In this article, we’ll take a look at how to join a Windows 10 device in an Active Directory domain. We’ll look at how to add to an AD domain from the Windows GUI by using PowerShell CLI.
Basic prerequisites for joining a Windows device to an AD domain:
- Windows edition — the following Windows editions can be joined to the domain: Professional, S, Education, Enterprise. Windows 10 Home cannot be connected to an Active Directory domain;
- Permissions — to join the device to the AD domain, you must have local administrator privileges, as well as domain user credentials with the permissions to add new devices to the domain;
- Network and DNS setting — your computer must be on the corporate network. It must be configured with an IP address and DNS server addresses that allow it to connect to at least one domain controller;
- Date and time settings — since Kerberos is used for authentication in Active Directory, the time on the domain controller and on the client should not differ by more than 5 minutes.
Joining AD Domain from Classic System Properties on Windows 10
- Right-click on the Start menu and select Run;
- Type in the command sysdm.cpl and click OK;
- The name of the current workgroup should be indicated in the System Properties window. Click on the Change button;
- Move the switch to the Domain position and type in the domain name;
- In the window that opens, you need to specify the credentials of the domain user who has the permissions to join computers to the domain (by default, any domain user can add up to 10 devices to the domain);
- If everything was done correctly, a message will appear “Welcome to the youdomainname.com domain”;
- Reboot the computers;
- After the computer boots up, you can log in under a domain account.
Check if your computer account object appears in Active Directory. Active Directory Users and Computers (dsa.msc) > go to the Computers container and make sure that a new Computer type object with the name of your computer appeared in it.
How to Join Windows 10 to Domain with Modern Settings App?
Let’s look at how to join a device with a modern Windows 10 build to the AD domain (in this example, Windows 10 20H2).
- Go to the Settings > Accounts > Access work or school;
- Click the Connect button;
- Select “Join this device to a local Active Directory domain” in the bottom “Alternate Actions” section;
- Specify the domain name and click Next;
- Then you need to specify the name and password of the domain account with the rights to join the devices to the domain;
- Reboot your device by clicking “Restart now”.
How to Add Windows 10 to a Domain Using PowerShell?
You can use the Add-Computer cmdlet to add a computer to a domain via PowerShell. Follow the steps below:
- Run PowerShell console as Administrator;
- Run the command:
Add-Computer -DomainName theitbros.com –verbose
(where theitbros.com is your AD domain name);
- Enter the domain user credentials you want to use to join the device to the domain;
- Wait until the message “WARNING: The changes will take effect after you restart the computer computername” appears, and restart the computer with the command:
If you want to place the computer not in the default container Computers, but in a specific Organizational Unit, use the following PowerShell script:
$ldap_path = 'OU=Workstations,OU=London,DC=theitbros,DC=com' Add-Computer -DomainName theitbros.com -OUPath $ldap_path -Restart