Djoin

 

Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

Provisions a computer account in a domain and requests an offline domain join when a computer restarts. For examples of how you can use this command, see Examples.

Syntax

djoin /provision /domain <domain_name> /machine <destination computer> /savefile <filename.txt> [/machineou <OU name>] [/dcname <name of domain controller>] [/reuse] [/downlevel] [/defpwd] [/nosearch] [/printblob] [/rootcacerts] [/certtemplate <name>] [/policynames <name(s)>] [/policypaths <path(s)>] [/NetBIOS <name>] [/psite <name>] [/dsite <name>] [/primarydns <name>]

djoin /requestodj /loadfile <filename.txt> /windowspath <path to the Windows directory of the offline image> /localos

Parameters

Parameter

Description

/provision

Creates a computer account in Active Directory Domain Services (AD DS).

/domain <domain name>

Specifies the name of the domain to join.

/machine <destination computer>

Specifies the name of the computer that you want to join to the domain.

/machineou <OU Name>

Specifies the name of the organizational unit (OU) in which you want the computer account to be created. By default, the computer account is created in the Computers container.

/dcname <domain controller name>

Specifies the name of a specific domain controller that will create the computer account. If you do not specify a domain controller, the domain controller Locator (DC Locator) process is used to select a domain controller.

/reuse

Specifies the reuse of any existing computer account. The password for the computer account will be reset.

/downlevel

Supports the use of a domain controller that runs a version of Windows Server that is earlier than Windows Server 2008 R2.

/savefile <filename.txt>

Saves provisioning data to a file.

/defpwd

Uses the default machine account password (not recommended).

/nosearch

Skips account conflict detention. Requires the /DCName parameter.

/printblob

Returns a base64-encoded metadata blob for an answer file.

/requestodj

Requests an offline domain join at the next start.

/Loadfile

Specifies the output from a previous provisioning command.

/windowspath <path to the Windows directory of the offline image>

Specifies the path to the Windows directory of the offline image. If you are using the /localos parameter, specify %systemroot% or %windir% as the value of the /windowspath parameter.

/localos

Targets the local operating system installation, instead of an offline image, with the domain join information. If you use this parameter, the value that you specify for /windowspath should be %systemroot% or %windir%. Run this parameter only on a destination computer that you want to join to the domain. This parameter is blocked from being run on a domain controller. Because this parameter injects the blob data into the locally running operating system image, you must restart the computer to complete the domain join operation, as you must also do for an online domain join.

/rootcacerts

Optionally include root Certification Authority certificates.

/certtemplate <name>

Optional name of the machine certificate template.

Includes root Certification Authority certificates.

/policynames <name(s)>

Optional semicolon-separated list of policy names. Each name is the displayName of the Group Policy object (GPO).

/policypaths <path(s)>

Optional semicolon-separated list of policy paths. Each path is a path to a registry policy file.

/NetBIOS <name>

Optional NetBIOS name of the computer joining the domain. Applies to computers that run versions of Windows beginning with Windows Server 2012 R2 and Windows 8.1.

/psite <name>

Optional name of the persistent site to put the computer joining the domain in. Applies to computers that run versions of Windows beginning with Windows Server 2012 R2 and Windows 8.1.

/dsite <name>

Optional name of the dynamic site to initially put the computer joining the domain in. Applies to computers that run versions of Windows beginning with Windows Server 2012 R2 and Windows 8.1.

/primarydns <name>

Optional name of primary DNS domain of the computer joining the domain. Applies to computers that run versions of Windows beginning with Windows Server 2012 R2 and Windows 8.1.

Remarks

  • You can run Djoin.exe only on computers that run Windows 7 or Windows Server 2008 R2. The computer on which you run Djoin.exe to provision computer account data into AD DS must be running Windows 7 or Windows Server 2008 R2. The computer that you want to join to the domain must also be running Windows 7 or Windows Server 2008 R2.

  • By default, the Djoin.exe commands target a domain controller that runs Windows Server 2008 R2. However, you can specify an optional /downlevel parameter if you want to target a domain controller that is running a version of Windows Server that is earlier than Windows Server 2008 R2.

Examples

To provision a computer account named computer1 in the domain contoso.com and save the resulting metadata blob in a file named offlinedomainjoin.txt, run the following command at an elevated command prompt:

djoin /provision /domain contoso.com /machine computer1 /savefile offlinedomainjoin.txt

To request an offline domain join for a local computer and inject the domain join information from a file named offlinedomainjoin.txt into the local operating system, run the following command at an elevated command prompt:

djoin /requestODJ /loadfile offlinedomainjoin.txt /windowspath %SystemRoot% /localos

Additional references