBv1 client on Windows Server 2022/2019, run:

Install-WindowsFeature FS-SMB1

On Windows 7/Vista clients you can detect the SMBv1 protocol state using the command:

sc.exe qc lanmanworkstation

If you need to enable SMB v1 Customer on Windows 7/Windows Server 2008 R2, run:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi  sc.exe config mrxsmb10 start= machine
  • Writer
  • Recent Posts

Cyril Kardashevsky

I enjoy technology and developing websites. Since 2022 I'g running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.

Cyril Kardashevsky