Windows Server 2008 R2: Offline Domain Join Step-by-Step Guide

  • Article

Offline domain join scenario overview windows-server-2008-r2

Offline domain join is a new process that computers that run Windows® 7 or Windows Server® 2008 R2 can use to join a domain without contacting a domain controller. This makes it possible to join computers to a domain in locations where there is no connectivity to a corporate network.

For example, an organization might need to deploy many virtual machines in a datacenter. Offline domain join makes it possible for the virtual machines to be joined to the domain when they initially start after the installation of the operating system. No additional restart is required to complete the domain join. This can significantly reduce the overall time required for wide-scale virtual machine deployments.

A domain join establishes a trust relationship between a computer running a Windows operating system and an Active Directory® domain. This operation requires state changes to Active Directory Domain Services (AD DS) and state changes on the computer that is joining the domain. To complete a domain join in the past using previous Windows® operating systems, the computer that joined the domain had to be running and it had to have network connectivity to contact a domain controller. Offline domain join provides the following advantages over the previous requirements:

  • The Active Directory state changes are completed without any network traffic to the computer.
  • The computer state changes are completed without any network traffic to a domain controller.
  • Each set of changes can be completed at a different time.

The following sections explain some of the benefits that offline domain join can provide.

Reduced total cost of ownership in datacenters:
Offline domain join can reduce the total cost of ownership for computers by reducing the startup time that is required for each server and by increasing the reliability of domain join operations in production environments.

Improved experience for performing domain joins using an RODC:
In Windows Server 2008, there is a mechanism to perform domain join operations against a read-only domain controller (RODC).

Rapid enterprise deployments:
By using deployment tools, such as Windows System Image Manager, you can perform an unattended domain join during an operating system installation by providing information that is relevant to the domain join in an Unattend.xml file.

Requirements for offline domaoin join:
To perform an offline domain join, you run commands by using a new tool named Djoin.exe. You use Djoin.exe to provision computer account data into AD DS

Operating system requirements - Windows Server 2008 R2 or Windows 7
By default, the Djoin.exe commands target a domain controller that runs Windows Server 2008 R2. However, you can specify an optional /downlevel parameter if you want to target a domain controller that is running a version of Windows Server that is earlier than Windows Server 2008 R2.

Credential requirements:
To perform an offline domain join, you must have the rights that are necessary to join workstations to the domain. Members of the Domain Admins group have the rights to join workstations to the domain by default.

Granting rights:
You can use the Group Policy Management Console (GPMC) to modify the domain policy or create a new policy that has settings that grant the user rights to add workstations to a domain.

For more information download the step-by-step guide from https://technet.microsoft.com/en-us/library/dd392267.aspx