Saving time with offline domain joins in Windows Server 2008 R2

An offline domain join allows Windows 7 and Server 2008 R2 machines to join a domain without connecting to a DC. Here’s how the process works.

Ever since the days of Windows NT, one thing has always held true for a domain join -- the computer that is joining the domain must have physical connectivity to it (and to a DNS server that is authoritative for the domain) in order for the join to succeed.

With Windows Server 2008 R2, however, Microsoft finally made it possible to join a disconnected computer to a domain using a new command called Djoin.exe. Let’s take a look at how the new command works.

You can use the Djoin command to join a computer that’s running either Windows 7 or Server 2008 R2 to a Windows domain. Computers running legacy Windows operating systems cannot be joined to a domain in this manner.

You should also note that this command assumes your domain controllers are running Windows Server 2008 R2. If you are joining a computer to a domain that is running an older OS on the domain controllers, then you will have to make use of an optional switch called /downlevel.

With that said, there are two steps involved in the domain join process, and the first step has to be performed on a domain controller that is running Windows Server 2008 R2. Here you will use the Djoin command to perform the initial provisioning of the domain. In doing so, you must run Djoin from within an elevated command prompt window (you can’t do this in PowerShell). The syntax for the command is:

DJOIN /Provision /domain <your domain> /Machine <machine name> /SaveFile <path and file name>

As you can see, the /Provision switch tells Windows that you are provisioning the domain. After that, you must issue the /Domain switch and the name of the domain that the new computer is joining. Next, you have to specify the /Machine switch, followed by the name of the computer that we want to provision. Finally, the /SaveFile switch is required.

The /SaveFile switch tells Windows to create a file that can be used on the new computer to complete the domain join process. This file should be written to removable media. The filename usually consists of the name of the computer that is joining the domain and the Djoin extension.

Let’s look at an example to see how this command works. Suppose you want to join a computer named WKS1 to a domain called Contoso.com. In doing so, you would use a command similar to the one shown below:

DJOIN /Provision /Domain Contoso.com /Machine WKS1 /SaveFile Z:\WKS1.Djoin

When you execute the above command, two things happen. First, a computer account for WKS1 is created in the Computers container for the specified domain. Of course, the Computers container is only the default location. You can create the computer account within a custom OU by specifying the /MachineOU switch followed by the name of your custom OU. Second, a file named WKS1.DJOIN is written to Z:\. You must then take this file to the computer that is joining the domain.

The second part of the process is similar to the first part. It involves opening an elevated command prompt on the new computer and entering the following command:

DJOIN /RequestODJ /Loadfile <path and filename> /LocalOS /WindowsPath <windows path>

In the above command, the /RequestODJ switch tells Windows that you want to join the computer to the domain, while the /Loadfile switch allows you to specify the path and filename of the file that you just created. The /LocalOS switch tells Windows that you want to perform the operation against the local operating system. Finally, you must provide the /WindowsPath switch followed by the path to the Windows directory on the local machine.

For instance, suppose you want to import the Z:\WKS1.DJOIN file that you created earlier and use it to join a new machine to a domain. To do so, the command used would look something like this:

DJOIN /RequestODJ /Loadfile Z:\WKS1.DJOIN /LoaclOS /WindowsPath C:\Windows

Although this command is simple, there are a few things you need to know before using it. First, it is not necessary to manually rename the computer that is being joined to the domain. The computer’s default name will be automatically replaced by the machine name that you provided when you created the Djoin file.

You should also note that a reboot is required after you run this command, just as it would be had you joined the domain the old fashion way. Finally, it’s critically important that you do not run the command shown above (or use the /LocalOS switch) on a domain controller, as doing so will break the DC.

As you can see, the Djoin command makes it easy to join a machine to a domain -- even if no connectivity is immediately available. This technique can be especially useful for provisioning machines that will be shipped offsite.

ABOUT THE AUTHOR
Brien M. Posey, MCSE, is a Microsoft MVP for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. For more information, visit www.brienposey.com.

This was first published in October 2010
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close