Hi, We are not able to join machine (windows xp) to domain (windows 2008) below are the network details. DC 10.200.107.100 Client 10.200.109.228 All the server and client belongs to default site. we are able to ping DC from client computer. but while joining to domain, it throws error "the requested operation can not performed" do i need to configure client computer subnet(10.200.109.0) on AD .....? Thanks, Chinmay.

Please, first try to disable the firewall on the DC for testing purposes. The client and server belong to a different subnet if subnets there are standard /24 as I suppose and you need: 1) make sure you force the Netbios over TCP on both sides (see here: http://technet.microsoft.com/en-us/library/bb727013.aspx) 2) make sure you are using the proper domain name (it's the netbios name, not the FQDN name you might have configured on your dns). For instance you should use "mydomain" instead of "mydomain.com" etc. 3) make sure on the client you use a dns server capable to resolve the domain name and the dc name 4) make sure the 10.200.109.0 network has been added to the AD siteVincenzo MCTS, MCTIP Server 2008 | MCTS Exchange 2010 | WatchGuard Firewall Security Professional

Hello, please make sure that: Each DC/DNS server is pointing to itself as primary DNS server and to other internal DNS servers as secondary ones Each DC without DNS is pointing to internal DNS servers Each public DNS server is set as a forwarder Once done, run ipconfig /registerdns and restart netlogon on all DCs. Make sure that the client computer is pointing to an internal DNS server as a primary one. Once done, try joining it. If the problem persists then disable all firewalls and check that all is okay with your routes. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator

Hello, please post an unedited ipconfig /all from the DC and the client, the provided ip addresses are not enough to see the problem. If you use the subnet mask 255.255.255.0 then what you see is expected.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, We are not able to join machine (windows xp) to domain (windows 2008) below are the network details. DC 10.200.107.100 Client 10.200.109.228 All the server and client belongs to default site. we are able to ping DC from client computer. but while joining to domain, it throws error "the requested operation can not performed" do i need to configure client computer subnet(10.200.109.0) on AD .....? Thanks, Chinmay. Before I start... I mean no offense in this 101 demonstration. As time goes on, people will google to find the same problem you might have. I just try to be thorough in instruction. Especially if a configuration that seems right, goes wrong and someone needs to figure out how to fix it. Quick Networking 101 - Subnetting The only way these would work is if your subnet mask were 255.255.248.0 Your network subnet range would proceed as follows... 10.200.104.1 - 10.200.111.254 - Your host count would be 2046.... Quite a large pool for someone who is questioning a basic network segment. First, Are you familiar with Network Subnetting? http://www.subnet-calculator.com (Recommended for aid) 255.255.255.0 is an incompatible subnet mask for the above mentioned host IPs. If you ran 255.255.0.0 that config will also work but the idea behind networking is to allow some growth for 5 year span, but you do not want too many excessive network host IDs available for security. You want to allow only your hosts on the same lan and use an alternative lan for guests or unsecured systems. So if I expect to have only 200 systems at maximum in the next 5 years.. I would use 255.255.255.0... As that is the smallest network mask I can work with to allow 200 hosts. If I only expect 100 hosts... I would use 255.255.255.128 to only allow 126 hosts in my network. This is called growth expectancy. Typically you estimate 25% per year. This is slim-pickin... absolute basics of networking and IT operations. Office of 50 desktops, 5 servers, 50 phones, 15 printers... Already looking at 120 users. I would choose 255.255.255.0 because at 4 years... this could expand to 250 devices on the network... its much easier to expand much later, than to expand every year. Automating Client Setup for easy configuration On your DC if it is the ONLY server.. you should have DHCP enabled and your primary DNS should be set as your server IP on your DHCP Server. So once your client receives its automatic IP address and looks at your AD server as the first point of DNS reference... it will know who the domain is when you try to Join the domain. This is your problem at current. The work around for this is to set your Client system with a static address and configure your DNS server as your AD server. Make sure you configure both a forward and reverse lookup zone on your DNS server to eliminate problematic DNS issues in the future. If you go through the proper configurations steps... your setup should be ok to proceed with your expected tasks or labs. Best Regards, Steve Kline Microsoft Certified IT Professional: Server Administrator Microsoft Certified Technology Specialist: Active Directory, Network Infrastructure, Application Platform, Windows 7 Microsoft Certified Product Specialist & Network Product Specialist Red Hat Certified System Administrator Microsoft® Community Contributor Award 2011 This posting is "as is" without warranties and confers no rights.