Homepage 5 How-to Articles 5 How to Join Domain Remotely Using the Direct Access Service

How to Join Domain Remotely Using the Direct Access Service

Manage remote endpoints, deploy software and patches with Action1 cloud RMM solution.

Sign up and use free on up to 50 endpoints with no functionality limits or expiration.

September 20, 2019

The procedure for entering into the domain of a computer located outside the perimeter of your corporate environment is not complicated and is a matter of a few steps that must be performed on the client and any server within the domain of your organization. The article shows how to join domain remotely using the Direct Access service.

1. Creating an Answer File for Offline Domain Join of a PC to a Domain

Connect to the server console using Remote Desctop Protocol and launch the command line or powershell console. Use what you like best. In the example, I will use the command line. To do this, I will run the cmd utility as an administrator. To do this, right-click on the Command Line and select Run as administrator in the appeared window.

How to join domain remotely. Open Command line

2. Using the Command Line Interface, Enter the Following Command

Djoin.exe / provision / domain EXAMPLE.COM / machine COMPUTER NAME / rootcacerts / machineou "ou = desktops, dc = EXAMPLE, dc = COM" / policynames "DirectAccess Client Settings" / savefile C: \ FILE NAME.txt

3. Help for Working with the Djoin.Exe Utility

  • / PROVISION – Prepare a computer account in the domain.
  • / DOMAIN name – the name of the domain to which you want to join.
  • / MACHINE name – is the name of the computer joined to the domain.
  • / MACHINEOU OU – An optional parameter defining the Organizational Unit of the OU in which the account is created.
  • / DCNAME DC – An optional parameter that defines the target DC domain controller for which an account is created.
  • / REUSE – Reuse any existing account (its password will be reset).
  • / SAVEFILE path_to_file —Saves the preparation data in the file specified as path_to the file. / NOSEARCH – Skip account conflict detection; DCNAME is required (better performance).
  • / DOWNLEVEL – Support using a domain controller Windows Server 2008 or earlier.
  • / PRINTBLOB – Return a base64-encoded binary binary metadata object for an answer file.
  • / DEFPWD – Use the default computer account password (not recommended).
  • / REQUESTODJ – Request autonomous domain join at next boot.
  • / LOADFILE path_to_file – is the name and path to the file specified earlier in the / SAVEFILE parameter.
  • / WINDOWSPATH path – the path to the directory with the offline image of Windows.
  • / LOCALOS – Allows you to specify the local OS in / WINDOWSPATH.

The djoin command should be run as administrator. Preparing an account for joining a domain should be performed in the context of an account with domain administrator privileges. A restart is required to apply the changes on the computer being joined.

As a result of executing the command with the above parameters, we will get a response file that already contains the necessary certificates for Direct Access, a list of direct access policies, the DNS namespace is needed.

4. Entering the Computer Domain via Direct Access

We transfer the received text file to the user’s workplace and run it from the command line:

djoin / requestODJ / loadfile C: \ FILE NAME.txt / windowspath% SystemRoot% / localos


This completes the process of remote computer input to the domain. In the invitation window, enter the name of the domain user and his password.

How to join domain remotely. input login and password in Invitation window

Consider Using Action1 to Join Domain Remotely if:

  • You need to perform an action on multiple computers simultaneously.
  • You have remote employees with computers not connected to your corporate network.

Action1 is a cloud-based remote monitoring and management platform for automated software deployment, software deployment, remote desktop, software and hardware inventory, and reporting.

Related Articles

How To Delete User Profiles Remotely with PowerShell

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.),...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!


Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1


Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.