This has probably been blogged about a million times, but I wanted to get this down here for my own reference. I’ve always assumed that since XP (you could do this easily with XP) that in order to join a machine to a domain, you needed to be physically at that location.
I was recently faced with the need to join a VM to a customer’s domain, but I didn’t want to travel there, so I tried the approach below, and it worked. Hopefully it can help someone else as well. Here’s how:
- Establish a VPN connection with the destination network. I used the built in Microsoft VPN client, but any VPN client should work.
- Take note of the machine name and the local user account that you’re currently using
- Go through the standard domain joining procedure (note that you need to have an account with permissions to join a machine to the domain)
- Do NOT reboot right away. Make sure that you add the domain account that you’ll be using to the local administrators group (if applicable). I often forget to do this and it costs a few extra reboots
- Reboot the machine.
- Login as the user that you noted in #2. You’ll need to use the format MACHINENAMEUSERNAME. You will not yet be able to login as a domain user because you need to establish a VPN connection in order to see a domain controller to allow the login, and set up the domain account.
- Once logged in as the local user, establish a VPN connection to the destination network.
- Without logging the local user off, use the “switch user” function. (as shown below)
- Login with the domain account that you want to use. The account will be set up locally for you.
This works because the VPN connection is shared between the login sessions. Once you’ve done this, you can log off the local account, and all should be well moving forward. If your domain user needs access to corporate resources,then another VPN connection will need to be established from within that session.
Thanks for the refresher course… I seem to ALWAYS reboot too soon after joining the domain and have to go through the extra steps of logging on locally then running your steps from 6. Would it have killed MS to add the nifty “Log on With” we enjoyed with XP boot screen!
They still have that option. If you create the VPN connection, and tick the option to allow other users of the machine to use it, you’ll get an option in the bottom right next to the shut down button on the log on screen.
Once the domain joined, the Domain Admins is automatically added to the local Adminstrators Group.
In Windows 8, after rebooting, click Other User and you’ll see the “Network sign-in” in the bottom left corner, that is the VPN connection configured previously.
Thanks!