Active Directory Join Domain
If an account does not already exist in Active Directory by default, a machine trust account for the system is automatically created in the default container for computer accounts (cn
=Computers) as part of the domain join operation. The following users are allowed to perform domain join:
-
Domain administrator - Can join any number of systems to the domain with machine trust accounts placed in any containers.
-
Delegated administrator with authority over one or more Organizational Units - Can join any number of systems to a domain with machine account location designated in the Organizational Units for which they are responsible.
-
Normal user with machine accounts pre-staged by administrator - Can join a system to the domain as pre-authorized by an administrator.
-
Normal user - Normally authorized to join a limited number of systems.
The following properties for joining an Active Directory domain are available:
-
Active Directory Domain - The fully-qualified name or NetBIOS name of an Active Directory domain
-
User - An AD user who has credentials to create a computer account in Active Directory
-
Password - The administrative user's password
-
Organizational Unit - Specifies an alternative organizational unit in which the system's machine trust account will be created. The organizational unit is specified as a comma-separated list of one or more name-value pairs using the domain-relative distinguished name (DN) format, for example,
ou=innerOU
,ou=outerOU
. -
Use Pre-created Account - If the system's account exists and the specified Organizational Unit is not the one that the account is in, use the pre-created account.
Related Topics