This has probably been blogged about a million times, but I wanted to get this down here for my own reference. I’ve always assumed that since XP (you could do this easily with XP) that in order to join a machine to a domain, you needed to be physically at that location.
I was recently faced with the need to join a VM to a customer’s domain, but I didn’t want to travel there, so I tried the approach below, and it worked. Hopefully it can help someone else as well. Here’s how:
- Establish a VPN connection with the destination network. I used the built in Microsoft VPN client, but any VPN client should work.
- Take note of the machine name and the local user account that you’re currently using
- Go through the standard domain joining procedure (note that you need to have an account with permissions to join a machine to the domain)
- Do NOT reboot right away. Make sure that you add the domain account that you’ll be using to the local administrators group (if applicable). I often forget to do this and it costs a few extra reboots
- Reboot the machine.
- Login as the user that you noted in #2. You’ll need to use the format MACHINENAMEUSERNAME. You will not yet be able to login as a domain user because you need to establish a VPN connection in order to see a domain controller to allow the login, and set up the domain account.
- Once logged in as the local user, establish a VPN connection to the destination network.
- Without logging the local user off, use the “switch user” function. (as shown below)
- Login with the domain account that you want to use. The account will be set up locally for you.
This works because the VPN connection is shared between the login sessions. Once you’ve done this, you can log off the local account, and all should be well moving forward. If your domain user needs access to corporate resources,then another VPN connection will need to be established from within that session.