Continuing the cycle of new solutions Windows Server 2008 R2 now the turn of the connectionless connect your computer to a domain (domain joining offline). This is a new solution for creating a computer account in Active Directory and the transfer of domain information to the computer, which has become a member of a domain.
The first step is to register an account in the domain and at the same time create a response file, by which information will be forwarded to the network is not connected to the computer (with Windows 7 or Windows Server 2008 R2). This is done using: DJOIN / ProVision / DOMAIN skalski.info / MACHINEOU "OU = Test Lab, DC = Skalski, DC = info / off-MACHINE client1 / SAVEFILE c: \ off-client1.djoin
Djoin command allows both to create an answer file and its use for bezpołączeniowego station to join the domain. The most important parameters are:
- ProVision - specifies reservations for the computer account in the domain specified by further parameters
- DOMAIN - indicates the domain to which you attach a computer
- MACHINEOU - defines the location of the computer account in the structure of organizational units
- MACHINE - gives the name of the computer that is connected. Note: Join a computer to change its name to the given in this parameter
- SAVEFILE - Specify the path in which you create an answer file used to further connect the target computer
The next step is to transfer the response file you created earlier (in this case, off-client1.djoin) to the target computer and its use. This is done using: DJOIN / REQUESTODJ / loadFile c: \ off-client1.djoin / localos / WINDOWSPATH C: \ Windows
The result of the implementation of the above. command station is to provide information about its membership in the domain. To complete this process must restart your computer. The parameters used in the command means:
- REQUESTODJ - makes a request to join the domain bezpołączeniowego
- LoadFile - indicates the path to answer file
- Localos - allows you to specify a target operating system is running out
- WINDOWSPATH - indicates the path to system folder simply connected stations
It is noteworthy that the preparation of a scenario of virtual machines using this method:
- Prepare a response file
- Connect the virtual machine disk to be a domain member
- We join WINDOWSPATH giving a path to the system installed on a virtual disk
The last issue to be addressed is the safety of this approach. The answer file contains a wealth of information on which should be adequately protected. Suiche Matthieu created a tool (dinfo.exe), which decodes the response file and disclose information contained in DATA_BLOB.
It should pay particular attention to the password in the field lpMachinePassword, domain name, and the forest, and plenty of information about coverage endorsement and IDs.
