Does DJoin require elevation to execute?

J, Shriram 0 Reputation points

Hi there!

The product I am developing comprises a Windows 10 IoT client PC that needs to be joined to the Windows AD server 2019 domain at the customer site. I was analyzing the utility DJoin provided by Microsoft to achieve this via an offline domain join. The requirement is that the customer should be able to execute this utility with a domain user who is not an administrator. This would imply that the prompt used to execute DJoin to provision a blob file will not have elevated privileges. In the official MS documentation, it is stated that elevation is required. However, when I tested on my test Windows systems, DJoin provisioning executed as intended without any elevation (regular prompt) sometimes and needed the elevation otherwise.

  • Could you please give an official confirmation on the usage of the utility?
  • Does it need elevation? If yes, is there any way to bypass this via group policies or registry settings?
  • Is this utility recommended for usage on Windows 10 IoT client with Windows AD server 2019 LTSC?

Apart from DJoin, I would also like to know the effectiveness of the following approaches to achieve my goal.

  • Is there a certificate that Windows AD server provides which, when applied on a client Windows PC, enables the PC to join the domain automatically without user credentials? This could be something like a trust-trustee relationship that is enforced by the presence of the certificate.
  • How effective is the Imaging and Configuration Designer (ICD) from Windows ADK to achieve pre-planned domain joins at the customer site?
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,856 questions
0 comments No comments
{count} votes