Remote joining Active Directory

Today I found myself in an odd situation. A remote work PC needed join to Active Directory. But VPN would not work unless PC was already in the domain. Catch 22. After some searching and reading, I found that using “DJOIN” in Windows 7+, the PC could offline-authenticate. DJOIN is bundled with the system, by default. Here’s what to do:

On a trusted PC:

  1. On a CMD prompt as the appropriate Domain Admin or delegate.
  2. Run: djoin /provision /domain /machine PC-NAME /reuse /savefile blob.txt
  3. Copy blob.txt to the PC.

On remote PC:

  1. Open a privileged CMD (right-click on CMD, select run as Administrator).
  2. Run: djoin /requestODJ /loadfile blob.txt /windowspath %SystemRoot% /localos
  3. Reboot
  4. I still had to login as the local account and establish the VPN connection, which this time worked just fine.
  5. When VPN is running, Switch user (Win+L).
  6. Login as ad\username

Presto! From here on, I disconnected the VPN from my local account and started it again with the AD account.

Getting started

Hello! Bonjour! ¡Hola! Hej! Guten Tag!

So it has finally happened, I’ve started blogging. It’s been on my mind for quite some time now, but never really got around to it until now.

My mission with this particular blog is to have a space to write down my nerdy endeavours around computer technology, system setups, programming and related topics. As a vivid heavy metal fan who enjoys festivals and concerts, there is a good chance you’ll read something about those, just as there might be the occasional post about economics, politics, exercise and travel. So in short – whatever I feel like. I will try to keep them properly tagged though so you won’t accidentally end up with a financial report when you’re looking for ideas around PHP-programming or setting up a server.

Happy reading!