Introduction
The Active Directory domain join of a computer can be done using either the GUI or using command line and PowerShell.
In this tutorial, I will explain how to join a computer to a domain using the various command lines that are:
- NETDOM
- DJOIN for off-line joining
- Add-Computer in PowerShell
It is also possible to do it using the GUI.
Prerequisites
Before joining a computer to an Active Directory domain, it must be ensured that it can communicate with a controller, which implies a proper IP configuration (DNS server pointing to a controller). In order to join, you must also be a local administrator of the post and have an account in the domain authorized to join computers.
Junction with NETDOM
The NETDOM commands are a set of commands that allow the management of the Active Directoy, they are present natively on the server versions of Windows.
The command must be executed on the extension to be joined to the domain.
Syntax:
netdom join /domain: /ud: /pd:<*|password-account-ud> computer-name : name of the computer to join the domain
/domain : Active Directory domain name
/ud : Domain account authorized to attach a computer
/pd : * Enters the password or enter the password in the clear.
/OU :it is possible to indicate the OU
/reboot : restart of the station after the junction
Example: Joining the SRVCORE2 Domain to the lab.intra Domain
netdom join SRVCORE2 /domain:lab.intra /ud:LAB\administrateur /pd:*
DJOIN: offline junction
The djoin command allows to join a computer offline, this junction is done in two steps:
- Provision of the post in the Active Directory with the generation of a metadata file.
- Join the computer to the domain with the file.
Here are some examples of use cases:
- Deployment of a computer station by an outside provider to avoid providing an Active Directory account.
- Limit the number of people allowed to join computers to the domain.
- Deployment of Nano server.
Provision of the computer account, command to run on a domain controller, or from a domain member (minimum WIndows 7) with a domain Admins member account:
djoin /provision /domain /machine /savefile domain : Active Directory domain name
machine : computer account name
savefile : location and name of the file containing the metadata.
Example :
djoin /provision /domain LAB /machine NanoSrv /savefile C:\SrvNanoJoin
Check that the Computer account and the file are present.
On the extension to the domain, copy the file and enter the following command to join the extension:
djoin /requestodj /loadfile <Folder\File> /windowspath <WindowsFolder> /localos
requestodj : junction to offline domain at next reboot
loadfile : file containing the metadata
windowspath : Windows installation folder, it is to use the following variables in the command% systemroot% or% windir%
localos : target the local operating system
Example :
djoin /requestodj /localfile C:\SrvNanoJoin /windowspath C:\Windows /localos
At the next reboot the computer will be joined to the domain.
Junction with PowerShell
On the computer to join the domain, open a PowerShell command prompt and enter the following command:
Add-Computer -DomainName -Credential DomainName : Active Directory domain
Credential : User account with the rights to join a computer to the domain
At the validation of the order, enter the password of the account, once the validated command restart the computer for the taking into account.
Example :
Add-Computer -DomainName lab.intra -Credential [email protected]
Links :