How to Fix the “An Active Directory Domain Controller for the Domain Could Not Be Contacted” Error
When trying to join a computer to an Active Directory domain, you may sometimes encounter the “an Active Directory Domain Controller could not be contacted” error. In this post, I’ll explain the different DNS and IP settings you can check to fix this error and finally join your computer to a domain.
Table of Contents
- How can you encounter the ‘Active Directory Domain Controller for the Domain Could Not Be Contacted’ error?
- Checking network connectivity to the DNS server
- Check if the DNS server on your DC has an SRV record
How can you encounter the ‘Active Directory Domain Controller for the Domain Could Not Be Contacted’ error?
A common step when setting up a new or updated computer in your Active Directory domain is to join the computer to the domain as a computer object. This allows you to deploy a large catalog of Group Policy objects to the computer that typically processes when the computer starts up, and then according to a schedule. There are of course many other advantages to joining a computer to a domain, but that is outside the scope of this post.
Anyway, I’ve probably joined hundreds of computers to Active Directory domains over my 20+ years of professional IT experience. And, I would have to estimate that about 30-50% of the time, I encounter an error when I attempt to enter the DNS domain name of the Active Directory domain I want to join.
Yes, being confronted with the “an Active Directory Domain Controller could not be contacted” error can be confusing and frustrating. However, there are many troubleshooting steps you can take to accomplish your goal as an IT Pro and get the device on your domain. The most common cause of the error is some type of network and/or TCP/IP issue on your network. Let’s dive into the details below.
Why you need to analyze the detailed error log
When you go through the process to join a computer to an Active Directory domain, there are a bewildering amount of checks and balances that occur, often within a second, that need to be satisfied before you get that lovely message, ‘Welcome to the reinders.local domain!’ (or whatever domain you’re working on, of course). The flow chart, as it was, is somewhat complicated, but the essence of the steps is quite straightforward.
Let’s go through why you need to read ALL of the error messages you can see when encountering the “an Active Directory Domain Controller could not be contacted” error, as these messages may help you determine the appropriate actions required to fix Active Directory errors.
Checking network connectivity to the DNS server
There is a myriad of scenarios that could cause the “an Active Directory Domain Controller could not be contacted” error to show up when trying to join a computer to a domain. I will be going through some of the most common scenarios, but definitely not all of them that are out there.
The DNS client service in Windows makes the queries on the network to locate the appropriate DNS records to make this all work. Let me start my scenario in my Hyper-V ‘Windows Server 2022 Active Directory domain’ lab environment, and you’ll see below that I’ll encounter the dreaded “An Active Directory Domain Controller for the domain ‘reinders.local’ could not be contacted” error message.
Check your IP and DNS settings
If we examine the error message above, it states that there was an error when Windows attempted to locate the Service Location Record (SRV) used to locate an Active Directory Domain Controller (AD DC) in the specified domain – ‘reinders.local’. That is the beginning of Windows’ workflow – Contacting one of the DNS servers specified in Windows and querying for an SRV record. This eventually tells Windows how to query a domain controller to grant access to the domain.
Here, I created a fresh Windows 10 version 21H2 VM, and it currently has an IP address of 192.168.1.87. This is a DHCP address from my home office router.
For the purposes of my lab, my Hyper-V VMs are all statically assigned, which means that each computer’s IP address and specified DNS servers are all manually entered. This is NOT a common setup in the SMB world, especially the enterprise world.
You definitely should have some sort of DHCP server running and/or IP Address Management (IPAM) in place. However, this presents just one of the possible scenarios you could run into, albeit a good one.
Let’s move forward in our troubleshooting with Microsoft’s IPConfig tool.
The DNS server (as is the DHCP Server) is specified as 192.168.1.254, again, my home office router. This router is hooked up to my Internet connection so that the DNS server knows nothing of my Hyper-V Active Directory Domain. We need to make some changes before Windows can observe our domain and query it.
Check connectivity with the DC you want to reach
The IP Addresses of my 3 domain controllers (DCs) are the following:
Instead of having my computer’s IP address be assigned via DHCP from my home office router, I will give it a static IP address. I need to grab an available/open IP Address, assign it to my VM, and also specify those 3 DC/DNS servers.
Let me first confirm ping connectivity to my DCs with PowerShell
Looks good! Let’s move on to entering a new IP address and DNS configuration on my VM that works with my domain.
Try to add a new DNS configuration in accordance with your domain
- First, let us open the Network and Sharing Center to adjust my network adapter settings. Previously you could use the Control Panel to access this, but let’s be pro-Microsoft in this post.
- Click Start -> Settings -> Network & Internet -> Network and Sharing Center.
- Under Connections, I will click ‘Ethernet‘, which happens to be the name of my network adapter in Windows. This will allow me to adjust the IP settings on my VM.
- I will click Properties, and then double-click on ‘Internet Protocol Version 4 (TCP/IPv4).’
- First, I will click ‘Use the following IP Address:‘ and then enter the arbitrary IP address that I have documented for my lab (192.168.1.63).
- I also need to specify the Subnet mask and Default gateway (Router).
- Next, I will click ‘Use the following DNS server addresses’ and then enter my first two DNS servers (192.168.1.240 & 192.168.1.241).
Of course, you need at least one preferred DNS server, but it’s usually best to put in 2 or 3 (or more) in case any of them are unavailable for a query.
I have the option of going in and entering my third DNS server, which I’ll demonstrate here.
- Click the ‘Advanced…‘ button, then click the DNS tab.
- Click the ‘Add…‘ button and I’ll type in my 3rd DNS server (192.168.1.50).
- Then, I will click OK a few times to close all these windows with the changes.
Clear the DNS Cache to resolve stale entries
Another troubleshooting step that often helps is to clear out any potential stale DNS records on your computer. If you’ve made any DNS zone record additions and/or changes recently, there may still be obsolete entries stored in your client computer’s DNS cache.
You can run the following commands to wipe the slate clean and start fresh.
- Let’s open a command prompt window and type these commands:
ipconfig /flushdns net stop dnscache net start dnscache
This will first empty the local DNS cache of all entries, stop the ‘DNS Client’ Windows service, then start the service. It’s essentially a ‘DNS reboot’ without having to reboot your computer!
Check if the DNS service on the DC isn’t blocked by firewalls
Another potential headache you can check for efficiently is to utilize PowerShell and attempt to query one of your DNS servers (DCs) on port 53 (DNS port) for connectivity. This is the same port Windows uses to run DNS lookups.
- We can use the following command to test this:
Test-NetConnection 192.168.1.240 -Port 53
Check if the DNS server on your DC has an SRV record
At this point, I know that my setup is correctly configured to join my new VM to the domain. However, there are other common issues you may have on the ‘backend’ side of things – your DNS/DC setup. Having the correct DNS records entered in your Active Directory domain is crucial to making this work. Let’s take a look.
Check DNS records on your DC
Instead of using PowerShell for this, I can open the DNS Manager MMC tool on my Windows 11 client VM and show you that the appropriate ‘_ldap…’ records are listed correctly in my ‘reinders.local’ domain.
If you happen to be setting up a new Active Directory domain, you may not have these records entered yet. You can manually enter two records (SRV and A) to one of your existing DNS servers to resolve this missing link.
- _ldap._tcp.dc.msdcs.your_domain_name.com — is an SRV resource record that points to the domain controller that hosts the AD DS role.
- Resource A record that identifies the IP address for the DC listed in the _ldap._tcp.dc.msdcs.your_domain_name.com SRV resource record.
Re-register DNS records on your DC
After you’re done adding or modifying these records, it is always a good measure to ‘make sure’ or re-register the DNS records on your DNS/DC servers with the entire domain.
You can open an elevated command prompt to run the following IPConfig command.
For good measure, go ahead and restart your computer, then attempt to run some queries to confirm the DNS setup is complete.
Well, I attempted to join my computer to the domain, and all is well!
As I said, there are countless reasons why a computer would be unable to successfully query the network for a DNS server and Domain Controller. I hope you are able to use my suggestions and recommendations to get passed the dreaded “an Active Directory Domain Controller could not be contacted” error when you are joining computers to your AD domain. Thanks for reading!
More in Active Directory
How to Enable and Use the Active Directory Recycle Bin
Nov 21, 2022 | Michael Reinders
How to Use LAPS to Manage Local Admin Account Passwords in Active Directory and Azure AD
Nov 14, 2022 | Michael Reinders
Zoom Adds New Email and Calendar Products to Improve Collaboration
Nov 9, 2022 | Rabia Noureen
How to List All Users in Active Directory
Nov 7, 2022 | Michael Reinders
Budget for Operational Resilience in 2023
Oct 20, 2022 | Russell Smith
Choosing between 2.4 GHz and 5 GHz Wi-Fi
Oct 17, 2022 | Sukesh Mudrakola
Most popular on petri