Share via


Join a Computer to a Domain

 

Applies To: Windows Server 2012 R2

For Active Directory Federation Services (AD FS) to function, each computer that you want to configure as a federation server must be joined to a domain.

Important

For AD FS running on Windows Server 2012 R2 to function, the Active Directory domain must run one of the following operating systems: Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2

Important

If you plan to use a group Managed Service Account (gMSA) as the service account for AD FS, you must have at least one domain controller in your environment that is running on the Windows Server 2012 or the Windows Server 2012 R2 operating system.

Important

If you plan to deploy Device Registration Service (DRS) for AD Workplace Join as a part of your AD FS deployment, the AD FS schema must be updated to the Windows Server 2012 R2 level. There are three ways to update the schema: In an existing Active Directory forest, run adprep /forestprep from the \Support\Adprep folder of the Windows Server 2012 R2 operating system DVD on any 64-bit server that runs Windows Server 2008 or later. In this case, no additional domain controller has to be installed, and no existing domain controllers must be upgraded. To run adprep /forestprep, you must be a member of the Schema Admins group, the Enterprise Admins group, and the Domain Admins group of the domain that hosts the schema master. In an existing Active Directory forest, install a domain controller that runs Windows Server 2012 R2. In this case, adprep /forestprep can be run automatically as part of the domain controller installation. During the domain controller installation, you must provide additional credentials to run adprep /forestprep. Create a new Active Directory forest by installing AD FS on a server that runs Windows Server 2012 R2. In this case, adprep /forestprep does not have to be run because the schema is initially created with all the necessary containers and objects to support DRS.

Membership in Administrators, or equivalent, on the local computer is the minimum requirement to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To join a computer to a domain

  1. On the Start screen, type Control Panel, and then press Enter.

  2. Navigate to System and Security, and then click System.

  3. Under Computer name, domain, and workgroup settings, click Change settings.

  4. On the Computer Name tab, click Change.

  5. Under Member of, click Domain, type the name of the domain that this computer joins, and then click OK.

  6. Click OK, and then restart the computer.

See Also

Deploying a Federation Server Farm