Joining a WinXP workstation to a remote Win2003 domain

Once again I had to join a newly reinstalled laptop to a remote domain, and create a domain user’s account on the local laptop. I have to do this so randomly that I always forget what the steps are in between. This time I documented it. Here are the steps.

1. Login as Administrator on the workstation you want to join to a remote domain, and create a VPN-connection to the remote domain. Make sure you “Save this user anme and password.. for Anyone who uses this computer”. After the setup has finished, go to the Properties of this connection (double-click on the icon on the desktop if one was created, or go to My Network Places > View Network Connections and double-click on the VPN connection icon there, then click on Properties) and check “include Windows logon domain” in the “Options” tab. Click on OK, then…

2. Connect to the Domain Controller with that VPN-connection using the administrator’s credentials, then join the domain:

  • After the VPN connection has been established, right click My Computer, then select Properties > Computer Name > Change
  • Enter the computer’s name, and check “Domain” and fill in the name of the domain you’re joining (domain suffix is probably also needed; click on “More” and enter the domain’s primary DNS suffix which may be “.local”, or the [internet] domain name used by the [Windows] domain).
  • Enter the login name and password of an account that is allowed to join a user/workstation to the domain.
  • After a few moments you will get the “Welcome to domain” message and the remark that you will have to reboot the workstation; proceed with reboot.

3. Log in with the user name you want to login to the domain as (and likely to create a local workstation account for the domain user):

  • Fill in the name, password, and the domain name of the user at the login prompt. Select the domain name of the domain we just joined (from the drop-down menu).
  • Check “Log on using dial-up connection”; since this is likely the first time this connection is used, you’ll be asked for an area-code, etc. VPN RAS uses the same interface as the regular dial-up, so enter the requested information here though it has no relevance on the VPN connection.
  • When you OK the dial-up setup, the connection proceeds; you may be prompted for the login credintials of the domain admin user with privileges to join users to the domain.

    ** NOTE: SOMETIMES YOU’LL HAVE TO TRY THIS A FEW TIMES BEFORE IT WORKS. IF THE USER LOGIN FAILS ON THE FIRST ATTEMPT, TRY AGAIN (YOU’LL HAVE TO DISCONNECT THE VPN CONNECTION, THEN TRY AGAIN AS DESCRIBED ABOVE.) This is probably due to the same unknown cause that usually results in the first Remote Desktop connection to fail after a VPN tunnel has been established.

  • The local account is now created for the domain user. Logout.

4. Make the newly created local account for the domain user an Administrator. Log in as the local system administrator, go to Settings > Control Panel > User Accounts, then select “Add” and add the newly added domain user as the local Administrator by typing in the user name, the domain name, and selecting the user level as “Administrator”.

  • logout, then login as the newly created domain user (be sure to select the domain name rather than the local computer from the drop-down menu at the login prompt).

Done!

The above steps being for WIndows XP Pro, for Vista the steps differ some.  On msgoodies blog there’s a brief mention of the procedure on Vista:

In Vista there is no Logon using dial-up networking option (Or at least I haven’t found it 😉 ) instead the trick is to create a VPN connection, dial-up to your company, join the domain, reboot and then logon with the local user. Then dial-up to your VPN again and selest padlock icon, Switch User (While keeping you VPN connection open) and now logon to you domain account.