Microsoft Offline Domain Join
January 20, 2014These days, companies are dealing more with mobility, than ever before. IT infrastructure is now spread out in the cloud, and users may be working from the road, remote offices or from home. This is making it more difficult to manage a secure IT Infrastructure.
Microsoft is taking steps to allow IT Administrators to start controlling machines even when they aren’t connected to a corporate infrastructure. Microsoft Offline Domain Join was released as a new feature with Windows Server 2008 R2. This feature allows a machine that is not directly connected to a network with Active Directory, to be joined anyway.
Performing an Offline Domain Join
Prerequisites
Client Operating System Required: Windows 7 or later
Server Operating System Required: Windows Server 2008 R2 or later
Create an offline domain account on the Domain Controller
The first step in an offline domain join is to provision the machine account in Active Directory. This cannot be done the old fashioned way of using Active Directory Users and Computers. This can be done via a powershell window by utilizing the Djoin command. Be sure that you are running this command on a domain joined server and that it is Server 2008 R2 or higher.
djoin /domain DOMAINNAME /machine MACHINENAME /rootcacerts /savefile FILEPATH /REUSE
You may notice that I’ve added the /policyname switch to add my Direct Access GPO during my offline join.
After the command completes successfully, you should be able to see a new machine object created in Active Directory. (I added the description myself, after the provisioning was done)
Also, notice that we created a text file named “Provision.txt”. This text file needs to be transferred to the offline machine to be joined to the domain.
Join the Offline Machine to the Domain
Transfer the provisioning file that was created on the domain server, to the offline client. (Be sure that this client is running Windows 7 or later.) Open a powershell console again and use the djoin command yet again to add the machine to the domain.
djoin /requestodj /loadfile FILEPATH /windowspath c:windows /LocalOS
[…] « Microsoft Offline Domain Join […]