Join a Computer to a Domain

Applies To: Windows Server 2008

For Active Directory Federation Services (AD FS) to function, each computer that functions as a federation server must be joined to a domain. Federation server proxies may be joined to a domain, but this is not a requirement.

AD FS-enabled Web servers must be joined to any domain in the same forest where the resource federation server resides whenever the Web servers host a Windows NT token–based application. This is a requirement that makes it possible for the Windows NT token–based Web agent to properly retrieve group membership information from Active Directory Domain Services (AD DS).

You do not have to join an AD FS-enabled Web server to a domain if the Web server is hosting claims-aware applications only.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To join a computer to a domain

  1. On the computer that you want to join to a domain, click Start, click Control Panel, and then double-click System.

  2. Under Computer name, domain, and workgroup settings, click Change settings.

  3. On the Computer Name tab, click Change.

  4. Under Member of, click Domain, type the name of the domain that this computer will join, and then click OK.

  5. Click OK, and then restart the computer.

Additional references

Checklist: Installing a Federation Server

Checklist: Installing a Federation Server Proxy

Checklist: Installing an AD FS-Enabled Web Server