Force a remote machine to join domain

To join a machine to a domain, you could do it manually by logging on that local machine using local administrator account, and join it to a domain. Or, you can force it to join a domain remotely from your workstation, using NETDOM utility.

There are three requirements that must be satisfied before using this method

  • Remote clients must be able to contact the DNS Server to resolve Active Directory information.
  • You must know the local administrator account of the remote client computers
  • Windows firewall or any firewall must be disabled or configured to open appropriate ports. For more information about the ports use for domain join, take a look at this link http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx

Let’s I explain more about the requirement #1, connectivity. To join a domain, client computers must have its preferred DNS server configured point to a good DNS Server. This DNS Server must have information about Active Directory of the future domain that the clients want to join. In other words, the IP configuration on clients must look like this

DNS Configuration for a domain client

You might raise a question – I will join a remote machine to my domain, but I have to configure the IP configuration on that machine? No, the picture above is just for demonstration. I assume that your network has a DHCP Server with these DHCP Options configured.

Now, let’s roll to the main steps.

NETDOM on Windows 2003
Windows Server 2003 doesn’t have NETDOM utility by default. NETDOM is included in Windows Support Tools. You could download and install Support Tools at http://go.microsoft.com/fwlink/?LinkId=100114
  • Go to RUN menu, type CMD to open Command Prompt
NETDOM JOIN syntax

NETDOM JOIN machine /Domain:domain [/OU:ou path] [/UserD:user]
[/PasswordD:[password | *]]
[UserO:user] [/PasswordO:[password | *]]
[/REBoot[:Time in seconds]]

  • The required parameters are machine, which is the remote machine name; /domain, which is domain name (plaintutorials.net), /UserD and /PasswordD are username and password from domain; /UserO and /PasswordO are Administrator username and password on the remote machine.
  • The PasswordD and PasswordO parameter accepts the asterisk *. NETDOM will ask you for those two passwords later.
  • If you want to use NETDOM in a batch file, then type in the password directly into the file instead of using * for PasswordD and PasswordO.

Here is the command I used to join SUBDC2 machine to plaintutorials.net domain. The remote machine will reboot after 30 seconds.

NETDOM JOIN SUBDC2 /Domain:plaintutorials.net /UserD:Administrator /PasswordD:* /UserO:Administrator /PasswordO:* /ReBoot:30
Type the password associated with the domain user: <password typed>

Type the password associated with the object user: <password typed>

The command completed successfully.

On the remote machine, it will show some message like this

Shutting down server

 

About The Author

Hao Nguyen

Hao Nguyen

Hello! I'm Hao Nguyen and I'm currently working as a Network Engineer for a small firm in Houston. I enjoy writing technical documents and blog, such as PlanTutorials.com

2 Comments

  1. kan says:

    Hi
    I upgraded pc to windows7 from xp now i can’t join domain please guide step by step. thanks

  2. Vikram says:

    Thanks

Leave a Reply