How to join local AD domain during Windows 10 install?

windows windows-10 active-directory windows-domain

20,514

You can automate the whole process using unattend.xml which is can be placed in the c:\windows\system32\sysprep folder.

This is only part of the file:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <servicing></servicing>
    <settings pass="specialize">
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <JoinDomain>ad</JoinDomain>
                <JoinWorkgroup></JoinWorkgroup>
                <Credentials>
                    <Domain>domain_goes_here</Domain>
                    <Password>password_goes_here</Password>
                    <Username>username_goes_here</Username>
                </Credentials>
                <MachineObjectOU>OU=here,OU=there,OU=everywhere,DC=etc,DC=domain,DC=etc</MachineObjectOU>
            </Identification>
        </component>

There is no need to even see this screen if you complete the whole unattend.xml file.

Microsoft even provides a tool part of the MDT deployment toolkit to generate this file.

Step

download and install MDT
Copy windows DVD onto hard drive
Launch Windows System Image manager
Bottom left select the install.wim in folder in step 2

Yes
Wait........

When done the Answer file area looks like this

When done save your answer file.

Make a bootable USB drive and place it in the root folder of the USB drive.

Addition info:

https://win10.guru/windows-10-unattended-install-media-part-3-answer-file-for-oobe/

20,514

SvendK

Updated on September 18, 2022

Comments

SvendK over 1 year

During Windows 10 install, I'd like to join my company's Active Directory domain instead of adding a new local user. Or maybe just login with the (hidden?) local Administrator-account.

During the install, I am asked if this is a personal or organizational computer. I choose organizational, as it is my company's computer. It then wants to sign in with a Microsoft account, but we use "normal" local AD on our own Windows Server. I can then click "Domain join instead", but this leads to a user creation process. Why is this, when I want to join a domain, where presumably my user should be located?

Is there any way to not create a local user during the install?
- Admin about 5 years
  
  Are you an Administrator of the domain? Adding a machine to the Active Directory domain isn't something a normal user normally does.
- Admin about 5 years
  
  @Ramhound: By default, AD allows a regular User to join up to 10 machines. It's quite possible that a company might have self-service setup. And vice versa, if an Administrator is setting up a new workstation, why wouldn't they want to do the join as soon as possible from the setup screen (just like it used to be possible in Win2000/XP era)?
- Admin about 5 years
  
  @grawity - Even if there is a self-service setup, the user should be asking help from an Administrator on the domain, the Administrator will be able to help them.
- Admin about 5 years
  
  I have a domain admin login :-)
- Admin almost 5 years
  
  Use Microsoft Deployment Toolkit (MDT) and Task Sequences. I haven't done it for a few years, so I won't make a full Answer here.