Offline Domain Join - ITFreeTraining

Home » Add Computer To Domain Offline » Offline Domain Join - ITFreeTraining

Maybe your like

Logo

Logo

  • Home
  • Courses
  • 70-640 Introduction to Active Directory
  • Offline Domain Join

Normally a Domain Controller needs to be available in order to add a computer to the domain. With Windows 7 and Windows Server 2008 R2 comes a new tool called Offline Domain Join. This allows a computer to be added to the domain without a Domain Controller being available. This video looks at different ways Offline Domain Join can be used.

<a class="wp-block-button__link"Download PowerPoint Show lesson contentNo NetworkingIn the simplest case Offline Domain Join can be used to join a computer to a domain without a domain controller. For example, if a new site was being set up and the networking at the new site had not been installed as yet.

No networking installedOffline Domain Join can also be used to join a computer to a domain that does not have networking installed as yet. In some cases a reboot may be required before networking is working. This is often the case with virtual computers. With Offline Domain Join you can join the computer to the domain before any network drivers are installed on the computer.

Unattended installationOffline Domain Join can also be used with an unattend.txt file. An unattend.txt file is used with automated installs of Windows. The file contains the answer to the setup questions as well as any other required customizations. Using Offline Domain Join like this means you could automate the complete install of Windows 7 using a script including having it added to the domain.

Limited network connectivityIn some cases the network between two locations may only be available at certain times. For example, in a secure environment replication between the main network and the secure network may happen rarely. If the secure network has a writeable Domain Controller then a computer can be added to the Domain at any time. If the secure network only has a read only Domain Controller, a computer cannot be added to the domain unless a writeable Domain Controller is contactable. Using Offline Domain Join, the computer can be added to the Active Directory database ahead of time and replicated to the secure network. Since the read only Domain Controller contains data for the new computer, the computer will be able to be added to the domain using Offline Domain Join even though a writeable Domain Controller is not available.

Add a computer to the domain without a username and passwordOffline Domain Join can also be used to add a computer to the domain without the use of a username and password. All that is needed is the file Offline Domain Join generates. This file is considered to have sensitive information so should only be given to people who are trusted.

RequirementsOffline Domain Join can only be used to join computers to the network that are Windows 7 or Windows Server 2008 R2. It will attempt to contact a Domain Controller that is Windows Sever 2008 R2, however it can also use Domain Controllers before Windows Server 2008 R2. If there is a problem using a non Windows Server 2008 R2 Domain Controller, the parameter /DownLevel can be added to force the use of an earlier Domain Controller. In order to use Offline Domain Controller, the forest and domain level do not need to be raised.

DemonstrationThe first step is to create the computer account in Active Directory that will be used later. This is done with the following command.

DJoin /Provision /Domain /Machine /SaveFile

This can be run on any Windows Server 2008 R2 or Windows 7 computer that has access to a writeable domain controller. The output file that is generated will need to be transferred to the computer that will be added later to the domain.

The following command need to be run on the computer that you want to add to the domain.

DJoin /RequestODJ /LoadFile /WindowsPath

References“MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition” pg 217-221 “Offline Domain Join (Djoin.exe) Step-by-Step Guide” http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx

Credits Lesson tags: 70-640-active-directory Managed Service Accounts OU and Shadow Groups Back to: 70-640 Introduction to Active Directory > Maintaining Active Directory Objects

Active Directory is a system which offers centralized control of your computers.

  • Introduction to Active Directory
  • New Features Windows Server 2008 R2
  • Active Directory under the hood
  • Active Directory Forest and Trees
  • Active Directory system requirements
  • Installing Active Directory
  • Installing Active Directory on Server Core
  • Global Catalog
  • Operation Master Roles
  • Moving operational master roles
  • Operation Master Role and Global Catalog Placement
  • Seizing operational master roles
  • Settings an external time source
  • Domain functional levels
  • Forest Functional Levels
  • Upgrading Active Directory
  • Adding a child domain
  • Active Directory Trusts
  • Sites and Subnets
  • Active Directory Replication
  • Creating a user
  • Computer Accounts
  • Windows Groups
  • Group Types
  • Default Local Groups
  • Built-in Groups Domain Controllers and Server
  • Domain Groups
  • Special Identities
  • AGDLP
  • AGUDLP
  • Universal Group Caching
  • Contacts
  • Protected Admin
  • Service Accounts
  • Managed Service Accounts
  • Offline Domain Join
  • OU and Shadow Groups
  • Delegation of Control
  • Active Directory Command Line Tools
  • CSVDE and LDIFDE
  • PowerShell
  • VBScript
  • Active Directory Migration Tool
  • RSAT and Snap-ins
  • Group Policy Introduction
  • Group Policy New Features
  • Configuring Group Policy
  • Installing Group Policy Tools
  • Group Policy Processing Order
  • Group Policy Enforced and Blocked
  • Group Policy Loopback Processing
  • Group Policy Preferences
  • Group Policy Starter GPOs
  • Group Policy Filtering
  • Group Policy Replication
  • Group Policy Restricted Groups
  • Local Group Management with Preferences
  • Group Policy Software Deployment Concepts
  • Group Policy Software Deployment
  • AppLocker
  • Optimization
  • Troubleshooting Group Policy
  • Security Templates
  • Security Configuration Wizard
  • Windows Auditing
  • Active Directory Auditing
  • Active Directory Password Polices
  • Fine-Grained Password Policies
  • Deny Domain Local Group
  • Windows DNS Install Requirements
  • DNS install on Windows Server 2008 R2
  • DNS Namespace
  • Recursive and Iterative Queries
  • Configuring Root Hints on Windows
  • DNS Zones
  • Windows DNS zone Demonstration
  • Creating DNS Records using Microsoft DNS
  • DNS Time to live, aging and scavenging
  • DNS Delegation Using Windows DNS
  • DNS Round Robin and Netmask Ordering
  • DNS GlobalNames
  • DNS and Active Directory
  • DNS Forwarding and Conditional Forwarding
  • DNS and Active Directory Partitions
  • DNS Split Brain
  • Claim Based Identity Systems
  • Claims
  • Federation Services Terminology
  • AD FS Features
  • AD FS Minimum Requirements and Prerequisites
  • AD FS Components
  • Installing Enterprise CA for AD FS on Windows Server 2008 R2
  • Installing AD FS on Windows Server 2008 R2
  • Setting up HighCost Training AD FS 2008 R2
  • Relying Party Trust Theory
  • AD FS Configuring a Relying Party Trust Windows Server 2008 R2
  • AD FS Claims Provider Trust
  • Claims Provider Trust Demonstration
  • What is new in Certificate Services 2008 R2
  • Components of Certificate Services
  • Standalone and Enterprise CA’s
  • Setup CRL Distribution Points

© ITFreeTraining 2022

Tag » Add Computer To Domain Offline