The following command is typed into powershell add-computer

Active Directory (AD) is a decades-old technology that thousands of organizations use every day. To take advantage of AD, you must join computers to an AD domain. You may not realize there are many different ways to do that, some better than others. Read on to learn how.

Not a reader? Watch this related video tutorial!

Not seeing the video? Make sure your ad blocker is disabled.

Do you have compromised passwords in your Active Directory? Find out with Specops Password Auditor Free.

In this tutorial, you will learn how to add a computer to a domain using the Windows GUI and command-line with the netdom utility and PowerShell.

Table of Contents

Prerequisites

If you’d like to follow along with all of the steps in this tutorial, ensure you have the following:

• An Active Directory domain. This tutorial will be using a domain called homelab.local.
• A Windows 10 Pro, Enterprise, or Education computer in a workgroup that can access an AD domain controller. Not all versions of Windows 10 can be joined to a domain. This tutorial will use a computer called Win10Demo.
• An AD user account with permissions to add a computer to a domain. Find more information on how to discover what permissions are needed here.
• Access to Active Directory Users and Computers (ADUC) on a domain controller (to confirm the domain join).
• The to use the command-line

Adding a Computer to a Domain via the GUI

One of the most common ways to add a computer to an AD domain is the GUI. This approach is good when you need to just add a single or a few computers at once. This method is not good for adding multiple computers at one time. That’ll be later.

Assuming you’re on a Windows 10 workgroup computer that can access an existing domain controller:

1. Run the command sysdm.cpl. This command will open the System Properties control panel applet.

System Properties Dialog box

2. On the System Properties screen, click the Change button. This button will bring up the Computer Name/Domain Changes dialog box.

Change option in System Properties Dialog box

3. You can see below this computer is in a workgroup called WORKGROUP. In the Computer Name/Domain Changes dialog box, click on the Domain radio option to input a domain to add this computer to.

Computer Name/Domain Name Change Dialog box

4. Input the name of the domain to add the computer to in the Domain box and click OK. The computer will then attempt to contact a domain controller and add itself to the domain.

Computer Name/Domain Name Change Dialog box

Related:The Trust Relationship Between This Workstation and the Primary Domain Failed

If your computer is not able to contact the domain name you entered immediately, it throws the below error: If the computer cannot contact a domain controller, ensure the computer’s DNS server points to a domain controller. The computer must be able to find the DNS SRV record to find a domain controller.

5. If the computer can contact a domain controller, it will prompt you for a username and password, as shown below. Input a user account with permissions to add this computer to the domain and click OK.

Domain Join Credentials Dialog box

6. If all goes well, you will receive a message welcoming you to the domain as shown below. At this time, the computer creates an AD computer object. Click OK.

Related:Get-ADComputer: Find Computers in OUs in PowerShell

Successfully added to Domain Notification

7. Click on OK again to confirm the need to restart the computer.

Restart your computer Notification

8. You’ll then be redirected back to the System Properties dialog box, but now you will see a warning (Changes will take effect after you restart this computer.) Click on Close.

System Properties dialog box post joining to domain

9. Once you click on Close, Windows will prompt you to restart now. Click on Restart now to restart the computer immediately.

Local computer Restart prompt

Adding a Local Computer to a Domain via Settings app

Steps explained below are only available in Windows10 20H2 version. These steps may change in future windows10 versions.

1. Right click on start menu and click settings.

Settings option in start menu

2. Under settings, click on accounts

Accounts option in Settings app

3. In the next page, click on “Access Work or School” option and click on connect option to the right.

Access work or school option in settings

4. As we are going to join this machine to local Active Directory Domain, in the Microsoft account dialog box, click “Join this device to local Active Directory Domain” option and click Next.

Join this device to local Active Directory Domain option

5. In the next page, enter your domain name and click Next.

Domain Name dialog box

6. If the computer can contact a domain controller, it will prompt you for a username and password, as shown below. Input a user account with permissions to add this computer to the domain and click OK.

Credentials dialog box

7. In the next page, select the account type who will use this machine.

• If you select administrator, the userid that you used to add this machine to domain, will be added to the local administrators group on the machine.
• If you select standard user, it will not add the userid to local administrators group. You can also skip it and continue to next page. For this demo, lets select standard user and click Next.

Account type prompt

8. Click Restart now to restart the computer immediately.

Restart prompt

9. Once restarted you can login to the machine with a domain user id.

Adding a Local Computer to a Domain via Netdom

So far, you have seen how to add a Windows 10 computer to the domain via GUI, but you don’t have to use the GUI. Instead, you can use the command-line using the netdom utility. Netdom is a command-line tool that comes with the RSAT package.

Assuming you’re on a Windows 10 workgroup computer that can access an existing domain controller:

1. Open up cmd.exe as administrator.

2. Run netdom join providing the following parameters.

Netdom requires a computer name right after the join parameter. If you’re using this command on other computers, replace the value with the variable %computername% to always represent the local computer.

netdom.exe join %computername% /domain:DomainName /UserD:DomainName\UserName /PasswordD:Password

Netdom command output

3. Now restart the computer and the computer will be joined to the domain.

Adding a Local Computer to a Domain via PowerShell

If you have many computers to add to a domain, have an onboarding automation process, or prefer the command-line, you can use PowerShell to add a computer to a domain.

Assuming you’re on a Windows 10 workgroup computer that can access an existing domain controller:

1. Open up Windows PowerShell ensuring you run it as administrator.

Related:How to Run PowerShell as Administrator

In the PowerShell console, run the Add-Computer cmdlet. This cmdlet performs the same action as adding a computer to a domain via the GUI. Specify the domain name to add the computer to with the DomainName parameter and optionally specify the

Add-Computer -DomainName DomainName -Restart

0 parameter to restart the computer when complete automatically.

You can also specify the

Add-Computer -DomainName DomainName -Restart

1 parameter to specify the username and password sooner. See this article for more information. If you’d like to add a computer to a different OU upon creation, specify the

Add-Computer -DomainName DomainName -Restart

2 parameter. For more options, run

Add-Computer -DomainName DomainName -Restart

3.

Add-Computer -DomainName DomainName -Restart

Add-Computer cmdlet credentials prompt

Add a Local Computer to a Domain Via WMI

To ensure this tutorial covers all ways you can add a computer to a domain, let’s continue with a lesser-known method of using Windows Management Instrumentation (WMI). WMI is a ubiquitous part of Windows that contains loads of information about a PC and can perform actions on it.

To add a local computer to a domain with WMI, you need to invoke a WMI method. This method performs the same task as using

Add-Computer -DomainName DomainName -Restart

4or the

Add-Computer -DomainName DomainName -Restart

5 PowerShell cmdlet.

You can invoke WMI methods in many different ways. For this tutorial, let’s focus on two ways using the *wmic* command-line utility and PowerShell.

Using WMIC

To add a computer to a domain with WMIC:

1. Open a command prompt (cmd.exe) as administrator.

2. Run the below command. This command:

• Specifies the local computer using a where query (

  Add-Computer -DomainName DomainName -Restart

  6)
• Invoke the WMI method

  Add-Computer -DomainName DomainName -Restart

  7 (

  Add-Computer -DomainName DomainName -Restart

  8) that’s a part of the Win32_ComputerSystem WMI class (

  Add-Computer -DomainName DomainName -Restart

  9)
• Specifies appropriate bitwise operators to join the domain (

  wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

  0)
• Adds the computer to the homelab.local domain (

  wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

  1) authenticating with the labadmin user account (

  wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

  2)

wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

WMIC command output

3. When completed, restart the computer.

Using PowerShell’s wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"3 Cmdlet

You can also invoke the

wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

4 WMI method using PowerShell. To do so:

1. Open PowerShell as administrator.

2. Run the following command. This command performs the same task as wmic does above using the same arguments.

(Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("homelab.local","secret","homelab\labadmin",$null,3)

Get-WMIObject command output

3. When completed, restart the computer.

Adding Computers Remotely to a Domain

Throughout this tutorial, you’ve learned how to add a computer to a domain as you’re sitting in front of that actual computer. But what happens when you can’t sit in front of that computer, or you have many computers to add? In that case, PowerShell is your best friend.

To add computers to a domain remotely, you could either choose to use the WMI method in PowerShell as describe above but use the

wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

5 parameter on the

wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

3 cmdlet or use PSRemoting.

Related:PowerShell Remoting: The Ultimate Guide

To join remote computers to domain remotely, invoke the

Add-Computer -DomainName DomainName -Restart

5 PowerShell cmdlet. But this time, use the

wmic computersystem where name="%computername%" call joindomainorworkgroup fjoinoptions=3 name="homelab.local" username="homelab\labadmin" Password="secret"

5 parameter.

To run the

Add-Computer -DomainName DomainName -Restart

5 cmdlet remotely, you must ensure that PSRemoting is enabled on all remote computers.

1. On your local workstation (not the computer to add to a domain), open PowerShell as administrator.

2. Run the below command. This command:

• Adds the remote computer called win10demo (

  (Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("homelab.local","secret","homelab\labadmin",$null,3)

  0) to the homelab.local domain (

  (Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("homelab.local","secret","homelab\labadmin",$null,3)

  1).
• Uses the user01 local user on win10demo to authenticate to the remote computer (

  (Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("homelab.local","secret","homelab\labadmin",$null,3)

  2)
• Uses the labadmin domain account to authenticate to the domain to add the computer account (

  (Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("homelab.local","secret","homelab\labadmin",$null,3)

  3).
• Will restart the computer automatically after it completes (

  (Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("homelab.local","secret","homelab\labadmin",$null,3)

  4)

Add-Computer -ComputerName win10demo -LocalCredential win10demo\user01 -DomainName homelab.local -Credential homelab\labadmin -Restart

Once invoked, the

Add-Computer -DomainName DomainName -Restart

5 cmdlet will then prompt you for passwords for the user01 and labadmin accounts. When complete, PowerShell will restart the remote computer automatically.

By default, the

Add-Computer -DomainName DomainName -Restart

5 cmdlet will not restart the remote computer if a user is logged in. To override this, specify the

(Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("homelab.local","secret","homelab\labadmin",$null,3)

7 switch parameter to always to restart the remote computer.

Confirming Creation of the AD Computer Account

When a computer is added to a domain, it creates a computer object. To ensure the computer created the computer object as expected, let’s open Active Directory Users and Computers (ADUC) to confirm.

1. RDP to your domain controller and open Active Directory Users and Computers (ADUC) or open ADUC on your local computer if you have the Remote Server Administration Tools (RSAT) package installed.

Related:How to Install and Import the Active Directory Module

2. In ADUC, expand the domain name node (homelab.local in this case) and click on the Computers container. You should see the computer object added in the previous section.

By default, all computers that are added to a domain will be added under the Computers container.

Active Directory Users and Computers snapin

3. Back on the Windows 10 computer, now log on with any AD user account by clicking on Other User on the login screen.

Login as Other user option post domain joined

You can now see your domain name under the Password box as shown below.

Domain name while logging in

Do you have compromised passwords in your Active Directory? Find out with Specops Password Auditor Free.

Conclusion

Throughout this article, you’ve seen multiple ways to add computers to an AD domain. Each method has advantages and disadvantages, but you should now have all of the options in front of you.

Now that you know all of the ways to add a computer to a domain, how will you add your next computer to a domain?

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

More from ATA Learning & Partners

• 

  Recommended Resources!

  Recommended Resources for Training, Information Security, Automation, and more!

• 

  Get Paid to Write!

  ATA Learning is always seeking instructors of all experience levels. Regardless if you’re a junior admin or system architect, you have something to share. Why not write on a platform with an existing audience and share your knowledge with the world?

• 

  ATA Learning Guidebooks

  ATA Learning is known for its high-quality written tutorials in the form of blog posts. Support ATA Learning with ATA Guidebook PDF eBooks available offline and with no ads!

  What is add computer command?

  Description. The Add-Computer cmdlet adds the local computer or remote computers to a domain or workgroup, or moves them from one domain to another. It also creates a domain account if the computer is added to the domain without an account.

  What is the PowerShell command to add a new user to Active Directory?

  The New-ADUser cmdlet creates an Active Directory user.

  How to add computer to domain command line?

  Add a Computer to the Domain Open a command prompt. Type net computer \\computername /add , then press “Enter“.

  Which of the following PowerShell command allows you to view Active Directory users?

  Get-ADUser This command allows us to get the information from a specific user identity in AD or a collection of users with either an array or the wildcard (*) character to get the information of all the users in Active Directory.