In this blog post, I’ll show you how to Offline Domain Join a Windows 10 or Windows Server 2016 machine to an Active Directory Domain using Djoin.exe.
Offline Domain Join was first introduced back in the days of Windows 7 and Windows Server 2008 R2 and later was heavily used for joining Windows Nano Server to AD.
How does In work?
The process to Offline a machine to the domain is as follows:
- From a Domain Controller or a management machine with Active Directory PowerShell module (installed when Installing RSAT tools), you run a command that creates a computer account in AD (offline join) and an output a file.
- You copy the file to the machine you want to add to the domain and run a command.
- Restart the machine
- Done
The reasons you would use Offline Domain Join can be:
- You want to stage the deployment and give users the option to add their computers to the domain
- There is no connectivity to a domain controller
- Provisioning DirectAccess clients
-
Join Windows Nano Server to the Domain
Requirements
The requirements are very relaxed and you only need you Domain Controller that runs Windows Server 2008 R2 and the clients to be Windows 7 and above.
Offline Domain Join is using the Djoin.exe tool to provision the computer to Active Directory.
To run the tool you will need to use a User account with permissions to join computers to the domain (Domain Admins users can do it by default).
Let’s Start
To start the process of offline Domain join, I have a Windows 10 management machine with RSAT tools Installed on it.
Using PowerShell ISE, I’ll run the command below (Djoin.exe) to create the computer account of my Windows 10 machine in AD.
As you can see below, my domain name is Test and the machine name is ServerInsider2016
djoin.exe /provision /domain TEST /machine ServerInsider2016 /savefile .\OfflineJoin
Once the command completed successfully I’ll see the new account In Active Directory ( the computer name can be 15 chars only)
The command created an encrypted file with all the domain Information as you can see below:
Next, I’ll copy the file to my Windows 10 machine
From my Windows 10 machine, I’ll run the command below that will join it to the domain.
djoin /requestodj /loadfile C:\install\OfflineJoin /windowspath c:\windows /localos
When completed I’ll restart the computer and when it comes up it will be part of the domain
And using the PowerShell cmdlet below you could see the Domain details.
Get-ComputerInfo | select *domain*
Conclusion
Djoin.exe is a great tool that can help us in many scenarios where we can’t delegate control or join machines to the domain in locations where there is no connectivity to the corporate network.