Monday, April 25, 2011

Configure offline domain join


Offline domain join is a new process that computers that run Windows 7 or Windows Server 2008 R2 can use to join a domain without contacting a domain controller. This makes it possible to join computers to a domain in locations where there is no connectivity to a corporate network.

Prerequisites
To perform an offline domain join, you must have the rights that are necessary to join workstations to the domain. Members of the Domain Admins group have these rights by default. If you are not a member of the Domain Admins group, a member of the Domain Admins group must complete one of the following actions to enable you to join workstations to the domain:

Use Group Policy to grant you the required user rights. This method allows you to create computers in the default Computers container and in any organizational unit (OU) that is created later (if no Deny access control entries (ACEs) are added).

Edit the access control list (ACL) of the default Computers container for the domain to delegate the correct permissions to you.

Create an OU and edit the ACL on that OU to grant you the "Create child – Allow" permission. Pass the "/machineOU" parameter to the "djoin /provision" command.

1. At Domain Controller, log in as Domain Administrator.
2. Launch "Command Prompt", enter "djoin /provision /domain <domain name> /machine <computer name> /savefile <filename.txt>

Figure 1: djoin command

3. Copy the "djoin.txt" to a workstation C drive djoin folder.
4. At workstation, log in as local administrator.
5. Click "Start", right-click "Computer", select "Properties".

Figure 2: Computer name, domain, and workgroup settings

The workstation isn't changed the computer and join the domain.

6. Disconnect the network cable on this workstation.

Figure 3: Disconnect the network cable

7. Launch "Command Prompt" with Administrator right, enter "djoin /requestoej /loadfile <filename.txt> /localos /windowspath C:\Windows".

Figure 4: join the domain

8. Click "Start", right-click "Computer", select "Properties".


Figure 5: Updated the computer name

9. Restart the workstation.
10. Connect the network cable, log in as Domain Administrator.
11. Launch "Command Prompt", enter "whoami".

Figure 6: Verify the user account

Now, the workstation has been joined to the domain and log in as Domain Administrator.

Reference:
Offline Domain Join (Djoin.exe) Step-by-step guide

This posting is provided “AS IS” with no warranties, and confers no rights!

No comments:

Post a Comment