In this commodity, we'll take a wait at why it'due south not possible to bring together a new computer to the Active Directory domain with an error Active Directory Domain Controller could not be contacted.

Active Directory Domain Controller Could Non Be Contacted Fault: What Does It Looks Like and How to Fix Information technology?

A user or an administrator tries to join a new Windows workstation or server to the domain. To do this, open the System Properties on the workstation, press Change settings > Alter. Enter a new computer name, and select that this computer should exist a member of a specified domain. Enter your AD domain FQDN proper name. Subsequently clicking on the OK button, you may receive an error:

An Active Directory Domain Controller (AD DC) for the domain "theitbros.com" could not be contacted.
Ensure that the domain proper name is typed correctly.

If the name is right, click Details for troubleshooting information.

an active directory domain controller cannot be contacted

Click the Details push button for more information nigh the error. In well-nigh cases, there you lot will see an error "DNS name does not exist" (fault codes 0x0000232B RCODE_NAME_ERROR, 0x0000267C DNS_ERROR_NO_DNS_SERVER, and 0x00002746 WSAECONNRESET).

The domain name "DOMAIN_NAME" might exist a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.

If you lot are certain that the name is not a NetBIOS domain name, then the following information can help you lot troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resources record used to locate an Agile Directory Domain Controller (AD DC) for domain "DOMAIN_NAME":

The mistake was: "DNS proper noun does not exist."

(mistake code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.DOMAIN_NAME

Common causes of this error include the post-obit:

– The DNS SRV records required to locate a Advertisement DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

20.xx.xx.xx

xx.20.xx.twenty

– One or more of the following zones do non include delegation to its child
zone:

Domain_name
local
.. (the root zone)

an active directory domain controller for the domain could not be contacted

Check If the IP Settings on Your Computer are Right

Almost often, this problem is related to wrong IP or DNS settings on your computer, DNS misconfiguration on the domain controller side, or firewall ports blocking.

First of all, check if your reckoner has the correct IP address on the primary network interface. The IP address can be obtained from a DHCP server, or manually specified in the network adapter settings. The current network settings of the computer can be obtained using the control:

ipconfig /all

an active directory domain controller (ad dc) for the domain could not be contacted

Brand sure the DNS Client service is running using Get-Service cmdlet:

Get-Service dnscache

an active directory controller cannot be contacted

Open the hosts file (C:\Windows\System32\Drivers\etc\hosts) on the computer using notepad.exe or some other text editor, and make sure in that location are no entries for your domain or domain controller names. If such entries exist, delete them.

You lot tin display the contents of the hosts file with the command:

get-content C:\Windows\System32\Drivers\etc\hosts

active directory domain controller could not be contacted

And then clear the DNS enshroud, and restart the service from the elevated command prompt:

ipconfig /flushdns  net terminate dnscache && cyberspace commencement dnscache

Next, check if the domain controller is attainable from the client. Open a control prompt, and run the post-obit commands:

ping your_domain_name.com

And:

tracert your_domain_name.com

Make certain your domain controller is responding and reachable.

an active directory could not be contacted

Note. In improver, it's recommended to check the availability of the domain controller from other workstations on the same IP network.

If the DC is reachable, attempt to add together the received IP address equally a DNS server in the Advanced TCP/IP settings of your network connection.

  1. Open Command Panel > Network and Internet > Network and Sharing Center > Alter adapter settings;
  2. Select network adapter that is continued to your corporate network, right-click on it, and select Properties;
    the specified domain controller cannot be contacted
  3. Select Internet Protocol Version four (TCP/IPv4), and click Backdrop;
  4. Printing the Advanced push button, and go to the DNS tab;
  5. On the DNS tab press Add, and enter the IP address of your DNS server (domain controller). Don't utilise Public DNS IPs in preferred and culling fields, similar 8.8.8.8 (google) or one.1.1.1 (cloudflare);
    domain could not be contacted
  6. Click OK (if several IP addresses are listed in the DNS server list, movement the IP address of your DC to the top of the list);
    ad dc could not be contacted
  7. Save the changes and restart the workstation;
  8. Try to join your workstation to the Advertizing domain.

Verify if the access to the DNS service on the domain controller is not blocked past firewalls. The easiest fashion to check the availability of port 53 on a DC is to use PowerShell:

test-netconnection 192.168.1.11 -port 53

In our case, TcpTestSucceeded: True means that the DNS service on the DC is attainable.

an active directory domain controller (ad dc) could not be contacted

Also, check if your computer can resolve the domain proper name to the right IP accost of the domain controller. Use the Resolve-DNSName cmdlet with the FQDN of your domain to which you are trying to join your workstation:

Resolve-DNSName theitbros.com

an active directory domain controller could not be contacted

The control should return one or more records of DNS servers.

Also, brand sure the computer can contact the DNS server that hosts the DNS zone or can resolve DNS names in that domain. Make sure the correct DNS server is configured on this client as preferred and the client is connected to this server. Confirm you can find a domain and admission the domain controller from the computer using the command:

nltest /dsgetdc:theitbros.com

the system cannot contact a domain controller to service the authentication request

If your estimator successfully discovered the domain and domain controller, the command should render data most the domain, Advertisement site, and services running on the DC:

DC: \\DC01.theitbros.com  Address: \\192.168.1.15  Dom Guid: 4216f343-2949-21c3-8caa-6d7cbcdb1690  Dom Name: theitbros.com  Woods Proper noun: theitbros.com  Dc Site Proper noun: NY  Our Site Name: NY  Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS  The command completed successfully.

Hint. Some other helpful guide that tin assist you troubleshooting DC connectivity over RPC is "The RPC Server is Unavailable"

Sometimes, in the Netsetup.log file you can find useful information almost errors in joining a reckoner to an Agile Directory domain. Information technology is Windows clients log the details of domain join operation. This log can be found here %windir%\debug\Netsetup.log. Carefully examine the errors in the Netsetup.log file, they may help you in finding the problem of not being able to connect to the Active Directory domain.

The most typical errors are:

  • An attempt to resolve the DNS name of a DC in the domain being joined has failed. Please verify this client is configured to accomplish a DNS server that tin resolve DNS names in the target domain;
  • An operation was attempted on a nonexistent network connection — restart the computer, make certain that you blazon the DNS name and not the NetBIOS name;
  • Multiple connections to a server or shared resource past the same user, using more than than ane user name, are non allowed. Disconnect all previous connections to the server or shared resource and try over again — reboot your device;
  • Network name cannot be institute — make sure your computer can access the DNS server hosting the domain'southward DNS zone;
  • No more connections tin be made to this remote estimator at this time because there are already as many connections as the reckoner can take — remove all mapped drives and reboot the computer.

Too, try to temporarily disable the built-in Windows Firewall, and all tertiary-party applications with antivirus/firewalls modules (Symantec, MacAfee, Windows Defender, etc.), that tin can block network ports to access the domain controller. Later disabling the firewalls, try to join the computer to the domain.

Here is the minimum list of network protocols, ports, and services that must not exist blocked in firewalls betwixt a customer and a domain controller in order to successfully join a device to the Active Directory domain:

  • UDP 53 — DNS traffic;
  • TCP and UDP 88 — Kerberos hallmark;
  • UDP 123 — Windows Time Sync with DC;
  • TCP 135 — Remote Procedure Call RPC Locator;
  • TCP and UDP 139 — NetBIOS Session Service;
  • TCP and UDP 389 (LDAP, DC Locator, Net Logon) or TCP 636 (LDAP over SSL);
  • TCP 445 (SMB/CIFS, Net Logon);
  • TCP 49152-65535 — RPC ports, randomly allocated high TCP ports.

Cheque the Replication and DNS SRV Records on the Domain Controller

If the in a higher place method didn't assist, check if in the DNS zone of your domain controller at that place is an SRV record of the location of the DC.

Open an elevated Command prompt, and run the following commands:

nslookup  set up type=all  _ldap._tcp.dc.msdcs.your_domain_name.com

Verify if the specified DNS server has an SRV tape in the following form:

_ldap._tcp.dc._msdcs.your_domain_name.com SRV service location:

domain controller could not be contacted

If the specified SRV record is missing, information technology means your computer is configured to use a DNS server that does not have a correct SRV tape with the location of the domain controller.

If yous can't alter the DNS settings on your figurer, you tin manually add two records (SRV and A) to your existing DNS server which help you to resolve the domain controller's IP address:

  • _ldap._tcp.dc.msdcs.your_domain_name.com — is an SRV resource tape that points to the domain controller that hosts the ADDS role;
  • Resources A record that identifies the IP accost for the DC listed in the _ldap._tcp.dc.msdcs.your_domain_name.com SRV resources record.

Verify if the domain controller is configured to employ the same DNS server, or bank check if the replication on the DNS server that the client uses is successful (use the repadmin tool to check replication status). Also, make sure the DNS server allows dynamic updates.

Restart the Netlogon service on the domain controller with the command:

cyberspace stop netlogon && cyberspace start netlogon

(or but try to reboot the DC)

On startup, information technology will try to annals the necessary SRV records on the DNS server.

Besides, you can re-annals domain controller DNS records using the command:

ipconfig /registerdns

Wait for a while for the records to appear in DNS and replicate beyond the domain.

It is also recommended to verify if the SYSVOL and NETLOGON network shared folders are created and accessible on the domain controller (run the net share control on the closest DC).

however no domain controllers could be contacted.

If the SYSVOL and NETLOGON directories are missing in the shares listing:

  1. Check the IP and DNS settings on your DC (the domain controller shouldn't receive an IP address from a DHCP server, utilize simply a static IP address);
  2. Verify if the C:\Windows\SYSVOL domain directory contains Policies and Scripts folders;
    no domain controllers could be contacted
  3. If you did not migrate Sysvol replication from FRS to DFS, to replicate Sysvol from PDC to all DCs in the domain, you need to stop the File Replication Service (net stop NtFrs). And so run the Regedit and go to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/RestoreProcess at Startup, hither alter the value of BurFlags DWORD parameter to D4 (hex) on PDC, and to D2 (hex) on all additional domain controllers. Afterward that, beginning the service:
    net start NtFrs

    And check if the directory DCName SYSVOL appears and is attainable on the problem DC.

Accessing Legacy Domain Controllers Using the SMB v1 Protocol

If you use domain controllers running Windows Server 2008/2003/2000, and you are trying to bring together Windows 10 1803 (or newer) or Windows Server 2019 to the domain, you must enable SMBv1 protocol support on the client-side (this protocol is disabled by default in the newer Windows Bone). The client SMB1Protocol-Customer allows your computer to access legacy servers.

To enable SMBv1 support in Windows 10, go to Control Panel > Programs > Turn Windows features on or off. Expand the node SMB i.0/CIFS File Sharing Support, enable the SMB 1.0/CIFS Client pick, and save the changes.

however no domain controllers could be contacted

Yous tin can check SMB 1.0/CIFS Client protocol condition on your Windows 10 computer using the PowerShell command:

Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol-Client"

domain controller cannot be contacted

If the SMB1Client protocol status is Disabled, you lot can enable information technology using:

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Customer

Y'all can bank check if SMBv1 Client is enabled on Windows Server 2022 or 2019, with the following PowerShell command:

Go-WindowsFeature | Where-Object {$_.name -eq "FS-SMB1"} | ft Proper noun,Installstate

the following domain controller cannot be contacted

In order to install SMBv1 customer on Windows Server 2022/2019, run:

Install-WindowsFeature FS-SMB1

On Windows 7/Vista clients y'all tin detect the SMBv1 protocol state using the command:

sc.exe qc lanmanworkstation

If you need to enable SMB v1 Client on Windows 7/Windows Server 2008 R2, run:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi  sc.exe config mrxsmb10 kickoff= auto
  • Author
  • Contempo Posts

Cyril Kardashevsky

I enjoy technology and developing websites. Since 2012 I'm running a few of my ain websites, and share useful content on gadgets, PC administration and website promotion.

Cyril Kardashevsky