Joining a Windows Client or Server to a Domain
Computers, that should be part of a Domain, have to join it. After this process they are members of the joined domain and able to access domain resources. During the join, an account for the machine will be created. This allows the computer to authenticate itself in the domain.
This documentation describes the join process as a Windows domain member to a Samba Active Directory or Samba NT4 domain.
To join a Domain, the Windows version requires the necessary capabilities. The following Windows versions are able to join a Domain as a member:
- Windows 10 Pro / Enterprise / Education
- Windows 8/8.1 Pro / Enterprise
- Windows 7 Professional / Ultimate / Enterprise
- Windows Vista / Business / Ultimate / Enterprise
- Windows XP Professional
- Windows 2000 Professional
- Windows NT4 (can only join NT4-style domains!)
- Windows Server 2012 / 2012R2
- Windows Server 2008 / 2008R2
- Windows Server 2003 / 2003R2
- Windows Server 2000
To join a client to a domain, you require
- local Administrator permissions on the computer you want to join
- knowledge of credentials of a Domain account, that is allowed to join machines to the domain.
- At least the Domain Administrator account can join computers to a domain, but it's possible that the permissions are delegated to other accounts, too.
- In an Active Directory, authenticated user accounts are allowed per default to join up to 10 machines to the domain, if this wasn't changed or disabled by the Domain Administrator.
Ask your Domain Administrator for details.
Required settings for NT4-style domains
In case you're joining an Samba NT4-style domain, some settings may be required.
The client requies to have at least one DNS server configured, that is able to resolve names of the Domain it should join.
Date And Time Settings
If you're joining an NT4-style domain, this step is optional. But a correct system time is always recommended.
Active Directory uses Kerberos for authentication, which relies on a fairly consistent time across the network. This makes it necessary, that, before you can join the client to the Domain, the time on the client does not differ more than 5 minutes (default setting in an AD) to your Domain Controller.
- Open the Control Panel.
- Navigate to „Clock, Language and Region“.
- Click „Date and Time“.
- Check your date, time and time zone settings.
Joining A Windows Client To A Domain
The procedure is for all Windows versions the same. It just differs in the ways opening the "System Properties" window.
The first step differs on your OS version:
- Windows 10
- Search in the start menu for "System" and click the "System - Control panel" entry.
- File:Join Win10 Search System.png
- Windows 8 / 8.1
- Search on the Modern UI screen for "System" and click the icon.
- File:Join Win8 Search System.png
- Windows 7
- Right-click to „Computer“ (e. g. on your desktop or in the start menu) and choose „Properties“.
- File:Join Win7 Computer Properties.png
All further steps are the same on each Windows OS (the appearance may differ):
- Click „Change settings“ in the „Computer name, domain and workgroup settings“ area.
- In the „System properties“ window, click the „Change...“ button.
- Choose „Domain“ and enter the Domain name.
- Note: If your client is able to resolve the NetBIOS name of your domain, you can use the this one (e. g. „samdom“). Otherwise you have to enter the full DNS name of your Domain (e. g. samdom.example.com).
- Click „OK“
- If the computer is able to connect to the Domain Controller / PDC, you will be prompted for credentials that are allowed to join to the domain.
- Click „OK“.
- If the join succeeded, you will be welcomed in the domain.
- Reboot to take changes effect.