Active Directory Join Domain

If an account does not already exist in Active Directory by default, a machine trust account for the system is automatically created in the default container for computer accounts (cn=Computers) as part of the domain join operation. The following users are allowed to perform domain join:

• Domain administrator - Can join any number of systems to the domain with machine trust accounts placed in any containers.

• Delegated administrator with authority over one or more Organizational Units - Can join any number of systems to a domain with machine account location designated in the Organizational Units for which they are responsible.

• Normal user with machine accounts pre-staged by administrator - Can join a system to the domain as pre-authorized by an administrator.

• Normal user - Normally authorized to join a limited number of systems.

The following properties for joining an Active Directory domain are available:

• Active Directory Domain - The fully-qualified name or NetBIOS name of an Active Directory domain

• User - An AD user who has credentials to create a computer account in Active Directory

• Password - The administrative user's password

• Organizational Unit - Specifies an alternative organizational unit in which the system's machine trust account will be created. The organizational unit is specified as a comma-separated list of one or more name-value pairs using the domain-relative distinguished name (DN) format, for example, ou=innerOU,ou=outerOU.

• Use Pre-created Account - If the system's account exists and the specified Organizational Unit is not the one that the account is in, use the pre-created account.

Related Topics

• Joining an AD Domain (BUI)

• Joining a Workgroup (BUI)

• Configuring Active Directory (CLI)

• Active Directory Domains and Workgroups

• Active Directory Windows Support