locked
What happens when a computer joins an Active Directory domain? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hello there,

    I want to learn and understand what happens when a computer joins an Active Directory domain in detail.

    Do we have any deep technical documentation or article?

    As I am familiar to daily AD tasks, I guess something (some files, folders and registry values) has to be changed on client side after joining AD domain. But what are those files and registry settings excluding "Default Domain Policy"?

    Is there any new service or service startup changed?

    And finally what are the "computer state change" events about AD?

    Thanks.

    Friday, January 10, 2014 7:13 AM

All replies

  • Question
    Sign in to vote
    2
    Sign in to vote

    The detailed operations that occur during domain join can be found in the %systemroot%\debug\NETSETUP.LOG .

    At a high level, when you join a computer in AD, a computer account is created in the AD database that is used to authenticate the computer to the domain controller every time it boots up. Passwords for computer accounts are renewed automatically every 30 days by default. Authentication is done by Kerberos which uses port 88 TCP (and UDP older versions). Auditing and controlling access to resources can also be done by using computer accounts in AD.

    You can check this article for additional information: http://technet.microsoft.com/en-us/library/bb727067.aspx

    Let me know it its helpful.

    http://mariusene.wordpress.com/

    • Proposed as answer by mehrantgs Tuesday, January 9, 2018 11:12 AM
    Friday, January 10, 2014 9:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Indeed it was helpful.

    But I need some more details about client side.

    If we put two machine side by side, one of them is not domain member and the other one has joined the domain, what kind of differences we can see in the registry and services configuration?

    Friday, January 10, 2014 10:07 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    After a machine joined to domain, there will be multiple registry changes.

    For an example, if there are some domain-wide computer Group Policies are defined, the newly joined machine will apply these policies and corresponding registry key values will be changed.

    There are some third-party tool you can use to analyze registry changes, though they may charge you for a fee.

    Best Regards,

    Amy Wang

    Friday, February 7, 2014 7:09 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    thanks to share this.

    Tuesday, January 9, 2018 11:13 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    You can find additional info at https://stackoverflow.com/questions/13254905/what-actually-happens-when-i-join-a-windows-machine-to-an-active-directory-domain

    hth
    Marcin

    Tuesday, January 9, 2018 12:27 PM