Continuing the cycle of presenting new developments Windows Server 2008 R2 now the turn of the connectionless connect your computer to a domain (offline domain joining). This is a new solution for creating a computer account in Active Directory and the transfer of domain information to the computer, which has become a domain member.

The first step is to register your domain and simultaneously create a response file by means of which information will be transferred to non-networked computer (running Windows 7 or Windows Server 2008 R2). This is done using: DJOIN / Provision / DOMAIN skalski.info / MACHINEOU "OU = Test Lab, DC = Skalski, DC = info" / MACHINE off-Client1 / SAVEFILE c: \ off-client1.djoin

off2 300x89

Djoin command allows both to create a response file and its use for connectionless station to join the domain. The main parameters are:

  • ProVision - specifies the reservation for the computer account in the domain according to specified parameters further
  • DOMAIN - indicates the domain to which you connect your computer
  • MACHINEOU - defines the location of the computer account in the structure of organizational units
  • MACHINE - gives the name of the computer that is connected. Note: connect your computer to change its name to the specified in this parameter
  • SAVEFILE - Specify the path in which you create an answer file is used on the target computer to connect

The next step is to transfer the response file you created earlier (in this case the off-client1.djoin) to the target computer and its use. This is done using: DJOIN / REQUESTODJ / LoadFile c: \ off-client1.djoin / localos / WINDOWSPATH C: \ Windows

off3 300x72

The result of the implementation of the above. command station is to provide information about its membership in the domain. To complete this process you must restart the computer. The parameters used in the command means:

  • REQUESTODJ - makes a request to join the domain connectionless
  • LoadFile - the path to an answer file
  • Localos - allows you to specify the target operating system currently running
  • WINDOWSPATH - the path to the system folder-attached station

Note the script preparing virtual machines using this method:

  1. Prepare a response file
  2. Connect your virtual machine to be a domain member
  3. We join WINDOWSPATH giving as a path to the folder system installed on a virtual disk

The last issue to be addressed is the safety of this approach. A response file contains information on the number that should be adequately protected. Matthieu Suiche created a tool (dinfo.exe), which decodes the response file and disclose the information contained in DATA_BLOB.

off4 300x257

It should pay particular attention to the password in the lpMachinePassword, domain names, and forest and plenty of information about insurance policies, and identifiers.