Windows NT4 WS joining an NT Domain

You have an NT workstation, which is to be connected to an NT4 Domain server.
While it is technically possible to access data on an NT4 Domain server using workgroup access, on most systems the security policies will require you to “Join the NT Domain” to gain access to the data ( The procedure to join a Windows 2000 Domain is almost identical )
(if you are connecting via a Router to the domain-server, you will first to handle the TCP/IP
routing and naming issues, see :
Connection via a Router to a NT Domain Server )
Important note:
When loading up (installing) the NT4 workstation software on a PC and configuring the network, you will have already the option to join the Domain:

My experience (also confirmed by the suggestion in the Microsoft NT4 Server / Workstation training kit, with the 120 day trail-versions of NT4 WS and NT4 Server):
Please, select at this time “Workgroup” and I suggest to enter as workgroup-name the name of the Domain, which you like to join later.
(If you attempt to join at this stage the domain, you will NOT become a fully qualified Domain member, some security items will not be install properly and you can get very strange and un-explainable problems later)

NT4 workstation is installed properly, you get the NT4 Logon-prompt:

Ok, it is a fake (=redesigned), since
I was not able to make a screen-dump
from the real logon screen.
You are operating as a
“Workgroup”, not yet as
a member of the Domain.
Make sure, that you can see the
NT4 Domain server in your
Network Neighborhood
(and the NT4 Domain server has
to be able to see your NT4 workstation)

This is also an important diagnostic check, since you are now at least sure,
that the network card is working, that the cabling is working and that you
have installed to proper protocol.

make sure, that you have made the Logon
to this NT4 workstation as a user with
administrator rights on this system:
You require to have Administrator rights for
the following change of the network configuration !
In the Control-Panel Network-Applet,
select now to “Change…
Select now to be a “Member of Domain”,
and enter the name of the NT Domain
(NOT the name of the NT Domain Server ! )
Please, read/continue first the next section..

While a Windows95/98 system can simply join the Domain, the advanced Security system on NT requires, that on the Domain-server a “Computer Account” is created for this NT4 workstation.

in my experience, this “Computer Account” should only be created, once the NT4 workstation is configured for Workgroup-networking and the NT4 Domain server is able to see the NT4 workstation on the network
(“= see it in the Network Neighborhood”).

There are now 3 possible methods to create the “Computer Account“:
1) on the NT4 workstation
if you are yourself the administrator of the NT4 Domain server
(or at least know the password of the administrator):

Put the Check-mark on:
Create a Computer Account in the Domain
and identify yourself to be entitled for this
activity by entering the User-name and
Password of the NT4-Domain Server
Administrator (or a user entitled to create
Computer Accounts)

2) on the NT4 Domain-Server
usually, a regular user will NOT know the password of the Domain Administrator, and if the administrator is not present, then it is now the time to give the Domain Administrator a call, who uses now the “Server Manager

In this example,no NT4 system has yet been defined as member of this Domain.
Note: Windows 95/98 system are not defined (not listed) as member of a domain!

Select from the Menu: “Computer”
to “Add to Domain…”
you are adding an NT4 workstation,
and enter the name of the system.

Please, note that the icon for the newly added NT4 system is gray. Once
that system has successfully joined the Domain, that icon will become blue.
3) From a Windows95/98 system using “Windows NT Server Tools

Important information:
During the installation, a Security Identification Number (SID) is generated.
It is a random number, which is stored as part of the Computer-Account info.
If a system gets replaced (because you upgrade to a newer/faster model)
or it had to be reloaded (a new disk due to a disk-crash), then this replaced
system will have a different SID.
Even if the Computer-Name is made identical, the system will NOT be able
to connect to the Domain due to the mis-match of the SID.
In such cases, you first must delete on the Domain the Computer-Account
(and it will take 20-30 min before a deleted account disappears from the list)
and then the Computer-Account can be re-created.

The computer account is created or defined , now you are ready to click the “OK” button on the window “Identification Changes“:

If the computer account was properly created,
you will now be member of the Domain.
On “Close”, you will have to reboot.

After the reboot and pressing “Ctrl-Alt-Del”, a new version of the Logon Windows is displayed(and it is a fake, since I could not make a screendump of the real one):

You can now decide, on which User-Database to use for your Logon:

the users defined ONLY on your local NT4 Workstation (“P120NT4”)
(which you may need to do to get the right of being a local Administrator
to be able to modify the configuration)
the User Database defined on the Domain Server
(but since in most cases you will NOT be the Domain Server Administrator, you will
not be able to make a change to the configuration of the NT4 workstation)

Now, you need to have a Username (and password), which is defined in
the User-Manager of the Domain, to be able to logon:

You are now a member of the Domain, with it access-right (able to access data stored on the NT server), but also with its policies (=”limitations”) imposed for security reasons by the Domain Administrator.
When loging on to a Domain, a Logon Script could be processed.
Often, a Home-Directory is assigned to you.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top