Loading...

Offline Domain Join

Normally a Domain Controller needs to be available in order to add a computer to the domain. With Windows 7 and Windows Server 2008 R2 comes a new tool called Offline Domain Join. This allows a computer to be added to the domain without a Domain Controller being available. This video looks at different ways Offline Domain Join can be used.

No Networking
In the simplest case Offline Domain Join can be used to join a computer to a domain without a domain controller. For example, if a new site was being set up and the networking at the new site had not been installed as yet.

No networking installed
Offline Domain Join can also be used to join a computer to a domain that does not have networking installed as yet. In some cases a reboot may be required before networking is working. This is often the case with virtual computers. With Offline Domain Join you can join the computer to the domain before any network drivers are installed on the computer.

Unattended installation
Offline Domain Join can also be used with an unattend.txt file. An unattend.txt file is used with automated installs of Windows. The file contains the answer to the setup questions as well as any other required customizations. Using Offline Domain Join like this means you could automate the complete install of Windows 7 using a script including having it added to the domain.

Limited network connectivity
In some cases the network between two locations may only be available at certain times. For example, in a secure environment replication between the main network and the secure network may happen rarely. If the secure network has a writeable Domain Controller then a computer can be added to the Domain at any time. If the secure network only has a read only Domain Controller, a computer cannot be added to the domain unless a writeable Domain Controller is contactable. Using Offline Domain Join, the computer can be added to the Active Directory database ahead of time and replicated to the secure network. Since the read only Domain Controller contains data for the new computer, the computer will be able to be added to the domain using Offline Domain Join even though a writeable Domain Controller is not available.

Add a computer to the domain without a username and password
Offline Domain Join can also be used to add a computer to the domain without the use of a username and password. All that is needed is the file Offline Domain Join generates. This file is considered to have sensitive information so should only be given to people who are trusted.

Requirements
Offline Domain Join can only be used to join computers to the network that are Windows 7 or Windows Server 2008 R2. It will attempt to contact a Domain Controller that is Windows Sever 2008 R2, however it can also use Domain Controllers before Windows Server 2008 R2. If there is a problem using a non Windows Server 2008 R2 Domain Controller, the parameter /DownLevel can be added to force the use of an earlier Domain Controller. In order to use Offline Domain Controller, the forest and domain level do not need to be raised.

Demonstration
The first step is to create the computer account in Active Directory that will be used later. This is done with the following command.
DJoin /Provision /Domain <Domain> /Machine <ComptuerName> /SaveFile <FileName>

This can be run on any Windows Server 2008 R2 or Windows 7 computer that has access to a writeable domain controller. The output file that is generated will need to be transferred to the computer that will be added later to the domain.

The following command need to be run on the computer that you want to add to the domain.

DJoin /RequestODJ /LoadFile <FileName> /WindowsPath <WindowsPath>

References
“MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition” pg 217-221
“Offline Domain Join (Djoin.exe) Step-by-Step Guide” http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx

Theme developed by TouchSize - Premium WordPress Themes and Websites