If an account does not already exist in Active Directory by default, a machine trust account for the system is automatically created in the default container for computer accounts (cn=Computers) as part of the domain join operation. The following users are allowed to perform domain join:
Domain administrator - Can join any number of systems to the domain with machine trust accounts placed in any containers.
Delegated administrator with authority over one or more Organizational Units - Can join any number of systems to a domain with machine account location designated in the Organizational Units they are responsible for.
Normal user with machine accounts pre-staged by administrator - Can join a system to the domain as pre-authorized by an administrator.
Normal user - Normally authorized to join a limited number of systems.
The following properties for joining an Active Directory domain are available:
Active Directory Domain - The fully-qualified name or NetBIOS name of an Active Directory domain
User - An AD user who has credentials to create a computer account in Active Directory
Password - The administrative user's password
Organizational Unit - Specifies an alternative organizational unit in which the system's machine trust account will be created. The organizational unit is specified as a comma-separated list of one or more name-value pairs using the domain-relative distinguished name (DN) format, for example, ou=innerOU,ou=outerOU.
Use Pre-created Account - If the system's account exists and the specified Organizational Unit is not the one that the account is in, use the pre-created account.
Related Topics