• Contact
  • Homelab
Dimitris Tonias
  • Management
  • Monitoring
  • Cloud
  • Virtualization
  • Networking
  • Productivity
No Result
View All Result
  • Management
  • Monitoring
  • Cloud
  • Virtualization
  • Networking
  • Productivity
No Result
View All Result
Dimitris Tonias
No Result
View All Result

Offline domain join in Active Directory

Dimitris Tonias by Dimitris Tonias
January 28, 2018 - Updated on April 21, 2024
in Management
Reading Time: 3 mins read
A A
6
Share on FacebookShare on Twitter

Since the era of Windows 7 and Windows Server 2008 R2, Microsoft has added offline domain join to the administrator’s tools.

In short, using the djoin.exe command-line tool, you can create (provision) a computer or server in Active Directory and then use an encoded file to join it to the domain without a direct communication between the computer/server and the Domain Controller.

Offline domain join in Active Directory

Offline domain join is mainly used in Direct Access implementations and in unattended installations, but also in cases where there is no satisfactory connectivity between a branch office and the central ones, making the classic online domain join difficult.

In summary, the procedure is as follows.

  • In a Domain Controller, we run the appropriate djoin /provision command which produces an encoded txt file.
  • We copy the file to the computer or server we are about to join into the domain and run the appropriate djoin /requestODJ command.
  • After restarting, the offline domain join process will be completed.

So let’s see how it’s done in the following steps. For this example, I have used Windows Server 2016 as a Domain Controller to create the file and an RODC on a branch office to join the domain.

Settings in the Domain Controller

In a Domain Controller, open the command prompt with Administrator privileges and type the following command.

djoin /provision /domain "meraki.edu" /machine "MRK-KVA-RODC" /savefile C:\RODC.txt

djoin /provision /domain "meraki.edu" /machine "MRK-KVA-RODC" /savefile C:\RODC.txt

Where,
in the /domain parameter, type the name of the AD domain
in the /machine parameter, type the computer name
in the /savefile parameter, type the file’s (.txt) location in the disk

Offline domain join in Active Directory

The process of creating the file is instantaneous and by opening it you can see that the data it contains is encoded.

Offline domain join in Active Directory

Also, since the computer has been provisioned in Active Directory, you can confirm that the computer object has been created in the Computers container of the Active Directory Users and Computers console.

Offline domain join in Active Directory

Settings on the computer/server

Next, you’ll need to transfer the previously created file to your computer or server to join the domain. In our example, the file exists in C:\RODC.txt.

Open a command prompt window with administrator privileges and type the following command.

djoin /requestODJ /loadfile C:\RODC.txt /windowspath %systemroot% /localos

djoin /requestODJ /loadfile C:\RODC.txt /windowspath %systemroot% /localos

where in the /loadfile parameter, type the location where the file is located.
The rest of the parameters remain unchanged.

Offline domain join in Active Directory

If you see the error The offline domain join request failed. Error 0xa9d., Then add –% (two dashes) after djoin. That is, it will be something like that.

djoin --% /requestODJ /loadfile C:\RODC.txt /windowspath %systemroot% /localos

djoin --% /requestODJ /loadfile C:\RODC.txt /windowspath %systemroot% /localos

After running the command and successfully completing, you will need to restart the computer to complete the offline domain join process.

That’s it! Of course, do not forget that to log in using domain credentials, you need to have a DC or RODC connection to verify them. Otherwise, if the computer is not communicating to any of these, you can only log on using a local user account.

Tags: AD DomainWindows 10Windows Server 2016
ShareTweetPin
Previous Post

Seize FSMO roles on a Domain Controller

Next Post

Enable PowerShell Remoting and check if it’s enabled

Related Posts

Approve updates in WSUS 2016
Management

Approve updates in WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016
Management

Configure Group Policy to deploy updates using WSUS 2016

Configure computer groups in WSUS 2016
Management

Configure computer groups in WSUS 2016

The initial configuration of WSUS 2016
Management

The initial configuration of WSUS 2016

Install WSUS in Windows Server 2016
Management

Install WSUS in Windows Server 2016

Error opening Report Viewer on WSUS 2016
Management

Error opening Report Viewer on WSUS 2016

Comments 6

  1. Dylan says:
    7 years ago

    This is very convenient for me & my virtual machines.

    Reply
  2. Ray says:
    7 years ago

    Hi Dimitris
    When I tried these steps and “forced” join, my client pc was blocked from the internet. Perhaps my issue is related to the Windows 10 build of V1803.

    Reply
  3. behzad says:
    6 years ago

    Hi friends,
    I tend to join a win 10 client to windows server 2016,my client can join to AD while I enter user name and password,it reply me the user name and password is incorrect.
    am sure my username and password is correct.
    whats the problem?

    Reply
  4. Usman Ghani says:
    6 years ago

    Thank you for sharing this. Do you have any idea how we can provision multiple computers?

    Reply
  5. Shane Mann says:
    5 years ago

    Hey – may I ask, what does adding the –% actually do? Why does it work doing that?

    Reply
  6. Prabu Ponnan says:
    4 years ago

    it is very useful and i have fixed one machine

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result
Zabbix server: More than 75% used in the trends cache
Monitoring

Zabbix server: More than 75% used in the trends cache

In Zabbix, "trends" are a type of data storage representing aggregated historical data. Zabbix monitors and collects a vast amount...

Read moreDetails
Check word count on Google Docs

Check word count on Google Docs

Zabbix server: More than 75% used in the configuration cache

Zabbix server: More than 75% used in the configuration cache

Approve updates in WSUS 2016

Approve updates in WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016

Configure computer groups in WSUS 2016

Configure computer groups in WSUS 2016

The initial configuration of WSUS 2016

The initial configuration of WSUS 2016

Get more stuff

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

we respect your privacy and take protecting it seriously

  • Contact
  • Homelab

© 2024 Dimitris Tonias

No Result
View All Result
  • About
  • Contact
  • Free Tools
  • Home
  • Homelab

© 2024 Dimitris Tonias

This website uses cookies. By continuing to use this website you are giving consent to cookies being used.