Cannot join MS windows server 2008 Domain!!!

Microsoft Windows Server 2008 R2 | Support | Help

If you have the Time& Date preferences set (Sys Pref/Day & Time) to Automatically set time and date (the default choice is Apples time server for the US) and your time zone selection is correct you should be synced UNLESS your domain controller is using some other time controller that is NOT synced to National Bureau of Standards. Ask your network AD administrator what he/she is using for a time controller and set you system up to match it if that is the case. You can check the automatic setting by disabling Automatic and then manually changing the time to something else. Then go back to enabling Automatic and see if your time jumps back to being correct.

Also make sure your DNS entry in Sys Pref/Network/Advanced/DNS is correct. Again, your sys admin should be able to tell you what it should be.

Also have you tried a slightly different computer name? This is just in case the name you are using is already listed in the AD.

And lastly check your firewall setting. If it is ON you may want to try with it turned off just to see if you can connect then.

Can you Ping (Appiications/Utilities/Network Utility) the domain controller using both the name of the controller and its IP address from your Mac? And have you checked the DNS to see that it is properly resolving your computer's listing both forward and reverse? Lookup in the Network utility can give you info.

And since you are also the Domain Controller, what happens if you try to Ping your client Mac from the domain controller using both name and IP address?

I am assuming that your Mac is using Ethernet. If you are on wireless do you have some kind of software like Clean Access to block a wireless computer that is not current in its anti-malware and security updates? I also presume that your Mac can actully get to the internet when you are logged in as a local administrator. If your automatic time check worked, that would say you are able to connect.

I do know that Lion in versions 10.7.0, 10.7.1 and 10.7.2 all would not work period with DNS but, at least for me, 10.7.3 did seem to work correctly "right out of the box".

There is also a possibility which I read from another posting that involved Snow Leopard and DNS problems which involved bad cached info but I do not recall the particulars. You may want to consider reinstalling the OS from the Restore partition just to confirm that the problem is not coming from something in the currently installed OS. That is probably not the case but then again it is fairly easy to do. Just have a good current backup in case you need it. A good backup is ALWAYS something to have on hand.

I tell the Profs and students that there are two types of computer users. Almost invariably they say Mac and PC and I say "WRONG!". The two types are those who know what the term backup means and do it and those who, at some point in time, will wish they did.

In rooting around looking for the solution to another problem, I found this bit of info from Centrify. It is copied from another thread i put a post in regarding Active Directory binding problems with Lion several months ago (10.7.2 era) You may want to take a look and see if it gives you a workaround that lets you join AD.

http://www.centrify.com/downloads/public/centrify-directcontrol-for-mac-local-do main-workaround.pdf

Sorry for the delay in getting back. There were a number of power disruptions and server/network upgrades that took place over the weekend (not my area fortunatly) and cleaning up the ensuing problems took most of the past days. Add in the seemingly never-ending series of updates that Apple has been pushing out in the last couple of weeks and there was no time to get back to this.

I have not personally tried the Centrify workaround so I can not say if that will or will not clear the problem. I do know that I have run into a similar problem as yours in the last day or two with trying to get an Apple server recognized. In that case the AD server keeps referring to servername.local even thou the server does not show any visible account name with .local. I have not even come close to trying to figure that out. I had one of the other guys who works primarily with Linux take a look but he could not come up with a quick answer either.

One thing to take a look at is running the test on the DNS using intodns.com That site will run a quick check on the DNS server you enter and give you a report of what it sees as possibly being a problem. It may or may not give you a lead as to why you can not resolve the name from your domain controoller. One of the other things, that should not be a problem but.... is seeing if multicast is enabled. They did that here at my place and for a while there were some things going on that I did not understand but the networks people got things working and I did bother trying to find out what.

Reason I say this is that Bonjour (Apples way of looking for other systems) uses a multicast protocol. I do not know just what is involved with this but I have read that the .local domanin name is used by Bonjour. That is going out beyond my knowledge so someone more familiar with this may want to join in this discussion to clarify for both you and me.