I am running 10 pro and there is no “join domain” option at all
Go to the bottom of the ABOUT page and click RENAME THIS PC (ADVANCED)
This will take you to the original SYSTEM PROPERTIES page
Click CHANGE button and enter domain > restart > etc.
In the section “Related settings” there is a link “System Info” click this should take you to the old windows 7 system info screen. The third group down if headed “Computer name, Domain and workgroup settings” next to which is a link “Change settings”. This will take you to the old Windows 7 domain wizard. Don’t know if it will work – windows networking is always problematic in my experience
for those who don’t see “Join Domain” that’s explained in this article, I found “Advanced system settings” under “Related settings”…this brought back the old Windows interface.
i agree Michael Mast on my computer there is no join domain button somehow they need to add a button or something else.
running win10 pro. The domain does not show under networks in explorer. PC cannot connect to the domain when trying to join. Server running Server2008 with 2003 functional level. Are any changes required on the firewall required? PC’s running XP join the domain without any problem. Any ideas?
change the dns settings on the client machine to point at the server. Once connected you can change them back again if required.
Frustratingly couldn’t connect to the domain but this suggestion worked for me, went into the network settings, clicked on the ipv4 connection and clicked properties and changed automatically accept DNS address and entered the servers DNS address manually. Once updated, the laptop connected straight away. Once connected and logged in I reverted the DNS settings to automatic. Thanks a bunch for this suggest @Mark.
I can access to domain, and I can access to shared server resources, but every time I log into domain, I log in with a temporary profile.
In windows register there aren’t any .bak entry. I’ve tried to remove users, create again, remove entries in register, but always the same problem.
Do ypu hace any idea how to solve this?
Any idea why my registered workstation windows 10 machines are registered as Operating System MAC OS in my Active Directory console ? Even in my network asset inventory tool is registered as MAC OS operating system.
I appreciate any help.
How can I remove the other user choice in lock screen?
The moment I connect with my organization’s domain, my win 10 apps, start menu and task bar does not open anymore. Any idea how to resolve it?
Probably there are some policies implemented by Domain Admin. These policies determinates Your permissions on host. I am not sure it is the reason, but it can be so.
I try the tips given above but nothing changes.after I have format my system it was win 7 b4 when I installed win 10 at the final process of the installation my battery run down. When I switched on the system it ask me to sign-in into
How do I sign-in into another domain?
And sign-in options: local or domain account password and Microsoft account.
Can anyone help me and I don’t have Microsoft account
I have upgraded to windows 10 pro but the join domain option still does not appear. The Microsoft tech reinstalled but no change. Any ideas?
Farther up the thread is mentioned that W10pro doesn’t offer “Join Domain”, need W10home edition.
The SurfacePro4 is a joke – how many decades have laptop’s been around now? And simple home networking? And MicroSoft can’t get it right with their latest and greatest portable piece of equipment?
Lets see – problems with battery charging at the most basic level, SP4’s hang at the “getting Windows ready” for hours on end, both of these problems have made it thru SP2, 3 and now the 4’s, and now can’t connect to a home network – day one I used a USB/ETH adapter because home isn’t microwaved (i mean wifi’d) and could connect everywhere, day 2 that same connection will not ping others let-alone connect to internet, nothing changed. Thanks BG/MS.
I have with me one laptop, with windows 10 pro, i am not able to join this laptop to domain. I have web domain register with godaddy.
I click to 1)This PC 2)Moves to page Control Panel->System and Security->System, 3) This shows page View Basic Information about your computer 4)I click on Change Setting link 5) It opens System Properties Page 6) I click on Change Button to which shows me my computer name and allows to become member of domain. 7)I select radio button for domain 8)Enter my domain name which i have registered with godaddy and click ok 9)it shows error as under:
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain “spinfonet.com”:
The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
Can you tell me exact procedure to join my computer to domain? and how can i configured my dns.
You need to have network access to a pc running Windows Server Edition and we are talking about Active Directory domains, not web domains.
Win 10 pro no place to join domain,i try changing from propertis in my computer till asks for username n password for domain,after entering cant connect to the domain error.advise
I found join a domain under Settings, Accounts, Access work or school, Connect, Join this device to a local Active Directory domain.
can’t find my domain but at least I have the spot to continue trying
you need to click on the “change your key” text to get to the page u want. Its a pain in the rump. that or just pressing “win + Pause/break”
I am looking into doing this in place of a VPN. Does connecting allow you to control the server PC like a VPN, or does it just let you access files?
The problem of integrating an Ubuntu workstation with Windows Active directory is quite common. Below we describe the required steps to help DataSunrise users accomplish this task:
1. Specify the name of the configured computer in the /etc/hostname file
Query the current host name:
If necessary, specify a new host name:
echo myhost > /etc/hostname
Note. Host name cannot be localhost, because localhost is the name for 127.0.0.1 (specified in the /etc/hosts file when you install the operating system).
2. Specify full domain controller name in the /etc/hosts file
Add a static record with full domain controller name in the end of the file /etc/hosts. Translation between IP address and the name of the computer is required so that you could use hostname instead of the IP address.
echo 192.168.1.51 hostname.db.local hostname >> /etc/hosts
3. Set a DNS server on the configured computer
Domain controller should be the first option for search. Add domain controller IP address to /etc/ resolv.conf. In most of distributives resolv.conf is generated automatically, so add the domain controller IP address to the /etc/resolvconf/resolv.conf.d/head.
sudo vim /etc/resolvconf/resolv.conf.d/head
Change the opened file as follows:
Restart the networking service.
Use nslookup command to check.
4. Configure time synchronization
The system time on the machine must be synchronized with the system time on domain controller server. Install the ntp tool and change the ntp.conf file.
sudo apt-get install ntp sudo vim /etc/ntp.conf
Change the file as follows.
Restart the ntpd daemon.
sudo /etc/init.d/ntp restart
5. Install a Kerberos client
6. Install Samba, Winbind and NTP
7. Edit the /etc/krb5.conf file to add full domain name, domain controller name and the realm parameter
Important: Do not leave any comments tagged with the “#” sign in the config file.
8. Edit the /etc/samba/smb.conf file to add short domain name and full domain name:
Important: Do not leave any comments tagged with the “#” sign in the config file.
Note. Before using the config file remove comment lines.
9. Enter the domain:
After joining the domain successfully you will be able to ping Active Directory hostnames, e.g.:
/ds$ ping johnny.domain.com PING johnny.domain.com (192.168.1.39) 56(84) bytes of data. 64 bytes from johnny.domain.com (192.168.1.39): icmp_seq=1 ttl=128 time=0.200 ms 64 bytes from johnny.domain.com (192.168.1.39): icmp_seq=2 ttl=128 time=0.560 ms
10. Verify that authentication for an Active Directory user is successful:
Note. Type the domain name in upper-case letters.
If everything was configured correctly, the ticket will be created.
Make sure that the ticket was created:
And, there you have it – an Ubuntu workstation integrated with Windows Active directory.
Please refer to Active Directory Authentication for MySQL Database if you need more information.
Next, does your database contains a sensitive data that has to be secured and protected? Or do you need to be in compliance with GDPR, SOX or HIPAA? Check DataSunrise database security and data masking software or download the trial .
Adding a computer to Active Directory is straightforward. In most cases, all you need to do is join the workstation to your Windows domain and reboot it once or twice. You can use Active Directory Users and Computers to double-check that a computer was successfully added. While the feature is built into Windows Server, if you want to use a Windows 7 computer to manage Active Directory computers, it must be joined to the domain as well after downloading Remote Server Administration Tools for Windows 7.
Add Computer to Domain
Log in to the computer in question with a local administrator account.
Click Start and right-click “Computer.”
Click the “Change settings” link under “Computer name, domain, and workgroup settings.”
Click the “Computer Name” tab.
Click the “Change . . . “ button.
Click the “Domain” radio button and type the name of your Windows domain in the domain field.
Click “OK.” When prompted, enter the username and password of an account that has the right to add computers to the domain. Usually, this account must be in the Account Operators, Domain Admins or Enterprise Admins security group.
Reboot the computer when prompted.
Check the Account in Active Directory
Log in to your Windows domain controller or a Windows 7 workstation that has the Remote Server Administration Tools for Windows 7 installed. You must use an account in the Account Operators, Domain Admins or Enterprise Admins group for the domain in question, or have been granted explicit permission to manage domain computers.
Click Start, then “Control Panel,” double-click “Administrative Tools” and double-click “Active Directory Users and Computers.” If you’re logged into a Windows Server machine, click Start and type “dsa.msc” (without quotation marks) in the Search box and press “Enter.”
Right-click on the domain name in the tree on the left and click “Find.”
Click “Computers” in the “Find” dialog box.
Type the name of the computer you just added to the domain in the “Name” field.
Click “Find.” If the computer name appears in the search results, you’ve successfully added the computer to Active Directory.
Many enterprises and organizations rely on Microsoft Active Directory (AD) for provisioning user accounts, applying security policies to operating systems, and enabling access to applications. In classic on-premises environments, Windows operating systems are “joined to the (AD) domain” in order to enable these functions. Frame allows administrators to join their workload VMs to their Active Directory domain. This allows their users to log in to a Windows machine using their own AD credentials. Since the Windows operating system is joined to the customer’s domain, the user can use Windows applications that rely on AD for access, authentication and authorization, such as SAP apps. If the IT managers joins the Sandbox to the domain, they can use their existing app packages, app tools, and deployment processes to install, run, and manage their organization’s applications on Frame.
To use the Domain Join feature, you will need to utilize your own public cloud account or bring your own AHV cluster, where these Windows machines will be provisioned and orchestrated by the Frame Platform. This is called our Bring Your Own (BYO) infrastructure feature. Before continuing with this setup guide, you will need to set up your BYO infrastructure described in these articles: BYO AWS, BYO Azure, BYO GCP, or Frame on AHV.
This section of Frame documentation will outline the required steps to prepare and implement Domain Joined Instances (DJI) for your Frame account. Before reading the guides below, please review the requirements and recommendations for Domain Join to function properly on your Frame account.
Frame Account with Windows 10, Windows Server 2016, or Windows Server 2019-based image.
The Domain Join feature requires customers use Windows Server 2008 R2 and Domain Functional Level 2008 R2 or higher.
The Frame account workloads must reside in a VPC/VNET/VLAN with a non-overlapping CIDR with the rest of your network, including where your Windows domain controllers reside. Currently, Frame only supports subnet masks between /16 and /24.
The workload VMs to be joined to the domain must be able to route to the domain controller.
For customers using AWS, they must update their AWS IAM role before enabling DJI.
For customers using Azure, they must configure their Azure DNS before enabling DJI.
Please consider the following before moving on to the Domain Controller Preparation guide and setup process :
The Frame user created by Frame must be a local Windows administrator. Any GPO settings that take effect on workload instances must not remove this user from the “Local administrators” group.
Autologin must be allowed for a local Frame user session to initiate successfully. Any GPO settings that disable this function will prevent domain joined instances from working properly.
Interactive Logon message must be disabled in GPO settings for successful initiation of a Frame session.
The domain join feature does not join the Sandbox or any utility servers to the domain. Frame strongly advises that administrators do not manually join the Sandbox or the utility server to the domain unless there is a specific requirement for an application to function. If either of these two VM types must be joined to the domain, the Frame administrator should enable RDP and create another local Windows admin user in that server. Before the server is joined to the domain, the administrator should verify that they can reach the server using RDP.
Do not modify the Frame user local admin account password. We rotate the password for the Frame user (Frame guest agent) and modifying it will cause autologon to fail. For password security options like LAPS, there is a need to exclude the local Frame user.
Static DNS IPs are not supported and should not be entered in the Sandbox or workload VMs.
Restricting remote RPC connections to the Windows Security Account Manager (SAM) on a domain controller to Administrators only may introduce issues with renaming computer objects in Active Directory. Delegated rights to the service account will be ignored if this policy is configured
The local Frame user password is stored in LSA (Local Security Authority) portion of the machine registry that is accessible only to SYSTEM account processes. Some of these secrets are credentials that must persist after reboot and they are stored in encrypted form on the hard disk drive. Credentials stored as LSA secrets might include:
This page describes the various options for connecting to a Managed Service for Microsoft Active Directory domain.
Connecting to a domain-joined Windows VM with RDP
You can connect to your domain with Remote Desktop Protocol (RDP). For security reasons, you cannot use RDP to connect directly to a domain controller. Instead, you can use RDP to connect to a Compute Engine instance, and then use the standard AD Manageability tools to work remotely with your AD domain.
Troubleshooting RDP connections
If you are having difficulty connecting to your Windows instance with RDP, see Troubleshooting RDP for tips and approaches to troubleshoot and resolve common RDP issues.
Resolving Kerberos issues
If you try to use Kerberos for your RDP connection, but it falls back to NTLM, your configuration may not meet the necessary requirements.
To RDP to a Managed Microsoft AD-joined VM using Kerberos, the RDP client needs a ticket issued for the target server. To get this ticket, the client must be able to:
- Determine the service principal name (SPN) of the server. For RDP, the SPN is derived from the server's DNS name.
- Contact the domain controller of the domain the client's workstation is joined to and request a ticket for that SPN.
To ensure the client can determine the SPN, add an IP-based SPN to the server's computer object in AD.
To ensure the client can find the right domain controller to contact, you must do one of the following:
- Create a trust to your on-premises AD domain. Learn more about creating and managing trusts.
- Connect from a domain-joined workstation via Cloud VPN or Cloud Interconnect.
Connecting to a domain-joined Linux VM
This section lists some of the open source options for managing Active Directory interoperation with Linux. Learn how to join a Linux VM to a Managed Microsoft AD domain.
System Security Services Daemon (SSSD) joined directly to Active Directory
You can use System Security Services Daemon (SSSD) to manage Active Directory interoperation. Note that SSSD does not support cross-forest trusts. Learn about SSSD.
You can use Winbind to manage Active Directory interoperation. It uses Microsoft Remote Procedure Calls (MSRPCs) to interact with Active Directory, which is similar to a Windows client. Winbind supports cross-forest trusts. Learn about Winbind.
OpenLDAP is a suite of LDAP applications. Some third-party providers have developed proprietary Active Directory interoperation tools based on OpenLDAP. Learn about OpenLDAP.
Connecting to a domain via trust
If you create a trust between your on-premises domain and your Managed Microsoft AD domain, you can access your AD resources in Google Cloud as if they are in your on-premises domain. Learn how to create and manage trusts in Managed Microsoft AD.
Connecting to a domain with Hybrid Connectivity products
You can connect to your Managed Microsoft AD domain with Google Cloud Hybrid Connectivity products, like Cloud VPN or Cloud Interconnect. You can configure the connection from your on-premises or other network to an authorized network of Managed Microsoft AD domain.
Before you begin
Join your Windows VM or your Linux VM to the Managed Microsoft AD domain.
Connecting using domain name
We recommend connecting to a domain controller using its domain name rather than its address because Managed Microsoft AD does not provide static IP addresses. Using the name, the Active Directory DC Locator process can find the domain controller for you, even if it's IP address has changed.
Using IP address for DNS resolution
If you must use the IP address to connect, you can create an inbound DNS policy on your VPC network so it can use the same name resolution services that Managed Microsoft AD uses. Managed Microsoft AD uses Cloud DNS to provide name resolution to Managed Microsoft AD domain using Cloud DNS Peering.
To use the inbound DNS policy, you must configure your on-premises systems or name servers to forward DNS queries to the proxy IP address located in the same region as the Cloud VPN tunnel or VLAN attachment that connects your on-premises network to your VPC network. Learn about creating an inbound server policy.
Managed Microsoft AD does not support nested peering, so only networks that are directly authorized for Active Directory can access the domain. Peers of the authorized network cannot reach the Managed Microsoft AD domain.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
You can join ClearPass Policy Manager to an Active Directory (AD) domain to authenticate users and computers that are members of an Active Directory domain. If you join ClearPass to an Active Directory domain, it creates an account for the ClearPass node in the Active Directory database.
Users can then authenticate into the network using 802.1X and EAP methods, such as PEAP-MSCHAPv2, with their own their own Active Directory credentials.
If you need to authenticate users belonging to multiple Active Directory forests or domains in your network, and there is no trust relationship between these entities, then you must join ClearPass to each of these untrusted forests or domains.
ClearPass is not required to join multiple domains belonging to the same Active Directory forest because a one-way trust relationship exists between those domains. In this case, ClearPass can join the root domain.
ClearPass can join or leave an Active Directory domain by using the following two buttons in the Server Configuration page > System tab:
Join Domain: Click Join Domain to join this ClearPass appliance to an Active Directory domain. Password servers can be configured after Policy Manager is successfully joined. For more information on adding a password server, see Adding a Password Server.
Leave Domain: If the server is already part of multiple Active Directory domains, click Leave Domain to disassociate this ClearPass appliance from an Active Directory domain.
For most use cases, if you have multiple nodes in the cluster, you must join each node to the same Active Directory domain.
To join the selected ClearPass server to an Active Directory domain:
|1.||From the Server Configuration page > System tab > AD Domains , click Join AD Domain .|
The Join AD Domain dialog opens:
Figure 1 Join AD Domain Dialog
|2.||Specify the Join AD Domain parameters as described in the following table.|
Log in to the computer using the local Windows account.
Open File Explorer.
Right-click This Computer and then select Properties .
Under Computer Name, Domain, and Workgroup, click Change Settings .
Enter the domain info and click Ok .
Enter the credentials for the domain administrator or user that has rights to join to the domain.
When prompted reboot the computer.
Proceed to the section on cached credentials.
Updating Cached Credentials using Run As
Once a machine is domain joined, a new user can login to the machine by caching the credentials using Run As option in the Windows UI. Other methods are available such as using scripts or mapping a network drive using your username and password. To use the Run As.. command, follow the below instructions.
Log in to the machine using the local account or another domain joined user.
Hold shift and right-click Command Prompt or another program.
Select Run as different user .
Enter your Active Directory credentials.
After the program opens you may sign out of the local user or switch users and sign in with the new user.
Updating Cached Credentials using the Command Line
You can also run as a user in a Powershell or Bash script. A sample Powershell script is below that customers can use or modify as needed. Customers can configure this script to run via GPO or direct users to run it.
Computer accounts or objects represent devices connected to the AD. They are stored in AD database after connecting to the domain. This is needed to apply different GPOs to them and keep track of their updates if you have WSUS installed. And what is more important establish secure authentication for users logging into Windows.
In order to join a workstation to a domain, the device needs to be in the same network with domain controllers. It is also possible to join a device through a VPN. In this case device needs to be able to resolve the name of the AD environment. DHCP can definitely help with that but you can also do this by adding the domain information to the hosts file.
How to Join a Computer to the Domain
It is possible to join a computer to the domain in three different ways, lets see how to do this on practice.
Joining the Domain with the GUI
In order to join a Windows server to AD, perform the following steps:
Rightclick on Start button or press the Start button on your keyboard and the X key simultaneously, and select System. Scroll down till the bottom and click on “System Info”. After that click on “Change settings” next to Computer name, and in appeared window click Change…
In Domain changes window type the DNS domain name under “Member of Domain” and click OK. Enter domain admin credentials, and click OK three times.
Click Close and then Restart Now. Congratulations, your workstation has joined the domain!
Joining Domain Using Windows PowerShell
The easiest way to add a Windows-based device to an Active Directory is Powershell and Add-Computer cmdlet:
Add-Computer -DomainName office.com -Credential OFFICE\Administrator
How to Rename a Computer Account
Renaming a computer is pretty easy task to accomplish, it can be done three different ways.
Renaming Computer in the Settings
In Windows Server it can be done similar to joining into the domain but this time we will do it a little bit differently.
Rightclick on Start button or press the Start button on your keyboard and the X key simultaneously, and select System. Click on Rename this PC and enter new name for your device according to your naming policy.
Click Next, enter your domain admin credentials if your computer is already inside the domain and then restart your server. You will have a server with new name after the restart.
Renaming Computer in the Cmd.exe
Renaming computer in command prompt is an easy task, just type in the following code on the target computer:
netdom.exe renamecomputer localhost /newname WKS033 /reboot
Renaming Computer with Windows PowerShell
Windows PowerShell allows to rename a computer in seconds by typing two short commands on a target machine:
You can join a storage virtual machine (SVM) to an Active Directory domain without deleting the existing SMB server by modifying the domain using the vserver cifs modify command. You can rejoin the current domain or join a new one.
The SVM must already have a DNS configuration.
The DNS configuration for the SVM must be able to serve the target domain.
The DNS servers must contain the service location records (SRV) for the domain LDAP and domain controller servers.
The administrative status of the CIFS server must be set to “down” to proceed with Active Directory domain modification.
If the command completes successfully, the administrative status is automatically set to “up”.
When joining a domain, this command might take several minutes to complete.
Join the SVM to the CIFS server domain: vserver cifs modify -vserver vserver_name -domain domain_name -status-admin down
For more information, see the man page for the vserver cifs modify command. If you need to reconfigure DNS for the new domain, see the man page for the vserver dns modify command.
In order to create an Active Directory machine account for the SMB server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the ou= example ou container within the example .com domain.
Beginning with ONTAP 9.7, your AD administrator can provide you with a URI to a keytab file as an alternative to providing you with a name and password to a privileged Windows account. When you receive the URI, include it in the -keytab-uri parameter with the vserver cifs commands.
Verify that the CIFS server is in the desired Active Directory domain: vserver cifs show
The aim of a granular delegation concept is to assign only those rights that are necessary for the operation of the assigned role.
Principle of least privilege to join the Active Directory Domain
We could give Domain-Admin-permissions to any admin. Any admin could work and thats is.
Though, the question is: Do we want to give Domain-Admin-rights to any helpdesk employee?
I don’t think so. This leads to the question: Which authorizations are really essential for the joining of a computer.
Computer objects must be “prestaged”
A requirement for this delegation: computer objects must be “prestaged”.
That means that empty computer objects have to be created in the proper OU by a central authority in advance. I can only recommend this.
Without “prestaged” computer objects all objects are placed in the computer container of the domain (except you changed the standard container, as described in Tim’s article).
Otherwise they have to be moved to the proper target OU.
To move computer objects to the target OU you need:
- Delete-authorization for the computer container
- Create-authorization for the target OU
These high-ranking authorizations should be avoided.
Necessary delegations for the target OU
The following delegations are needed for the target-OU containing the “prestaged” computer-objects:
Apply to: Descendant Computer objects
Allow: Reset password
Allow: Validated write to DNS host name
Allow: Validated write to service principal name
Allow: Read account restrictions
Allow: Write account restrictions
Now I need to reestablish the membership of the PC in the domain. But since I can’t logon I can’t change neither the computer name nor the domain membership.
- How can I re-trust PC and domain?
- Can I add or renew the membership from the domain controllers console?
There are no active local accounts on the machine that I could use to logon.
11 Answers 11
This trick comes to be via my Active Directory study group. I suggest that everyone join a usergroup and/or a study group. It’s not that we don’t know AD, it’s that we forget or miss new features. A refresher course is fun too.
Occasionally a computer will come “disjoined” from the domain. The symptoms can be that the computer can’t login when connected to the network, message that the computer account has expired, the domain certificate is invalid, etc. These all stem from the same problem and that is that the secure channel between the computer and domain is hosed. (that’s a technical term. Smile )
The classic way to fix this problem is to unjoin and rejoin the domain. Doing so is kind of a pain because it requires a couple of reboots and the user profile isn’t always reconnected. Ewe. Further if you had that computer in any groups or assigned specific permissions to it those are gone because now your computer has a new SID, so the AD doesn’t see it as the same machine anymore. You’ll have to recreate all of that stuff from the excellent documentation that you’ve been keeping. Uh, huh, your excellent documentation. Double Ewe.
Instead of doing that we can just reset the secure channel. There are a couple of ways do this:
Once you’ve setup your Active Directory server, you will be ready to join your Active Directory domain. This can be done on the Windows clients that will be used in your network. You could also have a Windows Server machine as a client of your domain.
For a Windows client to be able to join a domain, you will need one of the following levels:
Step 1: Setting your DNS servers
First off, you will need to set your DNS servers to those of your domain controller. Every primary domain controller has to host a DNS server, and therefore, so does your primary domain controller. Your Windows client will need to be able to contact Active Directory; and it can only do so if the DNS servers are set to those of a domain controller.
In order to do that, go to “Network and Sharing Center”, click “Change adapter settings” in the sidebar. Choose your connection, and click “Change settings of this connection”. In the list that will appear, find: “Internet Protocol Version 4 (TCP/IPv4)”. Click “Properties” once it’s selected. In the “General” tab, you will be able to change your DNS servers. Usually, it’s set to “Obtain DNS server address automatically”. We will need to change that to “Use the following DNS server addresses”, so check that. You will now be able to set the preferred and alternate DNS server.
The preferred DNS server should always be the DNS server on your domain controller, so enter the IP address of your domain controller in that field. The alternate DNS server is not something we’ll really need, so just set that to a random address. A lot of people tend to set it to “22.214.171.124” (Google’s DNS server). Once you’ve done that, click “OK”.
Step 2: Joining the Active Directory domain
Your Windows client should now be able to contact Active Directory. At this point, we need to join the server or computer to the Active Directory domain. In order to do this, go to “This PC -> System properties”. In the sidebar, you should see an option called “Advanced system settings”. This will open the tab “Advanced”. Click “Computer Name”.
You will see the following option:
There will be a button labeled “Change. ” next to it. Aside from being able to change the computer name, you can also change of where the computer will be a member. There are two choices:
Naturally, we are going to choose “Domain” as we want to join an Active Directory domain. So check “Domain” and enter the domain that you want to join. If this domain exists, you will be asked to enter a username and password in order to join the domain.
If you get the following message, though:
It means that the domain was either not typed correctly, the DNS servers are not set correctly, or the domain does not exist. Please confirm that all of these are correct!