Windows Server 2012 / 2012 R2 - Join a computer to an Active Directory without a network connection (Offline Domain Join)

Page 1 / 1
  • Published on : 22 September 2017 at 19:30 UTC
  • By Lionel Eppe

When you want to join a machine to an Active Directory, the Active Directory must be able to connect to your Active Directory domain controller.
However, if this is not possible at the moment, please note that you can also join this machine "offline".

To do this, log on to your Active Directory server and use the djoin command like this :

Code : Batch

djoin /provision /domain "informatiweb.lan" /machine "win8-pc" /savefile C:\win8blob.txt

Informations :

  • /provision : allows you to create the computer account in the Active Directory
  • /domain informatiweb.lan : indicates that the machine will be linked to the "informatiweb.lan" domain. (Quotation marks are optional.)
  • /machine win8-pc : indicates that the machine that will be linked to the Active Directory is named "win8-pc".
  • /savefile C:\win8blob.txt : allows you to save the metadata in a text file that will be stored at the root of the partition C.

For more information about the parameters available for the djoin command, see the "Offline Domain Join (Djoin.exe) Step-by-Step Guide" page of the Microsoft Technet.

As you can see, the "win8blob.txt" file was created at the root of the "C" partition.

If you open this file with Notepad, you will see that its contents is encrypted.

In the Active Directory, you will see that the computer account has already been created (using the /provision parameter of djoin).

To test the junction in "offline" mode, we disconnected the network cable from the client computer.

Transfer the text file to the client computer to be linked to the Active Directory.

Always on the client machine, run a command prompt (cmd) as an administrator.

To join the machine to the domain offline, type this command :

Code : Batch

djoin /requestODJ /loadfile C:\win8blob.txt /windowspath %systemroot% /localos

Informations :

  • /requestODJ : allows Windows to join the machine to the domain offline the next time it starts.
  • /loadfile : allows you to load the metadata created previously in the "win8blob.txt" text file.
  • /windowspath : allows you to specify the path to the Windows directory. As indicated by Microsoft, if you also use the "/localos" parameter, you must specify %systemroot% or %windir% as the value for the "/windowspath" parameter.
  • /localos : allows you join the current Windows installation to the domain.

After executing this command, restart your computer (as required by this command).

After rebooting, log on with a local account and view the Windows system information.
As you can see, this client computer is now a member of your domain.

Obviously, since this machine is not connected to the network at this time, you can not yet connect to it with an Active Directory account.

If necessary, specify the IP address of your Active Directory server as the preferred DNS server.
Note : if you have a DHCP server in your network, you can set this setting automatically with the "006 DNS Server" option.

Now, we reconnect the network cable and our domain name appears.

If all goes well, you will be able to connect with an Active Directory account.