Last Update: Sep 04, 2024 | Published: Feb 10, 2016
In this Ask the Admin, I’ll show you how to add Windows Server 2016 Technical Preview 4 Nano Server to an Active Directory domain using the Offline Domain Join (djoin) tool.
At the tail end of last year, I showed you how to deploy Nano Server TP4 to an Azure virtual machine in Install Nano Server in Microsoft Azure on the Petri IT Knowledgebase. Since then, Microsoft’s new management portal for Azure, codenamed Ibiza, reached general availability; so I’ll write all future articles relating to Azure using the new portal. For more information on installing VMs using the new portal, see Deploy VMs Using Azure Resource Manager on Petri.
Before starting, it goes without saying that you’ll need a domain controller that your Nano server can communicate with. I’m performing this demo in Microsoft Azure, but your DC could be running in the cloud or an external network connected to Azure using a VPN.
For the purposes of this article, I’m going to assume that your domain controller (DC) is also providing the domain with DNS services, and that the DC and DNS server share the same IP address. To join Nano to the domain, we need to configure DNS on the Nano server.
If you are not running Nano in Azure, see Connect to Nano Server using PowerShell Remoting below and then run the following command in an interactive remote session to set the DNS server address in Nano manually.
Replace Ethernet with the name of the network interface on the Nano server, and 10.0.0.4 with the IP address of your domain controller. If you don’t know the name of the network interface installed in Nano, use netsh interface ip show interfaces to list the installed interfaces.
netsh interface ip set dnsservers name="Ethernet" static 10.0.0.4 primary
Otherwise, you can follow the instructions below for setting the DNS server address in Nano using Azure. Because Azure doesn’t support setting static IP addresses in the server operating system, we must configure Azure to assign Nano the correct DNS server settings using DHCP.
Before we can use the Offline Domain Join tool (djoin) to join Nano to the domain, we need to create a blob file that contains the domain information. You will need to run the tool from a computer that’s already joined to the domain and be logged in as a Domain Admin or have the right to join workstations to the domain. The tool is available in Windows 7, Windows Server 2008 R2, and later OSes.
Open a PowerShell prompt and run the command below, replacing ad.contoso.com with the FQDN of your AD domain, and nanosrv1 with the DNS name of your Nano server.
djoin.exe /provision /domain ad.contoso.com /machine nanosrv1 /savefile c:tempodjblob
If you don’t already have a TEMP directory, create one using the New-Item cmdlet:
New-Item -ItemType directory -Path c:temp
Now we need to connect to Nano, transfer the blob file we just created using djoin, and finally run djoin on the Nano server. Because Nano isn’t yet a trusted member of the domain, we’ll need to add the Nano server to the Windows Remote Management (WinRM) trusted hosts list on the server from which we want to make the remote connection.
Open a PowerShell prompt on the server from which you’ll connect to Nano, and run the command below, replacing 10.0.0.5 with the IP address of your Nano server. Type Y and press ENTER to confirm the operation when prompted. The -Concatenate parameter adds the value to the trustedhosts list, rather than overwrite it.
Set-Item WSMan:localhostClientTrustedHosts "10.0.0.5" -Concatenate
Now we’ll establish a remote session to the Nano server and transfer the file to Nano using PowerShell Remoting with the Set-Content cmdlet in a script block using the Invoke-Command cmdlet. Variables defined locally that need to be passed to the remote Nano server are defined in the -ArgumentList parameter. Note that the file path for the djoin blob is the same on both local and remote servers.
$filePath = 'c:tempodjblob' $fileContents = Get-Content -Path $filePath -Encoding Unicode
Enter credentials for the Nano server when prompted. The username should be in the form of computernameusername.
$session = New-PSSession -ComputerName 10.0.0.5 -Credential nanosrv1username Invoke-Command -Session $session -ArgumentList @($filePath,$fileContents) -ScriptBlock { param($filePath,$data) New-Item -ItemType directory -Path c:temp Set-Content -Path $filePath -Value $data -Encoding Unicode }
The djoin blob is encoded in UCS-2 (UTF-16) Little Endian, but the Get-Content and Set-Content cmdlets automatically convert the encoding to ASCII if you don’t specify otherwise. Setting the -Encoding value to unknown would also prevent the file encoding being changed to ASCII.
Now let’s enter a remote session interactively and run the djoin tool on the Nano server to join it to the domain. In this version of Nano, reusing the $session variable defined above throws an error, so we have to specify the Nano Server’s IP address and credentials again.
Enter-PSSession -ComputerName '10.0.0.5' -Credential nanosrv1username
The command prompt will now change to indicate that commands are running in a remote session [10.0.0.5] instead of locally. Run the djoin command as shown below, then reboot the Nano server to complete the operation using the shutdown command. If you don’t want to wait the default 20 secs before the server reboots, you can type Exit-PSSession and press ENTER in the remote command prompt to return to local control.
djoin /requestodj /loadfile c:tempodjblob /windowspath c:windows /localos shutdown /r