Join Domain after Windows 7 installation with commandline (without unattend.xml)


  • Hi together

    i try to join my computer after the Windows 7 installation (wihtout unattend.xml) When i start or  use the netdom.exe Tool i got following error.
    Command: C:\Windows\system>netdom join %computername% / /OU:ou=TEST,dc=education
    ,dc=com /UserD:administrator /PasswordD:anything
    Error Message ===>
    The procedure entry point I_NetNameValidate could not be located in the dynamic link library NETAPI32.dll.

    I found the utility djoin.exe, but i don't know if this is the correct utility to join a computer automatic into the domain.
    Perhaps anybody have experience with this function and can explain the correct syntax and utility.

    Can I also use netdom.exe with Windows 7 or is this utility no more support on Windows 7??

    with best regards

    Sunday, September 13, 2009 3:29 AM


  • Hi J. P. Morgan

    thank you very much for the detailled informations and tests.
    • Marked as answer by Mike49287 Saturday, December 12, 2009 5:18 AM
    Saturday, December 12, 2009 5:18 AM

All replies

  • Hi, By installing Win 7 the trust between PC an Domain has changed. You will have to change the computer name and rejoin the computer to the domain as an Administrator after a successful joinnig and restart, then add your user name and password. The netdom tool is only used with a computer that has not changed and was already registered with the Domain. Slan go foill, Paul
    Sunday, September 13, 2009 11:39 AM
  • Hi

    i want to automate this process. Which utility can i use to join the computer with a commandline String into the Domain?
    Sunday, September 13, 2009 12:49 PM
  • Hi,

    Netdom is used in versions of Windows before Windows 7 for command-line domain membership tasks such as joining a computer to a domain. Windows 7 instead provides the PowerShell cmdlet Add-Computer, which allows you to add a computer to a domain or workgroup:

    1. Click start button, type in Powershell but DO NOT press Enter yet.
    2. In the list above, under "Programs" right-click on Powershell that appears above and choose "Run as Administrator" and click "Continue".

    3. The syntax for the command is:

    Add-Computer <domain name>

    The cmdlet allows far more complex execution than Netdom. You can use items such as the organizational unit location of the computer account, credentials, and computer name in the command. Run the command Get-Help Add-Computer for all the syntax options.


    Thomas Lin
    Tuesday, September 15, 2009 5:31 AM
  • Hi

    i tried with the Add-Computer command in a Powershell Windows (started with Admin-Rights). Can you help me please with the correct syntax?

    I enter following command

    1. powershell (runas administrator)

    2. add-computer -domain education -cred education\administrator

    The problem is i have to enter the password in a new windows.

    Where can I give the password as parameter, so the command is execute automatic without enter the password

    I search the correct syntax now for Windows 7

    Is it possible to automate this command with Powershell without opening a Powershell Windows before. ? I need one Command who joins the computer into the domain without any user actions and without opening powershell at first.

    Tuesday, September 15, 2009 4:42 PM
  • Hi,

    It can be done by writing the encrypted password to a file and the reading -and converting- it from the script.
    Next, build the credential and pass it to Add-Computer.

    To do this, please refer the followling article:
    Thomas Lin
    Friday, September 25, 2009 10:11 AM
  • Mike,

    Windows 7 and Vista both have their own NETDOM.EXE, for 32-bit and 64-bit.

    You have to install:

    Install RSAT (After you have extracted the tools): (took me awhile to find the link)

    start /w pkgmgr /n:%SystemDrive%\Install\RSAT\Windows6.1-KB958830-x86.xml

    Enable some RSAT tools (including NETDOM)

    start /w pkgmgr /iu:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns;RemoteServerAdministrationTools-Roles-AD-DS;RemoteServerAdministrationTools-Roles-AD;RemoteServerAdministrationTools-Roles;RemoteServerAdministrationTools

    You will then have a "c:\windows\system32\netdom.exe" that supports the 'older' Netdom syntax.


    BUT , if you WANT to move it, which i did. you have to do 'something' EXTRA.

    To whatever sub-dir you move the RSAT NETDOM.EXE to :

    1) FOR EXAMPLE,  create a sub-dir called : %temp%\EN-US


    Then if you execute NETDOM.EXE from "%TEMP%"  you should 'see' the familiar 'help'

    NOTE: I have not, as of Dec 8, 2009 actually TESTED the FULL 'moved' NETDOM.EXE functionality,
              but WILL in the next day or so,.

              ALSO, someone made the comment that if it was moved' to another compouter it would not work also,
              I will verify that statement also.

    Hope this helps, as i DONT like the Powershell approach..

    J P Morgan

    Wednesday, December 09, 2009 3:56 PM
  • HI JP Morgan

    thank your very much for your detailed information.

    I installed Windows 7 Remote Server Administration (RSAT) und activate the following Components:

    start /w pkgmgr /iu:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns;RemoteServerAdministrationTools-Roles-AD-DS;RemoteServerAdministrationTools-Roles-AD;RemoteServerAdministrationTools-Roles;RemoteServerAdministrationTools

    After this i joined a computer with the commandline (netdom join ..... ) to the domain, and it work's perfect.

    Did you have make a test to use netdom.exe without installing RSAT (only copy the netdom.exe and netdom.exe.mui to a temp folder?

    Thanks a lot for the support.

    with best regards


    Friday, December 11, 2009 4:05 PM
  • Mike,

    So far, as of Dec 11, 2009, i have done some limited tested, WITH NOT INSTALLING RSAT on a traget computer and running
    ONLY Netdom.exe 'standalone (for Vista and Windows 7 ) one for 32-bit Rsat Netdom and one for 64 bit Rsat Netdom  depending on Os
    and 32/64 bit ver.. and have had success.

    I wrapped' the Various NETDOM.EXE's  ( xp / xp 64 / Vista 32 / Win 7 32 /win7 64) in a AUTOIT wrapper and install to %TEMP% and build the "en-us' if Netdom requires it.

    So far looks good.. Execute the  standalone Netdom.Exe and build Domain and OU string  and User ID and Password and it worked,
    for Windows 7 64-bit.

    For Windows 7 64 Bit there are TWO NETDOM.EXE installed by Rsat , ONE in "c:\windows\ystem32" and one in "c:\windows\syswow64"
    I captured and moved and used the one in "c:\windows\system32" and "c:\windows\system32\en-us".

    Hope this helps others..

    J P Morgan
    Friday, December 11, 2009 4:38 PM
  • Hi J. P. Morgan

    thank you very much for the detailled informations and tests.
    • Marked as answer by Mike49287 Saturday, December 12, 2009 5:18 AM
    Saturday, December 12, 2009 5:18 AM
  • Hi J. P. Morgan,

    I ran into the same trouble and your solution works perfect.
    Thank you very much!
    Wednesday, February 10, 2010 12:52 PM
  • Hi JP Morgan,

    Thanks, it's working fine. we have to copy only netdom.exe from system32 & netdom.exe.mui from system32/en-us folder. i have used only these two files. copied them on a remote machine & run netdom command. it's working perfectly.


    • Proposed as answer by DhirajHaritwal Saturday, March 27, 2010 2:58 PM
    • Proposed as answer by DhirajHaritwal Saturday, March 27, 2010 2:58 PM
    Saturday, March 27, 2010 2:58 PM
  • Hi JP Morgan.

    I'm a french user, and i'm not sure having understoud what you wrote. My problem is the same as yours, I wish to join a domain WITHOUt installing RSAT.

    I tried to copy  the 2 files netdom.exe and netdom.exe.mui on an USB key, and I ran Netdom from the key on another computer where RSTA was not installed,   but it did'nt work .

    What do you call a 'standalone Netdom ? Where do you copy the files using AutoIT ?

    Thank you for your answers, regards

    Philippe Brode

    Thursday, May 06, 2010 12:24 PM
  • I have been having trouble joining the domain also. here is a link to a VB script that i just found and will join the domain you specify. you have to have a user account that has access to add the pc to the domain also. i tried it and it actually works with no prompts or anything, its totaly automated.


    Sunday, May 23, 2010 9:46 PM
  • $creds = get-credential; add-computer -domain "" -credential $creds

    Worked great for me in a one off situation.  Of course for automation there are some other things you'd have to account for.

    Just be sure you use DomainName\username in the get credential box.

    Monday, September 27, 2010 6:13 PM
  • Thx, you gave me the idea :)

    To automate the process of joining the domain and not to enter the credentials that I use:

    add-computer -domainname domain.local -credential (New-Object System.Management.Automation.PSCredential ("domain\user", (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force)))

    Friday, October 08, 2010 10:02 AM
  • Has anyone been able to get this netdom.exe with Win7 32bit to work?  I can get the 64bit one to work, but not the 32bit....



    mark wittstock
    Wednesday, November 17, 2010 4:21 AM
  • Bonjour,

    pour les francais il faut copier 

    netdom.exe de system32

    & netdom.exe.mui de system32/fr-FR

    et ca marche.

    MERCI A TOUS LES CONTRIBUTEURS (Thank you very much!)

    Tuesday, November 30, 2010 2:38 PM
  • You can use a VB script with JoinDomainOrWorkGroup.


    Friday, August 05, 2011 5:19 PM
  • Except for a few failures due to firewalls and McAfee blocking I was able to use NetDom to move XP, Windows 7, and Windows 7 64 from one domain to another.

    This was all run from the Source Domain DC

    First I used PSEXEC to set the local Administrator Password to a common password using my Domain Admin credentials.

    PSEXEC \\%PCNAME% NET USER Administrator Password

    Then I called netDOM

    netdom MOVE %PCNAME% /DOMAIN:GOLDLNK.ROOTLNKA.NET  /OU:"OU=computers,DC=TARGETDOMAIN,dc=local" /USERD:DOMAIN\TARGETDomainAdminID /PASSWORDD:DomainAdminIDPW /USERO:%PCNAME%\Administrator /passwordO:Password /REBOOT:30 /Verbose >movdom1.log >movdom2.log

    If that failed the next lines were

    find /i "failed" movdom?.log
    if NOT errorlevel 1 psexec \\%PCNAME% \\netdom MOVE %PCNAME% /DOMAIN:GOLDLNK.ROOTLNKA.NET  /OU:"OU=computers,DC=TARGETDOMAIN,dc=local" /USERD:TARGETDOMAIN\DomainAdminID /PASSWORDD:DomainAdminIDPW /USERO:%PCNAME%\Administrator /passwordO:Password /REBOOT:30 /Verbose

    I did over 200 systems this way.









    Tuesday, January 24, 2012 6:49 PM
  • add-computer -domainname domain.local -credential (New-Object System.Management.Automation.PSCredential ("domain\user", (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force)))

    This is the command I have been testing with.

    We are planning on upgrading 800 PC's to Windows 7 and using WDS to automate the process, we have the unattend xml run a powershell script to change the PC name to the serial number, reboot, then run the above script to join it to the domain. However, it appears the join domain script only runs some of the times. I believe it to be because of the serial number usage as the computer name. I can take a new PC out of the box, run the automated install, and it does everything fine. If I take the same PC and run the automated install a few hours later, it changes the name but DOES NOT join to the domain. I don't think it's because the PC's is already added in AD because I've deleted the PC before the second run. 

    Could this be because I am not waiting for DNS to refresh and the script is failing because DNS knows that I've already added a PC under the same name recently?

    • Edited by Streve Tuesday, March 20, 2012 12:46 PM
    Tuesday, March 20, 2012 12:43 PM
  • Windows 7 does not include netdom by default. I scoured the net for hours looking for a simpler solution than this RSAT crap or what ever. Then powershell came up and that had its own bullcrappery errors which were more easily fixed than netdom however the solution to these errors were not in one place. SO to all those IT people out there im doin yall a favor here and putting everything in one location in as many forums as possible.

    FOR JOINING A COMPUTER TO A DOMAIN WITHOUT NETDOM - (Windows 7... possibly others have not tested but i dont see why it wouldnt work)

    First you create Two files BOTH are created using notepad.

    type exactly as displayed or cut and paste i dont care. input your own information in the obvious locations if you cant figure that out sell your computer, you have no business owning one.

    First file:

    powershell -command "& {Set-ExecutionPolicy Remotesigned}"
    powershell -file e:\domainjoin.ps1
    powershell -file f:\domainjoin.ps1
    powershell -file g:\domainjoin.ps1
    powershell -file h:\domainjoin.ps1
    powershell -file i:\domainjoin.ps1
    powershell -file j:\domainjoin.ps1
    powershell -file k:\domainjoin.ps1
    powershell -file l:\domainjoin.ps1
    powershell -file m:\domainjoin.ps1
    powershell -file n:\domainjoin.ps1
    powershell -file o:\domainjoin.ps1
    powershell -file o:\domainjoin.ps1


    Ok! So now Save As -------- DomainJoin.bat (file type all files not txt) put it .. somewhere easily accessed.

    NOW Second file!

    $domain = "yourdomain"
    $password = "yourpassword" | ConvertTo-SecureString -asPlainText -Force
    $username = "$domain\youraccount"
    $credential = New-Object System.Management.Automation.PSCredential($username,$password)
    Add-Computer -DomainName $domain -Credential $credential
    Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Restricted -Force

    Okay! Save As - domainjoin.ps1 <--------- Pay attentionnnnnnnnnnnn! (again file type "all files" not .txt)

    NOW for this save it on the root of what ever you use for media for example... "c:\domainjoin.ps1" or "f:domainjoin.ps1"

    that is very important grass hoppers.

    Alrighty you are ready to run the file. Right click on DomainJoin.bat and hit run as administrator

    you will see a lot of errors fear not.

    in the script i included just about all of the drive letters the file could be on, so as long as you put it on the root of the USB stick or C Drive you should be good (you can also add the drive letters i did not include)

    Somewhere in those errors you should see something telling you a restart is required to apply settings. once it says hit any key to continue restart and you should be goooood to go!

    Saturday, August 10, 2013 5:23 AM
  • Hi mike137g,

    Instead of listing every possible drive letter, you could do the following.  

    powershell -command "& {Set-ExecutionPolicy Remotesigned}"
    powershell -file %~dp0domainjoin.ps1

    The %~dp0 is a variable for the location of the batch file.  If the powershell script is in the same folder as the batch file, this would cover it. 

    Jasen Webster Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Tuesday, February 11, 2014 7:51 PM