2.7.7.1 Join a Domain with a New Account - Domain Client

  • Article

This use case describes the general case of how to join a domain with a new account. A new account can be created in the domain by using either SAMR or LDAP. See sections 3.1.2 and 3.1.3 for details.

Join a domain by creating a new account

Figure 38: Join a domain by creating a new account

Goal

Join a domain client to a domain by creating a new account for the domain client in the domain.

Context of Use

The domain-client administrator invokes this task to enable the domain client to access the services and resources in a domain and to grant domain members access to the domain client.

Actors

  • Domain client

    The domain client is the primary actor. It is the entity that locates and connects to the domain controller and is joined to the domain.

  • Domain controller

    The domain controller is the supporting actor that advertises its capabilities, responds to domain-join inquiries, and ultimately joins the domain client to the domain.

  • Domain administrator

    The domain administrator is the supporting actor that enables the domain client, by using the credentials of the domain administrator, to open a secure connection to the domain controller.

Stakeholders

  • End user

    The end user wants to join a domain client to a domain so that he or she can access resources within the domain.

    The end user primarily wants to receive information that the domain client was joined to the domain.

  • Client administrator

    The client administrator initiates the domain-join process on the domain client.

    The client administrator primarily wants to receive information that the domain client was successfully joined to the domain and to receive an error message if it was not joined.

Preconditions

The credentials of an administrator of the domain who can create machine accounts in the domain are available to the client administrator.

Main Success Scenario

  1. Trigger: The client administrator triggers this use case to join the client computer to a domain.

  2. The domain client uses the Locate a Domain Controller use case to locate a domain controller (see section 2.7.7.3.1).

  3. The domain client uses the domain administrator's supplied credentials to open a secure connection to the domain controller.

  4. The domain client retrieves domain information.

  5. The domain client uses the domain administrator's credentials to set up an account for itself in the domain.

  6. The domain client determines the trusted domains.

  7. The domain client updates the client account in the domain.

  8. The domain client updates the local client state.

  9. The domain client reinitializes local protocols.

Postcondition

The domain client is joined to the domain.

Extensions

None.

Variation - Join a Domain with a new account that is created via LDAP

All details are identical to those of the main success scenario except for steps 3-5, which are replaced with the following steps:

  1. The domain client uses the domain administrator's credentials to connect to the LDAP server on the domain controller and performs a bind to establish a secure LDAP connection.

  2. The domain client retrieves domain information.

  3. The domain client uses LDAP to create an account in the domain for itself.