Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Remote Actions
  3. Admin actions

Category filter

How to remotely Join/Unjoin AD domains on Windows devices?

Jump To

Active Directory (AD) management via Hexnode UEM allows administrators to bind user accounts to Windows endpoints, enabling seamless credential-based logins and centralized access to organizational network resources.

Understanding Active Directory Integration

Active Directory Domain Services store directory information and manage user interactions with the domain, allowing users to log in to various devices using a single set of AD credentials.

  • Centralized Identity: Eliminates the need to create separate local user accounts for every individual device.
  • Seamless Access: Users can access network resources and log in to bound devices using their existing organizational credentials.
  • Remote Management: Administrators can perform domain binding or removal over-the-air through the UEM console.

Technical Prerequisites

Before initiating a domain join or unjoin action, ensure the following requirements are met to maintain communication with the Hexnode Agent:

Requirement Specification
Supported OS Windows Pro, Enterprise, and Education editions.
Agent Software The latest version of the Hexnode Agent app must be installed on the device.
Network The device must have a stable connection to the Server Address hosting the domain.

Step-by-Step: Joining an AD Domain

Joining a domain binds a Windows device to a specific Active Directory controller, automating user account creation and enabling network resource access upon restart.

  1. Navigate to the Manage tab in the Hexnode portal.
  2. Select the target Windows devices.
  3. Click on Actions > Groups & Domains > Join AD Domain.
  4. Configure the following parameters:
    • Domain: Specify the exact domain name to which the device will be added.
    • Server Address: Enter the full name of the domain controller hosting the target domain.
    • Credentials: Provide the Username and Password for the corresponding AD login.
    • Restart Device: (Optional) Force an immediate restart to apply changes.
      Note:


      This may affect users with unsaved work.

  5. Click Confirm and complete the authentication using your portal credentials.

Verifying Domain Status

The Hexnode console provides real-time status updates in the Device Summary to confirm whether a device has successfully associated with a domain or workgroup.

  1. Navigate to the Manage tab and select the specific device.
  2. Locate the Domain/Workgroup Info section in the Device Summary tab.
  3. Review the status fields:
    • Domain Joined: Yes – The device successfully joined a domain or workgroup.
    • Domain Joined: No – The device is not currently joined to a domain.
    • Domain Joined: N/A – The portal is unable to fetch the current AD status.
    • Domain/Workgroup: Displays the name of the associated domain or workgroup.

Step-by-Step: Unjoining an AD Domain

Unjoining removes the device from the Active Directory environment, purging associated AD user accounts from the endpoint during the subsequent system restart.

  1. Navigate to the Manage tab and select the devices.
  2. Click on Actions > Groups & Domains > Unjoin AD Domain.
  3. Provide the Username and Password for the AD login credentials.
  4. Select Restart Device to apply the removal immediately (ensure users have saved their work).
  5. Click Confirm and provide your login credentials to deploy the configuration.

Troubleshooting Guides

Problem Potential Root Cause Resolution
Domain Joined status shows “N/A” The device is offline or the Agent app is outdated. Ensure the device is online and update the Hexnode Agent app to the latest version.
AD Account still visible after Unjoin The device has not been restarted yet. Perform a manual restart or use the Restart Device action to finalize the account removal.
Join Action Failed Incorrect Server Address or AD credentials provided. Verify the Server Address (domain controller name) and the provided AD credentials are correct.

Frequently Asked Questions (FAQs)

Does joining a domain automatically create a user account on the device?

Yes. Once a device joins the Active Directory Domain, the corresponding user account is automatically created on the endpoint.

Can users log in immediately after the “Join AD Domain” action is pushed?

The user can access the AD account using their credentials after the device restarts following policy association.

What happens to data when a device is unjoined?

When you unjoin a device, the AD account is removed from the device upon the next restart, and the user can no longer access that specific AD account.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Remote Actions