How to use offline Domain join (djoin.exe) Active Directory in Windows Server 2016

By | 03/04/2018

Offline domain join scenario overview

Offline domain join is a new process that computers that run Windows® 10 or Windows Server® 2016 can use to join a domain without contacting a domain controller. This makes it possible to join computers to a domain in locations where there is no connectivity to a corporate network.

For example, an organization might need to deploy many virtual machines in a datacenter. Offline domain join makes it possible for the virtual machines to be joined to the domain when they initially start after the installation of the operating system. No additional restart is required to complete the domain join. This can significantly reduce the overall time that is required for wide-scale virtual-machine deployments.

A domain join establishes a trust relationship between a computer running a Windows operating system and an Active Directory® domain. This operation requires state changes to Active Directory Domain Services (AD DS) and state changes on the computer that is joining the domain. To complete a domain join in the past using previous Windows® operating systems, the computer that joined the domain had to be running and it had to have network connectivity to contact a domain controller. Offline domain join provides the following advantages over the previous requirements:

  • The Active Directory state changes are completed without any network traffic to the computer.
  • The computer state changes are completed without any network traffic to a domain controller.
  • Each set of changes can be completed at a different time.

There is a new tool included with Windows Server 2012 R2 / Server 2016 and Windows 8 / 10 called Djoin.exe.

There are any number of circumstances where you may want to have a client computer join to a domain when they have no access to a domain controller.

On example might be if you are creating a new branch office and the servers are not functional yet in that location, but you would like to begin rolling out the clients.

1 – On the Windows Server, open CMD  and type :

  • Windows = your Domain name
  • CLIENT-10 = PC Client

djoin /provision /domain “Windows” /machine “CLIENT-10” /savefile win10blob.txt

 

~*~ If the djoin /provision command completes successfully, you’ll see your new ClientsPC account in the Computers container in AD. ~*~ (Please Refer to the Pictures)

1210.png

2 – Browse to in C:\Djoin, and look for Win10blob.txt file.

Transfer Win10blob.txt file to CLIENT-10 client PC.

3.png

3 – On the CLIENT-10 PC, confirm that it still in workgroup.

Paste the Win10blob.txt that you copy previously from the server (any domain member PC) into local admin profile (for this Demo i copy into Windows 10 System32 folder (not the best practice).

5.png6.png

4 – On the client PC, open CMD and type: and then restart the PC. (Please Refer to the Pictures)

djoin /requestodj /loadfile C:\Windows\System32\win10blob.txt /windowspath c:\windows /localos

7.png8.png

5 – Once your Client PC restarted, open System Properties and confirm that your Client PC is now a member of your domain.

11.png

~*~ Please take note : You’ll only be able to logon with a domain account for the first time if there’s connectivity to a DC. ~*~

that’s all for now

Leave a Reply

Your email address will not be published. Required fields are marked *