Action1 5 How-to Articles 5 How to Join Domain Remotely Using the Direct Access Service

How to Join Domain Remotely Using the Direct Access Service

September 20, 2019

By Peter Barnett

The procedure for entering into the domain of a computer located outside the perimeter of your corporate environment is not complicated and is a matter of a few steps that must be performed on the client and any server within the domain of your organization. The article shows how to join domain remotely using the Direct Access service.

1. Creating an Answer File for Offline Domain Join of a PC to a Domain

Connect to the server console using Remote Desctop Protocol and launch the command line or powershell console. Use what you like best. In the example, I will use the command line. To do this, I will run the cmd utility as an administrator. To do this, right-click on the Command Line and select Run as administrator in the appeared window.

How to join domain remotely. Open Command line

2. Using the Command Line Interface, Enter the Following Command

Djoin.exe / provision / domain EXAMPLE.COM / machine COMPUTER NAME / rootcacerts / machineou “ou = desktops, dc = EXAMPLE, dc = COM” / policynames “DirectAccess Client Settings” / savefile C: \ FILE NAME.txt

3. Help for Working with the Djoin.Exe Utility

  • /PROVISION Prepare a computer account in the domain.
  • /DOMAIN name the name of the domain to which you want to join.
  • /MACHINE name is the name of the computer joined to the domain.
  • /MACHINEOU OU An optional parameter defining the Organizational Unit of the OU in which the account is created.
  • /DCNAME DC An optional parameter that defines the target DC domain controller for which an account is created.
  • /REUSE Reuse any existing account (its password will be reset).
  • /SAVEFILE path_to_file — Saves the preparation data in the file specified as path_to the file.
  • /NOSEARCH Skip account conflict detection; DCNAME is required (better performance).
  • /DOWNLEVEL Support using a domain controller Windows Server 2008 or earlier.
  • /PRINTBLOB Return a base64-encoded binary metadata object for an answer file.
  • /DEFPWD Use the default computer account password (not recommended).
  • /REQUESTODJ Request autonomous domain join at next boot.
  • /LOADFILE path_to_file is the name and path to the file specified earlier in the / SAVEFILE parameter.
  • /WINDOWSPATH path the path to the directory with the offline image of Windows.
  • /LOCALOS Allows you to specify the local OS in / WINDOWSPATH.

The djoin command should be run as administrator. Preparing an account for joining a domain should be performed in the context of an account with domain administrator privileges. A restart is required to apply the changes on the computer being joined.

As a result of executing the command with the above parameters, we will get a response file that already contains the necessary certificates for Direct Access, a list of direct access policies, the DNS namespace is needed.

4. Entering the Computer Domain via Direct Access

We transfer the received text file to the user’s workplace and run it from the command line:

djoin / requestODJ / loadfile C: \ FILE NAME.txt / windowspath% SystemRoot% / localos

Reboot.

This completes the process of remote computer input to the domain. In the invitation window, enter the name of the domain user and his password.

How to join domain remotely. input login and password in Invitation window

Consider Using Action1 to Join Domain Remotely if:

  • You need to perform an action on multiple computers simultaneously.
  • You have remote employees with computers not connected to your corporate network.

Action1 is a cloud-based remote monitoring and management platform for automated software deployment, software deployment, remote desktop, software and hardware inventory, and reporting.

See What You Can Do with Action1 RMM

 

Join our weekly LIVE webinar “Patching and remote management” to learn more

about Action1 RMM features and use cases for your IT needs.

 

Related Posts