Menu
homeWord

Login to the Windows 7 domain. Domain on the local network

In some cases it becomes necessary to remove computers local network from workgroups and connect them to local domain. This makes it possible to install group policies, manage user access, distribute resources between them, use your account from any computer on the network and other benefits useful for the system administrator.

What is a domain on a local network

A local network domain is usually understood as a network that unites computers under one common security policy and is managed centrally. Thus, when network computers are united into work groups, the interaction of machines is based on the “client-client” principle, and in the domain it is already “client-server”. The server is a separate machine on which all network user accounts are stored. You can also store the profile of each user.

The feasibility of organizing such access is determined by several factors:

  • the local network is constantly developing and the number of users is growing;
  • the topology and geography of the network changes;
  • it is necessary to limit access to resources for each user or group;
  • control over resource use global network Internet.

When organizing access based on work groups, such control is simply impossible. However, when the network consists of only a few computers, it makes absolutely no sense to install a separate domain server; it is simply not economically feasible.

If the LAN is organized on based on Microsoft Windows Server, then the service that is responsible for the domain controller is called AD ( Active Directory), if under *nix (Unix, Linux, FreeBSD) the user management service is called LDAP (Lightweght Directory Access Protocol).

Creating a domain controller under Windows Server 2003/2008

Now let's figure it out how to create a domain on a local network. After the operating system is installed on the server and presets, you can start configuring the Active Directory service:

  • The server is given a static IP, preferably in the initial range of subnet addresses.
  • The components that are responsible for the operation of the server are installed, if they have not been installed before - Active Directory, DNS, DHCP, WINS.
  • The next step is to install the domain controller itself. To do this you need:
    • open “Server Manager” and click the “Add roles” link;
    • in the dialog box that opens, you need to check the boxes next to installed services so that the configuration wizard can carry out settings, add services to autostart and other service actions.
  • After the services have been installed in the “Server Manager”, under server roles they can be seen. In this case, a startup error will appear next to “Active Directory Domain Services”.
  • The Installation Wizard will help you get rid of the error. domain services”, which is launched from the command line “Start - Run - cmd - dcpromo”.
  • After skipping several information windows, set the switch to “Create new domain in the new forest."
  • The next step is to come up with a domain name. Many articles have been written on the Internet about the rules for choosing domain names, but they all boil down to one thing: when choosing a name, you must adhere to the ICANN agreement and standards.
  • After checking the name for matches on the network, you need to select the compatibility mode of the server.
  • IN next step the wizard will warn you that additional settings will be configured DNS server and we agree to the question of delegation.
  • Next you will need to select the directories in which the databases will be located. You can leave the default or choose a different location.
  • And finally, come up with and enter a password for the “Administrator” account.

These are all the steps that need to be taken to set up a domain on the local network. After the wizard completes its work, it will be advisable to reboot the machine and log into the domain under an administrator account for further configuration of users and security policies.

Sometimes a situation occurs that the computer does not detect the network, or rather sets the status to “ Unidentified network" The situation arises due to the fact that the server closes the DNS to itself, i.e. to a loop with address 127.0.0.1. To get rid of this, you need to specify in the connection settings as DNS address servers on the local network.

Organizing the operation of a LAN in a domain zone is not a complicated process, but it is troublesome. After setting up the server, do not forget to enter all workstations in domain zone. Further actions on network organization depend on current needs, but will significantly simplify the work of the administrator and eliminate a number of questions from users.

Today we will look at a rather important topic that any system administrator has encountered or will definitely encounter in the near future. The corporate local network of a medium or large enterprise in 99% of cases has a domain structure. This is dictated, first of all, by the security policy of the enterprise. Thus, all computers on the network use the settings of the main computer - the domain (security can be ensured).

Now I propose to look at an example of how to add a computer to a domain under Windows control 7. Although, in principle, adding computers to a domain with other Windows versions not much different - the main thing is to understand the essence.


First of all, we insert network cable to the computer =). Now you need to configure your network connection. Click right click on the computer in the tray and open Network and Sharing Center.

In the window that appears, click Change adapter settings– all available ones will open network connections. We need to choose Local network connection, right-click on it and select Properties.

In the window that opens, you need to enter data such as IP address, subnet mask, gateway and DNS server. It should turn out something like this.

Click OK, thereby saving the changes. This completes the preparatory part of the work. Now let's move on to adding a computer to the domain.

Click Start, right-click on the item Computer, select Properties. On the left side of the window we find the item Extra options systems and click on it with the left mouse button. In the window that appears, open the tab.

Click OK. You will be prompted to enter a username and password that has the right to join computers to the domain, for example, a domain administrator. After this, a reboot will be required.

At the end of the reboot, your computer will be in the domain.

If the computer has left the domain

Yes, this happens too. The computer may suddenly refuse to see the domain. Accordingly, authorization will not work.

Then we again enter the computer into the domain as shown above and reboot again.

Ilya Rud

Important: To use “offline domain join” you do not need to raise the domain or forest operating mode. Moreover, you don't need to have Windows 2008 or 2008 R2 domain controllers. For “Offline entry into a domain”, use the utility “ djoin", which is present in Windows 7/2008 R2. That is, at least one is enough Windows computer 7/2008 R2 running in the destination domain.

Logic of operation of “Autonomous input into a domain”

1. Any Windows controller 2008 R2 or client Windows 7 in the destination domain, run the “djoin” utility with the following keys:

djoin /provision /domain itband.ru/machine Win7-PC/dcname DC- SQL2005/downlevel/savefile C:\blob.txt

itband.ru – your domain name

Win7-PC – the name of the client computer that should be autonomously logged into the domain

DC-SQL2005 – domain controller name

/downlevel – the key is specified if you have a Windows Server 2003 domain controller

C:\blob.txt– path to the file with metadata

After entering this command, it is generated text file containing the necessary data so that the computer can enter the domain (information about the domain name, domain controller, domain SID, etc.) Plus, a “computer” object is created in Active Directory for the future client. Base64 encoded file.

Rice. 1. First step, use Djoin

2. The second step is to deliver this file blob.txt to a computer that must be autonomously logged into the domain. By what means you do this is up to you. At least send it by mail.

3. Having delivered this file to the client computer, you need to launch the command line and execute “djoin” with the following keys:

djoin /requestODJ /loadfile C:\blob.txt/windowspath %SystemRoot% /localos

The data from the file will be imported into the Windows directory. Now the next time the operating system boots and the controller is available, you will be able to log into the Active Directory domain.

Rice. 2. Third step, use Djoin

On the one hand, the functionality is more than interesting, on the other hand, there is a hypothetical possibility that someone will be able to intercept or take possession of such an “Invitation” file and join their computer to the domain without having any rights to do so. Or is it just paranoia?

At the moment there is very little information on “offline domain join”. In particular, I could not find whether such an invitation file has any lifespan. Although, if we think logically, we can assume that it (the lifetime) is equal to the lifetime of the password of the “computer” object. .

Do you want to connect your computer to a local network, but don't know how to connect it to a domain? This is very easy to do, and you can use different methods.

The question of connecting a computer to a domain usually arises among system administrators who need to create a local network. Domain system means that all computers on the network use the settings of the main PC. Let's try to figure out how to connect a computer with an operating system to a domain Windows system 7. For other OS, the connection is not too different.

What are the benefits of a domain structure? With its help you can use, for example, group policies and centralized management. This allows for efficient work.

Important Requirements

Before you enter a Windows 7 computer into the domain, you need to check whether the PC meets a number of requirements and whether all settings have been completed. There are quite a few of them, although most of them should already be produced. Check the following:

  • Must be using Windows 7 next versions: Professional, Ultimate or Enterprise. Only these versions can be joined to a domain;
  • Must be present LAN card. But this goes without saying;
  • A local network connection must be made. In most cases, although it is possible to connect Windows 7 to Windows Server 2008 R2 offline, this is a separate topic;
  • The correct IP address must be specified. It can be configured manually, obtained from a DHCP server, or it can be an APIPA-address (its values ​​start with 169.254.X.Z);
  • You need to make sure that the controllers (at least one) are available for connection;
  • Also check the controller connection (for example, you can ping it, that is, check the quality of the connection);
  • The DNS server must be configured correctly. This is important; if it is not configured correctly, problems may arise when connecting to the domain. Even if the connection is successful, failures are possible later;
  • DNS servers must be available. To do this, you need to check the connection using the PING program;
  • View your rights at local system. Rights must be present local administrator computer;
  • You need to know the domain name, administrator name and password.

Connecting a PC to a domain

There are two ways to add a computer to a domain. Let's look at them in more detail.

First method

This standard way connecting a PC to a domain. Follow these steps:

  • Click the Start icon, click right key click on the “Computer” shortcut, select “Properties”;
  • In the “Computer name, domain and work settings” item, click “change settings”;
  • Open the “Computer name” tab and click “Change”;
  • In the "Part of (something)" section, select "Domain";
  • Enter the name of the domain to which you are connecting, click “OK”;
  • Enter your name and password again.

Then restart your computer. After this, the PC will be connected to the domain on the local network.

Second method

You must use the NETDOM application. To connect a domain, command line you only need to enter one command:

[[("type":"media","view_mode":"media_original","fid":"334","attributes":("alt":"","class":"media-image"" height":"123","typeof":"foaf:Image","width":"938"))]]

Wherein:

  • The parameters “DOMAIN.COM” and “DOMAIN” must be replaced with the domain name. You also need to specify your login and password;
  • The extra "d" in "user" and "password" is not a typo;
  • In Windows 7 NETDOM is already included in the operating system. IN Windows versions 2000, XP and 2003 need to install Support Tools.

To complete the connection, restart your PC.

What to do if the domain has “dropped out”?

This happens after the PC is connected to the domain. The computer simply doesn’t “see” it. You will notice this immediately, because you will not be able to log in. Do the following:

  • Log in as a local administrator;
  • Go to system properties and in the “Computer name” section, note that the PC is part of a workgroup;
  • Restart your computer;
  • Then reconnect the PC to the domain as described above;
  • Reboot.

The computer should now join the domain.

Placing a computer in a specific container

The disadvantage of the described methods of connecting to a domain is that the PC is placed in a standard container, usually in the “Computer” folder. And to move to another location, an administrator is needed. But you can place the computer immediately in the desired container. There are two options for this.

Method number 1

To do this, first create an empty account where the computer is located (you need to have rights to create an object). In the ADUC console, a new account is created with the same name that will be used to connect to the domain. Then use the connection method described above. The system will see account, which already exists in the domain but is simply not mapped to it. After matching, the computer will fit into the desired container.

Method number 2

You can use the Powershell command:

  • Log in with administrator rights;
  • In the command line, enter “powershell” (then you can use PoSh instead);
  • The command to include a PC in the corp.company.ru domain from under the corp\company_admin account, creating an account in the corp.company.ru/ Admin /Computers container, where company is the name of the computer, will look like this: add-computer -DomainName corp .company.ru -credential corp\ company_admin –OUPath “OU=Computers,OU=Admin,dc=corp,dc=company,DC=ru”;
  • A new window will open in which enter the company_admin user password;
  • Then the “WARNING: The changes will take effect after you restart the computer pcwin8” window will appear (pcwin8 means operating system). Restart your computer.

Now the PC will be located in the desired container, where the domain refers.

To correctly connect a PC to a domain, it is better for the administrator who created this local network to do it. He knows about everyone pitfalls in this domain, and therefore can quickly connect. If you decide to connect your computer to the domain yourself, then in case of any problem, leave the PC in this state until a specialist makes a correction.

The question of connecting a computer to a domain usually arises among system administrators who need to create a local network. A domain system means that all computers on the network use the settings of the main PC. Let's try to figure out how to connect a computer with the Windows 7 operating system to the domain. For other operating systems, the connection is not too different.

What are the benefits of a domain structure? With its help you can use, for example, group policies and centralized management. This allows for efficient work.

Important Requirements

Before you enter a Windows 7 computer into the domain, you need to check whether the PC meets a number of requirements and whether all settings have been completed. There are quite a few of them, although most of them should already be produced. Check the following:

  • The following versions of Windows 7 must be used: Professional, Ultimate or Enterprise. Only these versions can be joined to a domain;
  • A network card must be present. But this goes without saying;
  • A local network connection must be made. In most cases, although it is possible to connect Windows 7 to Windows Server 2008 R2 offline, this is a separate topic;
  • The correct IP address must be specified. It can be configured manually, obtained from a DHCP server, or it can be an APIPA-address (its values ​​start with 169.254.X.Z);
  • You need to make sure that the controllers (at least one) are available for connection;
  • Also check the controller connection (for example, you can ping it, that is, check the quality of the connection);
  • The DNS server must be configured correctly. This is important; if it is not configured correctly, problems may arise when connecting to the domain. Even if the connection is successful, failures are possible later;
  • DNS servers must be available. To do this, you need to check the connection using the PING program;
  • Check your local permissions. You must have local computer administrator rights;
  • You need to know the domain name, administrator name and password.

Connecting a PC to a domain

There are two ways to add a computer to a domain. Let's look at them in more detail.

First method

This is the standard way to connect a PC to a domain. Follow these steps:

  • Click the “Start” icon, right-click on the “Computer” shortcut, select “Properties”;
  • In the “Computer name, domain and work settings” item, click “change settings”;
  • Open the “Computer name” tab and click “Change”;
  • In the "Part of (something)" section, select "Domain";
  • Enter the name of the domain to which you are connecting, click “OK”;
  • Enter your name and password again.

Then restart your computer. After this, the PC will be connected to the domain on the local network.

Second method

You must use the NETDOM application. To connect a domain, you need to enter just one command on the command line:

Wherein:

  • The parameters “DOMAIN.COM” and “DOMAIN” must be replaced with the domain name. You also need to specify your login and password;
  • The extra "d" in "user" and "password" is not a typo;
  • In Windows 7 NETDOM is already included in the operating system. In versions of Windows 2000, XP and 2003, you need to install Support Tools.

To complete the connection, restart your PC.

What to do if the domain has “dropped out”?

This happens after the PC is connected to the domain. The computer simply doesn’t “see” it. You will notice this immediately, because you will not be able to log in. Do the following:

  • Log in as a local administrator;
  • Go to system properties and in the “Computer name” section, note that the PC is part of a workgroup;
  • Restart your computer;
  • Then reconnect the PC to the domain as described above;
  • Reboot.

The computer should now join the domain.

Placing a computer in a specific container

The disadvantage of the described methods of connecting to a domain is that the PC is placed in a standard container, usually in the “Computer” folder. And to move to another location, an administrator is needed. But you can place the computer immediately in the desired container. There are two options for this.

Method number 1

To do this, first create an empty account where the computer is located (you need to have rights to create an object). In the ADUC console, a new account is created with the same name that will be used to connect to the domain. Then use the connection method described above. The system will see an account that already exists in the domain, but is simply not mapped to it. After matching, the computer will fit into the desired container.

Method number 2

You can use the Powershell command:

  • Log in with administrator rights;
  • In the command line, enter “powershell” (then you can use PoSh instead);
  • The command to include a PC in the corp.company.ru domain from under the corpcompany_admin account, creating an account in the corp.company.ru/ Admin /Computers container, where company is the name of the computer, will look like this:

    add-computer -DomainName corp.company.ru -credential corp company_admin –OUPath "OU=Computers,OU=Admin,dc=corp,dc=company,DC=ru";

  • A new window will open in which enter the company_admin user password;
  • Then the window “WARNING: The changes will take effect after you restart the computer pcwin8” (pcwin8 means operating system) will appear. Restart your computer.

Now the PC will be located in the desired container, where the domain refers.

To correctly connect a PC to a domain, it is better for the administrator who created this local network to do it. He knows about all the pitfalls in this domain, and therefore can quickly connect. If you decide to connect your computer to the domain yourself, then in case of any problem, leave the PC in this state until a specialist makes a correction.