BigFix - Setup Offline Domain Joins for your Remote Workforce

Seamless Device Management with BigFix—Anywhere, Anytime!

One of the biggest challenges in IT is managing devices no matter where they are—on-network, off-network, or even offline. With BigFix Modern Client Management (MCM), we can extend management capabilities beyond traditional agent-based methods using agentless APIs.

In this latest article, I walk you through how to leverage BigFix MCM's offline domain join feature to remotely add machines to a domain—even when they’re off-network. This is a game-changer for IT teams looking to simplify remote device onboarding.

Stay tuned for my next article, where I’ll demonstrate how to remotely reimage a machine with BigFix OSD and seamlessly join it to the domain using BigFix MCM.

BigFix continues to bridge the gap between agent and agentless technologies, all within a single interface.

?As with any of my articles always refer to the official documentation as these are meant to help guide you and do not take into account all situations.

?

https://help.hcl-software.com/bigfix/11.0/mcm/MCM/Config/prerequisites_adjoin.html

?

On your BigFix Root Server Open an elevated command prompt to the directory your BESadmin tool is located

 BESAdmin.exe /generateplugincertificates /certificatespath:<path-to-store-certs> [/commonname:<CN-for-server-and-client-cert>]        

As an example

BESAdmin.exe /generateplugincertificates /certificatespath:C:\Tools /commonname:ODJMACHINE.domain.local        

?

?

If necessary, browse to your licence.pvk file and hit OK

?

Type in the license.pvk password you set when you installed BigFix

?

Open Active Directory Users and Computers Create a Custom OU that will be where your machines are placed when joining the domain

Right click on your domain and select New – Organizational Unit

Name the OU and select OK

?

Right click on the newly created OU

?

Add the user account who joined the ODJ Server to the domain to delegate control that OU

?

Select Create a Custom task to delegate

Select Only the following objects in the folder

Select Computer Objects from the list

Select Create selected objects in this folder and Delete Selected objects in this folder and hit next

?

Select General, Property-specific, and Create/deletion of specific child objects

Select Full Control Under Permissions and select Next

Select Finish

?

?

Open WebUI and select Apps-MCM

?

Select the Admin Tab and then Select Offline Domain Service - Install

?

Upload the files generated earlier

?

Select Offline Domain Join Service – Configure MDM Server

?

?

Select the MDM Server in your Targeted Devices

Add the Connector Service URL

Domain Name

The Computer Prefix you want to use

The Organizational Unit you would like the Offline Domain Joined machines to join

NOTE (This cannot be the default Computers OU and should be a custom OU)

Upload the Keys you created earlier

?

Select the Policies Tab

?

Select Custom from Template Option

?

Give the Policy a Name

Select Windows for the Operating System

From the Drop Down Select Windows Offline Domain Join Template

Hit Save

?

Select Deploy Policy and Target the Machine you would like to join to the domain

?

Send the action your device that is enrolled in BigFix MCM that you would like to join the domain.?

Once the action completes you can restart the computer and it should be at the control alt del screen joined to the domain.

NOTE: The machine is not fully on the domain until the user establishes a VPN connection or the machine touches the network.? Many of the VPN clients out there have the ability to connect before the control alt del screen.? If the user establishes a VPN connection at the login screen here they can then login the domain and cache their credentials on the PC

In your Active Directory you will notice a new computer object is now in the OU you created with the prefix of the machine name

?