Windows Server - Offline Domain Join

What is offline domain join?

Offline domain join does not require a connection

Typically, when you want to join a computer to a domain, the computer must be able to communicate with a domain controller. However, offline domain join makes it possible for you to join an offline computer to a domain. In fact, all preparation steps are performed on a domain controller and the computer while the computer is offline. After the computer connects a trust relationship with the domain is established without any user intervention.

• Large-scale computer deployments. For example, you have a large number of physical or virtual machines to install in the datacenter. You want to configure the computers so they can automatically join the domain after the operating system is installed. This will save time from you having to manually add each computer to the domain.
• Remote site installs. For example, you have a secure site or a remote site that makes it difficult for you to physically go to the site. You will not have to visit the site and add each computer to the domain.

How do you setup offline domain join?

Offline domain join steps

1. Provision a computer account in AD DS and create the domain join file.

djoin.exe /provision /domain <domainname> /machine <machinename> /savefile <save path> /reuse

• The /provision option sets up the computer account in AD DS.
• The /savefile option specifies a text file (blob) file will all the necessary information such as machine account password, domain name, domain controller name, and domain SID.
• The /reuse option (optional) indicates the computer has been pre-staged and an existing computer account exists in the domain.

1. Transfer the provisioning information to the provisioned computer. This inserts the blob into the operating system of the computer that is being joined.

djoin.exe /requestODJ /‍loadfile <file path> /‍windowspath %‍systemroot‍% /‍localos

• The /requestODJ option requests an offline domain join at the next start.
• The /windowspath option specifies the path to the Windows directory of the offline image.
• The /localos targets the local operating system installation, instead of an offline image.   

Start or reboot the computer to complete the domain join operation. The offline domain join does not have to be completed within a specific time period. The computer account that is provisioned remains in AD DS unless an administrator intervenes.