We help IT Professionals succeed at work.

Join a domain over vpn...

I'm deploying a domain in a company, 30 users, many of them are connected through VPN.
I need them to join the domain, remotely.
I'm using a script to join the domain, after the vpn connection is established. I also have a gpo that will make "power User" every member of the domain.
The problem comes when they reboot, since the VPN Connection is lost, it's impossible to log in. The VPN is based on a Sonic Wall, the only way to establish the connection is to connect with a web browser.
So I wonder if there is a way, using another script or completing the one I use, to add directly the concerned user, who could log in even if the domain is unavalible.

Sorry for my poor english... I'm practicing as much as possible...

the script beeing used:

the script beeing used:
Const JOIN_DOMAIN             = 1
Const ACCT_CREATE             = 2
Const ACCT_DELETE             = 4
Const WIN9X_UPGRADE           = 16
Const JOIN_UNSECURE           = 64
Const DEFERRED_SPN_SET        = 256
Const INSTALL_INVOCATION      = 262144
strDomain   = "domain.local"
strPassword = "password"
strUser     = "administrateur"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = _
    GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" _
    & strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, _
    strDomain & "\" & strUser, _
    NULL, _

Open in new window

Watch Question

Top Expert 2013
It is usually best to do this with a VPN that is created as a site-to-site VPN, using 2 VPN routers, so that the connection to the domain is always available.

It sounds like you are doing this with a VPN client? If so it is necessary to use the Windows built-in VPN so that the VPN can be established before logon (after joining the domain). There are a few VPN clients that can do this, I believe Cisco but most cannot. Therefore the best bet is to set up the Windows RRAS VPN at least for this purpose, if you have not done so already. With that available it is possible to join the domain remotely. The following outlines the process. Though it specifies for Small Business Server, but I have used it for Server 2003 as well.

Sorry I cannot help you with the scripting, but if you know the necessary steps that must be taken, it may help.
I don't think you will be able to script the whole process without user intervention, but I am not a programmer.


i had thought about this way... but thank you for your answer!
Top Expert 2013

Thanks psionnist.
Cheers !