Windows 10 V1803: Domain join bug and a workaround

[German]Administrators who want to join a domain with clients running Windows 10 V1803 Pro or Enterprise may run into a problem. A bug prevents the domain join. So far I am not aware that Microsoft has fixed this. But there is a workaround in the form of an offline domain join using djoin.

If I remember correctly, Microsoft has classified Windows 10 V1803 as business-ready (see Microsoft: Windows 10 V1803 is business ready, install it …). But there seems to be problems with this Windows 10 build in certain environments. Maybe the following problem is well known – but I'll take it up – maybe it helps someone.

A bug prevents a domain join via network

Already in May 2018, the Technet forum thread Unable to join domain with new windows 10 computers – build 1803 has been created. A user wrote:

I have 3 new computers that I am truing to join to our domain and it cant seem to find the domain.  I can ping the domain controller.  Any suggestions on resolving this without having to roll back to the previous build, which will also take with it all of the apps that I installed after this build was installed.  I have rolled back a computer and joined the domain from that computer, so I know that rolling back will work, but I did loose all the apps I installed and in the process of reinstalling them.

The domain controller is accessible from the Windows 10 V1803 clients via ping, but with domain join the clients cannot find the DC. This error message is returned:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "MYDOMAIN":
The query was for the SRV record for _ldap._tcp.dc._msdcs.MYDOMAIN
The following domain controllers were identified by the query:
MYSERVER.MYDOMAIN

However no domain controllers could be contacted.
Common causes of this error include:
– Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
– Domain controllers registered in DNS are not connected to the network or are not running.

Within the thread further affected users are confirming this bug, and Microsoft moderator Karen_Hu confirms at least that this is a known bug. Within the thread, various solutions are proposed, but only seem to help for a few scenarios. So there is a hint that SMBv1 could be involved – which also causes trouble in connection with Samba servers (see also here). There is also such a discussion on reddit.com.

Workaround: Offline Domain Join

Triggered from tips on German sites administrator.de and deskmodder.de I found at least an English blog post, describing the ability to join a domain using the command djoin.  

1. Open an administrative command prompt windows on your domain server and enter the command below.

djoin /provision /domain "Domainname".local /machine "PC-NAME" /savefile c:\testneu\client.txt

The placeholder Domainname must be replaced by the name of the domain. The placeholder PC-Name must be replaced by the network name of the new PC to be registered in the domain..

2. Copy the created file client.txt to your client into a folder named c:\testnew\.

3. Open an administrative command prompt windows on your client and enter the command below.

djoin /REQUESTODJ /LOCALOS /WINDOWSPATH c:\windows /LOADFILE c:\testneu\client.txt

The command (described here) imports the necessary information into the client and integrates it into the domain. In case of error message, consult the linked article for further hints. In case, the path within the command prompt windows isn't c:\windows\system32\, use the command cd c:\windows\system32\ to switch the path.