Become Part of our Team and Push Digital Sovereignty
- Teamleader IT / Project Manager (m/f/x)
- IT Consultant (m/f/x)
- Outbound Sales Represantative (m/f/x)
You cannot only join further UCS servers to an existing UCS domain but also various clients. After the join you can manage and configure these clients easily via the Univention Management Console from anywhere you are. Among those administrative tasks are, for example, the installation of software, the monitoring and controlling of services, and the network configuration.
In this article and in the video below I will show you in detail how easy that is.
First of all, we install the application Active Directory-compatible Domain Controller, which we require to enable the domain join. You can download this app for free from the Univention App Center.
The App Center can be found in the software module of the UMC.
After the installation of the “Active Directory-compatible Domain Controller” we change to the Windows client, which shall join the UCS domain.
To guarantee a successful domain join, you first have to configure the IP address of the UCS domain controller as DNS server within the network setting of the Windows client.
You find the network settings very easily via the net symbol in your task bar
or open the network and release center via “System settings” > “Network and Internet” > “Network and release center” and click on “Change adapter settings”.
Via the properties of your LAN or WLAN connection insert now the appropriate IP of your UCS domain controller as the DNS server and save it.
To start the domain join it is required to register the Windows client as member of your UCS domain via the system settings.
You therefore navigate to the settings of your system. The easiest way to do that is to open the start menu and select “Computer”, “Properties” with a right mouse click. In that window you click on “Change settings”.
Now you have to indicate the domain of your UCS system as the domain for the Windows client.
The name of your domain can be seen on the top right in the UMC.
After click on OK or Accept you are then asked to authenticate with the administrator account of the domain to confirm the domain join.
After a short while a new window opens up that verifies the successful join to the UCS domain. The client has to be restarted then.
When the client has been booted successfully, you can log in to the Windows system with a domain user of your choice.
This was our short introduction on the topic of joining a Windows client to a UCS domain. The next video will deal with the topic of Active Directory connection.
Marcel is a trainee to become an IT specialist with the focus on system integration and works in the Professional Services Team of Univention.
I have a question on DHCP, how does it work seamlessly on UCS? If a windows client is configured to join the domain (fqdn) and explicitly putting the ip address of the UCS in the proffered dns. Does it also automatically get an ip address? Thank you.
thanks so much
I like it
is it posible to join domain when ucs installed on aws?
this depends on your AWS environment 🙂 Regarding the UCS feature set, the UCS EC2 instances are not any different from the on-premise installations, so joining a Windows machine is technically possible.
I can think of two scenarios:
a) A Windows server at AWS in the same subnet: This should just work as described in this blog article.
b) A Windows client at your on-premise network and a UCS VM at AWS. Usually you don’t want to expose all the necessary ports to the Internet, so you need some kind of VPN to connect your on-premise network to your AWS VPC. If the routing and tunneling is done right, a join should absolutely be possible.
is it possible to delegate the permission to join clients.
So, for example, having a user that can join clients, without having other administrative privileges?
In the UCS Manual also the “Administrator” is required.
I tried different groups and policies in UCS but have not found a working solution yet.Reply
in a default UCS domain joining requires LDAP write permissions. By giving a user these permissions you would also grant access to giving himself other administrative privileges, which defeats what you are trying to do. For reference: https://help.univention.com/t/q-a-can-i-create-a-restricted-user-for-domain-join-only/15911
However, it is possible to delegate the right to join windows clients without having full domain admin privileges if you are using a Samba 4 / Active Directory domain. We have a guide available here: