Access Keys:
Skip to content (Access Key - 0)

Joining a Windows Computer to WIN.MIT.EDU Domain

Note: Creating a Moira name or assigning a static IP address is no longer necessary for joining a machine to the WIN domain.

On this page:

Join Domain During EUC Lite Touch imaging

The easiest and most recommended method of joining the domain is to simply join the computer during the imaging process. During EUC Lite Touch imaging, there is a domain join wizard page where you can easily select the target OU for your computer. Simply select your department from the drop-down menu, and your computer will automatically be joined in the OU specified under the Machines/Endpoints OU. In the example below, a computer named "Pastasaurus" is placed in the Machines/Endpoints/EPM OU. 

Join Domain Manually

Create a Computer Object in Active Directory

Before joining a computer to the WIN domain, you will need to create a computer object in the correct OU if one does not already exist. To do this, you can launch the Active Directory Users and Computers snap-in. For your convenience, this tool is installed on MIT's Citrix Environment. Make sure that you have the Citrix Workspace client installed on your computer.

  1. Log into the Citrix portal using your Kerberos username and password.
  2. Click Endpoints Admin Tools and then click on AD Users and Computers
  3.  Right-click in your OU and select New and then Computer.
  4. Give your new computer object a name (11 characters or less) and then assign a user or group to be allowed to join this computer to the domain. It is HIGHLY recommended that you assign the group that manages this OU. This will allow multiple users from that administrative group to be allowed to join that computer to the domain. This will be important if the computer is re-imaged or otherwise un-joined from the domain and requires re-joining. If you do not assign a user or group, then only the administrator that originally creates the computer object will be allowed to join that computer to the domain.
    Specify User or Group for Domain Join
    It is very important to specify a user or group to join the domain. New security hardening for domain joins may prevent you from joining a computer to the domain if you do not specify the user or group. Additionally, you may need to wait a few minutes after creating your computer object to give it time to replicate between domain controllers.

Join the Computer to the Domain after prestaging in Citrix

  1. Logon as a local administrator account and bring up the System Properties by right-clicking This PC (aka My Computer) from the Windows file explorer navigation pane or from the desktop. Or press the Windows key and Break key to bring up the System Properties.
  2. Then click Change settings, and click "Change...". From the Computer Name tab, click "More…".
  3. Enter the name of the computer that matches the computer object that you created in ADUC.
  4. You will be prompted to restart the computer. Once you've restarted, you will now be able to logon to the computer using your Keberos Username and password.
  5. It's recommended to add you OU administrative group to the local administrators group using Group Policy.

Need help?

Don't see what you need in Citrix? Interested in using LiteTouch for automated domain joins? Email euc-help@mit.edu with any questions you might have.

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

January 02, 2024

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-windows-domain c-windows-domain Delete
lite lite Delete
touch touch Delete
domain domain Delete
join join Delete
citrix citrix Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki