In the earlier guide, we learned how to set up domain controller/Active Directory Services on Windows 2022 server. In this guide, we will learn how to join Windows 11 to Domain – the local domain hosted on LAN.
Please remember that you can join a Windows 11 or 10 computer to Azure Active Directory over the Internet if your company provides that facility. But in the below example, we will consider the local domain setup only.
What is a domain controller? Why have an Active Directory set up in an organization? What are the advantages of it? Many questions can arise when you think of a domain controller, but you can easily find the answers while googling. We are not going to discuss them here.
If you have a working domain controller setup at your office or home test lab, you probably know them already. Also, joining a Windows 11 to a domain controller is not rocket science. But if you are a beginner and finding it challenging to get familiar with the new Windows 11 interface to join a domain, then this guide can be helpful.
Prerequisites to Join Windows 11 to Domain
- Correct Windows version: Most Windows 11 versions except the home edition can join Domain. So, if you have Windows 11 Professional, Enterprise, or Education, you are good to go.
- There should be network communication between the Domain Controller and Windows 11 computer. It could be via LAN, WAN, or VPN, but your client computer should communicate with the server. You can ping the Domain Controller’s IP address or FQDN name to confirm it.
- A working internal DNS server. Your Windows 11 computer network should have proper IP configuration and DNS server that can find and resolve one of the domain controllers in your network.
- An Active Directory (AD) user account has the privilege to join a computer to the Domain. It could be the Domain administrator or the user with proper delegate access.
- You must log in to the computer as the local administrator.
- After joining the Windows 11 computer to the Domain, you must have an AD user account/password to log in to the PC.
Let’s assume you can meet all the above prerequisites to continue.
In this example, I’m using the Windows 2022 domain controller and Windows 11 client, both running on Oracle VirtualBox as virtual machines. I correctly configured the network adapter to make the network connection between them and the DNS server to resolve the local domain name.
The domain name I will use is Sysprobs.com – It is internally configured to work correctly – not the website URL.
Steps to Join Windows 11 to Domain
I always prefer to give a meaningful name to the computer before joining the Domain. So, it will be easy to identify a PC if you have hundreds of PCs and OUs in an Active Directory environment.
1) Change the PC name if required.
Go to ‘About’ in the settings app. You can search for ‘about’ in Windows 11 search to reach this location.
Click on ‘Rename this PC.’ After giving a name, restart the computer.
2) Do a network and DNS check by pining the Domain FQDN name; in my case, it is local Sysprobs.com – This ensures a working network communication between the server and client PC.
3) Visit the ‘About’ settings again.
Click on the ‘Domain or workgroup’ settings in the related links section.
You will get the usual computer name change and workgroup/domain settings like earlier Windows Operating Systems.
4) Select the Domain and type it correctly.
Type the domain admin account or any domain account with permission to join computers to Domain.
If everything is correct, you will get the confirmation message and ask to restart the computer.
After the reboot, you can log in to this Windows 11 PC with any domain user account.
NOTE: If you log in with the normal domain user to the newly joined PC, the user account will not have administrative access. You need to add the user to the local administrator group. You can perform this step before the reboot.
Select the ‘Restart Later’ option and navigate to Computer Management.
5) Under the ‘Local Users and Group’ option, select the Administrators group.
Search for the domain user who will use this Windows 11 computer, then add it to the Administrators group.
6) Now restart the computer and log in with the domain account.
Select ‘Other user’ and enter the user details. Ensure the PC will log in to the Domain as shown below.
We successfully joined a Windows 11 computer to Windows 2022 Domain.
How to Disjoin or Remove a Windows 11/10 from Domain
You can follow the steps below to remove a Windows 11 computer from a domain and regain local computer control.
Disjoining a Windows 11/10 from a domain is pretty straightforward.
Important Note Before Remove the PC from Domain
- You must have a local working account. Once the PC is disjoined from the Domain/Active Directory, you must log in with the local account with administrative access. So, before doing the further steps to leave the Domain, visit the user management settings and activate the local administrator with the password, or make sure you know one of the usernames and passwords that is part of the local administrator group.
- It is better to back up data and settings from the domain user account profile if required. Because once you leave the Domain, you can’t log in to the domain account to see the settings or data.
Steps to Disconnect Windows 11 from a Domain
- Visit the same ‘About’ settings app and click on ‘Domain or workgroup.’
- Press the Change button, and select ‘Workgroup.’
- Give any name for the Workgroup – I prefer to give the same old and default name, ‘Workgroup.’
- Not every regular user can leave or disjoin their computers from Domain by this method. Only the domain admins and authorized users can disconnect a PC from Domain. Hence, you must provide valid domain credentials on the next screen. Also, your Windows 10/11 computer should be online with the domain controller to validate the credentials (or cached credentials).
- Restart the computer and log in with the local user.
How to Disjoin Windows 11 PC from Domain – Offline Method
When you are at home or not in the office network anymore, you can remove your PC from Domain as the computer’s local administrator. It can be done by the settings app in the accounts options.
- Go to Settings app and Accounts.
- Select ‘Access work or school.’
- Here you will see that your computer is connected to a particular Domain. Expand it and click ‘Disconnect.’
- It will prompt the local account you will log in to. Provide the details and restart the computer to complete the steps.
- To perform this step, you don’t need to know domain account credentials or connect to Active Directory Services.
Join/Disjoin Windows 11 PC to Domain in PowerShell/Command Prompt
If you have administrator privilege, you can perform all the above steps by CLI, such as PowerShell and Command prompt. But why would someone do those command stuff when Windows 11 and 10 provide a few simple GUI steps? It will make sense if you have a Windows server core version (which doesn’t have a Graphical User Interface).
But Windows 11 (and 10) have a friendly GUI and simple to-navigate steps to carry out specific tasks.
Suppose you are still interested in doing it in PowerShell or by scripting methods to disjoin/remove a bulk number of computers from the Domain; here is the official document from Microsoft.
In the above steps, we demonstrated every step in joining and disjoining a Windows 11/10 computer from Domain. As mentioned earlier, we used Windows 2022 Active Directly and Windows 11 client computers running on VirtualBox.