How do I join Windows 8 PC to a domain using a normal domain account not Windows Live ID


  • Hello Microsoft

    When I install Windows 8 it asks for my Windows Live ID to login and sends information to Microsoft so I can roam with my settings. However, this is a business PC - so sending information to Microsoft's cloud and integrating with Hotmail, Messenger etc., is not allowed.

    Please advise of the setup and deployment procedures for Windows 8 PCs to company domains in smaller businesses (not the massive deployment scenarios using answer files and sysprep mentioned in the current documentation) where integration with Microsoft cloud services is prohibited and/or undesirable.

    Saturday, September 01, 2012 8:05 AM

All replies

  • Using Windows Live Account is optional and during setup you could ignore that and create a local account instead.

    For organisation deployment, you could use Microsoft Deployment Toolkit:

    Saturday, September 01, 2012 9:26 AM
  • Use a local account and then join the domain.  Then you will log in with your domain accounts.
    Saturday, September 01, 2012 2:28 PM
  • Hi Allen

    The deployment toolkit seems to be way overkill for small business, what with the answer files and sysprep etc.

    How will we roam user settings if we use a local account?

    Saturday, September 01, 2012 2:41 PM
  • What about roaming settings to different devices? Do we need to federate domains?

    It would be nice to have detailed procedures for small businesses (less than 100 employees). Do you know if these are available anywhere?
    • Edited by BayTree Saturday, September 01, 2012 2:44 PM
    Saturday, September 01, 2012 2:42 PM
  • I didn't think you wanted to roam settings... if you mean roam in the domain, set this up on the domain controller as a roaming profile.

    • Edited by Allen Howard Saturday, September 01, 2012 2:47 PM
    Saturday, September 01, 2012 2:47 PM
  • I understand that Windows 8 allows you to roam settings and installed apps etc across devices. I guess this is why a Windows Live ID is suggested when you install Windows 8? How is this implemented sucurely in a business setting?

    For example I may want to access my Windows 8 corporate apps at home on my Windows 8 tablet, but using my business domain login not my personal Windows Live ID.

    Detailed procedures and scenarios would be great for using Windows 8 in a small (less than 100 employees) business.

    Saturday, September 01, 2012 2:56 PM
  • for that you will need a vpn.  Perhaps there is someone else with detail instructions for that.
    Saturday, September 01, 2012 3:00 PM
  • Hi Allen

    I'm not sure you are right about VPN - for traditional roaming profiles maybe - but this is syncronizing apps and settings across devices via the cloud. This appears to involve federating your internal Active Directory domain with Microsoft so you get single sign on anywhere without using a Microsoft Live ID. This and many other details I am seeking information for small business deployments of Win 8.

    Saturday, September 01, 2012 3:31 PM
  • oh, i see what you mean now... I'm not sure how that works.  Perhaps someone else knows how to do this.
    Saturday, September 01, 2012 4:55 PM
  • Hi gocat2005,

    Windows8 (Pro and Ent editions) can join an AD domain just the same way that previous versions of Windows do.
    Here are a couple of examples:

    Just as for previous versions of Windows, while setting up the PC you will use a local account during setup, and in the later/final stage you would join your domain.

    Once domain-joined, you can then use AD DomainGPO to perform folder redirection, roaming-user-profile, etc.
    This is one aspect of "private cloud" (on-premises).
    Or, as you have mentioned, you could use "Microsoft account" (Live ID) to sync to "public cloud" (eg SkyDrive).
    Or, you could use other cloud services like Office365 (eg for Exchange, Sharepoint, Lync, etc) and this uses a hosted AD instead.
    You can federate an on-premises AD with hosted O365 if you want/need to do that.

    You don't need to worry about MDT / sysprep / etc if you don't want to (and smaller businesses have no need for that), you can just buy PC's with Windows8 Pro already installed (or upgrade to Pro), the OEM will already have dealt with the drivers/utilities for the hardware, and then domain-join to AD.

    Some further information for smaller business is here:

    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Edited by DonPick Saturday, September 01, 2012 11:49 PM
    Saturday, September 01, 2012 11:45 PM
  • Many thanks Don.

    So just to be clear about Apps and Settings Syncronization in Windows 8:

    On-premise/private cloud deployments of Windows 8 will not be able to sync Apps and Settings with Win8 devices outside of the corporate network (unless AD is federated?)

    Inside the private network, Apps and Settings will sync with other Win 8 devices when you login to AD?

    Sunday, September 02, 2012 8:38 AM
  • There are several ways it can be done.
    On-premise AD (private cloud), if not federated with a hosted provider, would use VPN or DA for internet-connected devices to "phone home".

    Or, if no on-premise AD is used (only hosted provider), then the on-premise network might be no different from off-premise network (eg both could be a regular broadband internet connection).

    Or, you could have some of both on-premise and hosted, federated.

    These options are not necessarily tied to Windows8 - you could much of it prior to Windows8 (eg Office365).

    It depends on what you want/need, plus what you already have (and would retain).
    It also varies depending on what you might mean by apps & settings.
    email (eg hosted exchange), documents/workflows/team-sites/etc (eg hosted sharepoint) - these can be federated to a private cloud AD too.

    I've not yet seen how SkyDrivePro will work. It may be that offers a "richer" federated sync set of features.

    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by BayTree Sunday, September 02, 2012 6:21 PM
    • Unmarked as answer by BayTree Monday, September 03, 2012 7:26 AM
    Sunday, September 02, 2012 11:19 AM
  • Question - What is DA?

    The bit I am unsure about how it works without a Live ID is "Your Windows, everywhere - Perfect it once, have it always. Sign in to any of your devices running Windows 8 and your personalized settings and apps are right there."
    Sunday, September 02, 2012 4:03 PM
  • It's Direct Access, and it's awesome.  Here's some info.

    Direct Access allows remote users to seamlessly access resources inside a corporate network without having to launch a separate VPN and helps IT administrators keep remote users’ PCs in compliance by applying the latest policies, software updates. When used with Windows Server 2012, Windows 8 makes Direct Access easier to deploy and implement with the existing IPv4 infrastructure.

    DirectAccess, introduced in the Windows 7 and Windows Server 2008 R2 operating systems, allows remote users to securely access enterprise shares, web sites, and applications without connecting to a virtual private network (VPN). DirectAccess establishes bi-directional connectivity with a user's enterprise network every time a user’s DirectAccess-enabled portable computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the enterprise network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN. Forefront Unified Access Gateway (UAG) 2010 extends the benefits of DirectAccess across your infrastructure, enhancing scalability and simplifying deployment and ongoing management.

    Don't forget to mark your posts as answered so they drop off the unanswered post filter. If I've helped you and you want to show your gratitude, just click that green thingy.

    • Edited by Knuckle-Dragger Sunday, September 02, 2012 4:28 PM
    • Marked as answer by BayTree Sunday, September 02, 2012 6:21 PM
    • Unmarked as answer by BayTree Monday, September 03, 2012 7:26 AM
    Sunday, September 02, 2012 4:27 PM
  • Sorry to unmark as answer to this issue - I realised that Direct Access is not the solution to Windows Everywhere when the network is Windows Server 2003 based.

    Many customers installed Windows Server 2003/ISA 2004 networks in 2007 before Win Server 2008 was released (they expect 10 years of support and service).

    So it seems that Windows 8 will not sync Apps and Settings for remote users in these cases.

    Monday, September 03, 2012 7:31 AM
  • Hi guys.

    I am wondering the same thing, how do an enterprise host the same features given by SkyDrive and Win8 roaming profile that syncs IE history, Apps and settings. I believe the answer is SharePoint 2013 SkyDrive Pro, that you get by publishing an on-premises SharePoint 2013 or using SharePoint 2013 features in the next version of Office 365.

    I managed to sign in on a Win8 PC the other day using my Office 365 preview account that has access to SkyDrive Pro and it seems like it synced all the same features as a LiveID SkyDrive account did. I have not managed to find any documentation on this on the web so I am now provisioning a new Office 365 preview to sign in with on newly installed Win8 PC's to find out if it actually does so.

    I suspect you need to deploy the next version of SharePoint to get the roaming profile features you want and have them hosted internally.

    I am sure though that you need SkyDrive Pro to get the syncronization of recent documents, dictionary and settings in Office 2013 without using the LiveID SkyDrive.

    Ståle Hansen
    Lync MVP

    Saturday, September 15, 2012 8:13 PM
  • Do you have to be on Windows 8 Pro or Enterprise to join a Domain.  I have a new Widows 8 system and my Domain is from a Windows Server 2003???  I can't seem to get the Domain to click only workgroup

    Wednesday, November 13, 2013 8:22 PM
  • This is an old thread and should not have been commented on.  It would be wiser to start your own thread.

    However, yes, you do have to be on Windows 8 Pro or Enterprise in order to join a domain (a.k.a. Domain Join in the features comparison).

    Wednesday, November 13, 2013 8:29 PM