[active directory] join computer to windows domain troubleshoot

Greetings !!

With my students we try to fix connections issues related to windows server domain based on windows server 2012 (if I’m right, maybe 2016).
I have no administration rights on the server, I communicate with the colleague which is the admin but we can not understand deeply how we could fix the situation.

First point: the physical network.

There is twelve windows 7 computers which the half could not join the domain (The Trust Relationship Between this Workstation and the Primary Domain Failed).

We tried to configure each computers in order to leave the domain and join the domain, as the administrator is not often physically at school :{
Do we execute Newsid.exe still on Windows 7 computers ?

Notices: the physical local network is described as four hubs (? it is too much – the network admin agreed we must reduce the number of hubs).

We have no difficulties to gain local Administrator rights on each computer (with two exceptions we gonna see thursday if we could enable F8 drop at boot for those two computers).

Second point: the Domain

The half of the computers of this class can not join the domain that must be STMARTIN.

I first thought that joining the domain is about computers and not domain users with rights to join domain, this because those computers joined the domain before being kicked out with “trust relationship…”.
We checked with the net admin and all the computers from this class are granted to join the domain.

Clues: I will try thursday to check for PowerShell on those computers to help us deal with AD and this devilish Windows Server.


  1. Is there a better way than unjoin/join domain in this case ?
  2. Could we use Linux system to check/troubleshoot and log the AD issues ? With which tool ? Samba ?

Thank you for your patience ^^


I plan to put a linux box with two network interfaces between the last hub which is connected to the “output cable” to the internal school network.
This linux box could act as a domain controler in order to deal with roaming user profiles and other “normal domain services” just as dhcp server, …

I would also configure the “internal interface” of this linux box in order to kill all the broadcast messages not related to dhcp (67:68) or icmp echo request I have to find some iptables rules to do so.

= Always join using a Domain Administrator account that already exists. Don’t try to create an account on the fly.

  • Add a /etc/hosts entry pointing to the PDC (or whatever DC which can perform you domain join functions).
  • Use the YaST module to join the AD.

Should not be any more difficult than the above steps which removes any dependence on AD DNS and for contacting the DC.


Thank you… I was guessing joining domain could be done without “join to domain rights” for a computer set to be a member of the domain :{

So, we need the domain user login and password (with sufficient rights) to join in… bad news :{