Today I got asked to join a remote computer to a domain. An interesting problem by itself but this computer only had a USB Verizon air card for internet access. That was a little bit of a new twist for me. The laptop was on the domain at one point but somehow got disjoined. The user was also hours from the office and without domain access, some licensed software and network services would not work.
Prerequisite
So, the first thing I did was see if he had any kind of VPN software installed that would connect his computer back to the corporate network. He had Cisco AnyConnect. The next thing was to see if there were any local accounts on the computer I could use. They had the local administrator account turned on so that will also help.
Steps to join a domain remotely
1. Ones we know the laptop has everything we need then the first step is to log out of the domain account and log into a local account.
2. Then I got the user to connect to his air card.
3. Then I asked him to log into the VPN with his domain account.
4. Ones all that was done I got onto his computer with GoToAssist and removed the computer from the domain it thinks it is still a part of. I ignored the restart prompt and immediately joined it back to the same domain.
5. Now we restart.
6. Because the USB air card will not stay connected like a wired connection and the VPN will not stay on we must log back into the local account and turn the air card back on and connect back to the VPN.
7. You can’t log out of the local account or the VPN and air card will turn off so I attempt to switch users and leave the local account logged in. But the switch user option was disabled on this computer. The reason I am trying to do this is because the user needs to log in at least ones while connected to the domain network. This way windows can cache login credentials so the user can log in while not connected to the domain.
8. Because switching users was disabled I had to make a detour and go into the registry to fix that. The key can be found here.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemYou want to set HideFastUserSwitching to 0.
9. Now with that fixed I switch users and have the user log into their own account so that the computer will cache the domain credentials.
10. Ones the user was logged in and everything looked like it was working right we do another restart.
11. Now the user just logged in with their domain account.
12. And lastly, I got him to turn the air card back on and reconnect to the VPN.
That’s it! Now you have joined a remote computer to a domain.
This site is absolutely fabulous!