Joining a Windows Client or Server to a Domain

From SambaWiki
Revision as of 13:06, 10 April 2016 by Mmuehlfeld (talk | contribs) (Mmuehlfeld moved page Joining a Windows client to a domain to Joining a Windows host to a domain: Replace "client" in the title with "host", because it the document is also valid for Windows server OS.)

Introduction

Computers, that should be part of a Domain, have to join it. After this process they are members of the joined domain and able to access domain resources. During the join, an account for the machine will be created. This allows the computer to authenticate itself in the domain.

This documentation describes the join process as a Windows domain member to a Samba Active Directory or Samba NT4 domain.



System Requirements

Windows Version

To join a Domain, the Windows version requires the necessary capabilities. The following Windows versions are able to join a Domain as a member:

Workstation editions

  • Windows 10 Pro / Enterprise / Education
  • Windows 8/8.1 Pro / Enterprise
  • Windows 7 Professional / Ultimate / Enterprise
  • Windows Vista / Business / Ultimate / Enterprise
  • Windows XP Professional
  • Windows 2000 Professional
  • Windows NT4 (can only join NT4-style domains!)


Server editions

  • Windows Server 2012 / 2012R2
  • Windows Server 2008 / 2008R2
  • Windows Server 2003 / 2003R2
  • Windows Server 2000


Permissions

To join a client to a domain, you require

Ask your Domain Administrator for details.


Required settings for NT4-style domains

In case you're joining an Samba NT4-style domain, some settings may be required.



DNS Setting (AD only)

The client requies to have at least one DNS server configured, that is able to resolve names of the Domain it should join.

See DNS Configuration on Windows.



Date And Time Settings (AD only)

Active Directory uses Kerberos for authentication, which relies on a fairly consistent time across the network. This makes it necessary, that, before you can join the client to the Domain, the time on the client does not differ more than 5 minutes (default setting in an AD) to your Domain Controller.

  • Open the Control Panel.
  • Navigate to "Clock, Language and Region“.
  • Click "Date and Time“.
File:Date and Time Settings.png
  • Check your date, time and time zone settings.



Joining A Windows Operating System To A Domain

The procedure is for all Windows versions the same. It just differs in the ways opening the "System Properties" window.

  • The first step differs on your OS version:
  • Windows 10
Search in the start menu for "System" and click the "System - Control panel" entry.
File:Join Win10 Search System.png
  • Windows 8 + 8.1 / Windows Server 2012 + 2012R2
Search on the Modern UI screen for "System" and click the icon.
File:Join Win8 Search System.png
  • Windows Vista + 7 / Windows Server 2008 + 2008 R2
Right-click to "Computer“ (e. g. on your desktop or in the start menu) and choose "Properties“.
File:Join Win7 Computer Properties.png
  • All further steps are the same on each Windows OS (the appearance may differ):
  • Click "Change settings“ in the "Computer name, domain and workgroup settings“ area.
File:Join Change Settings.png
  • In the "System properties“ window, click the "Change...“ button.
File:Join System Properties Window.png
  • Choose "Domain“ and enter the Domain name
Join Enter Domain Name.png
Note: If your client is able to resolve the NetBIOS name of your domain, you can use the this one (e. g. "SAMDOM“). Otherwise you have to enter the full DNS name of your Domain (e. g. samdom.example.com).
  • Click "OK“
  • If the computer is able to connect to the Domain Controller / PDC, you will be prompted for credentials that are allowed to join to the domain.
File:Join Enter Credentials.png
  • Click "OK“.
  • If the join succeeded, you will be welcomed in the domain.
File:Join Welcome.png
  • Reboot to take changes effect.