Do you want to join your Windows 11 PC to an existing Active Directory domain? This guide will show you how.
A Windows 11 PC is designed for all kinds of environments. It can work perfectly fine as a stand-alone machine, but you can also manage it as part of a wider network.
If you’re managing multiple devices on Windows 11, you’ll probably want to join it to a domain. A domain facilitates the management and security of PCs from a single server (or several servers). You can then use a single user account to log in to multiple devices and access different server resources on any PC.
You don’t need to be a network admin to do this, however. You might want to join your laptop to an office or educational domain — if you have permission to do so. If you’re unsure how to join a Windows 11 PC to a domain, follow the steps we’ve outlined below.
Things You Need to Join a Windows 11 PC to a Domain
If you want to join a domain, the following is needed:
A Windows 11 PC running Windows 11 Professional, Enterprise, or Education.
A suitable account on an Active Directory domain (with a username and password).
The device is on the same network (it works over a VPN connection) as the domain with access to the domain controller.
Joining a Windows 11 PC to a domain isn’t an easy step for beginners, and we’ll be using industry-specific terms in this article. If you’re unsure, make sure to consult with a network administrator before you begin.
How Do I Add a Computer to a Domain?
If you think you’re ready to join your Windows 11 PC to a domain, and you’re on the same network, you can start now.
Open the Start menu and press Settings.
In Settings, press Accounts > Access work or school and click on the Connect button.
Select the Join this device to a local Active Directory domain option.
Type in the domain name when instructed.
There are two different types of domain name we can use here. We use the single legacy name or the more extended name separated with dots, similar to a web address. In our image below, the legacy domain name is ‘bryntze’, and the longer so-called DNS (also called FQDN) domain name is ‘ad.bryntze.cloud’. You can use either name given by your network administrator.
Joining the device to the domain requires the correct permissions. If your network administrator has given your account access, you can enter your credentials. If not, ask your network administrator to enter their admin credentials to join the device for you.
We might see an extra dialog to Add an account. However, this isn’t necessary to join the device to the domain, so press the Skip button.
At this point, your account should be set up in Active Directory. You’ll need to restart your PC when prompted to do so.
After restarting the Windows 11 device, we can now log in with our domain user. To do this, type in DOMAIN\username or the User Principle Name (often the same as our email address).
Once you’ve logged in, we can go to Settings > Accounts > Access work or school again and verify that our domain shows up.
How to Leave a Domain on Windows 11
If you want to remove a PC from a local domain, you can do so from Settings. However, before you do this, make sure that you have a local or Microsoft account with access to your PC on the device already.
In Settings, press Accounts > Access work or school.
Click on the little arrow down right to the domain name, then press the Disconnect button.
You’ll need to confirm you want to leave the domain. Follow the steps to do this by pressing Yes > Disconnect or cancel the process by pressing Cancel.
Follow any other additional steps (when prompted) to complete the process, then restart your PC.
Once you’ve restarted, your PC will be back in Workgroup mode. You’ll lose shared access to domain resources, and you won’t be able to use the same login details on your PC.
Using a Windows 11 PC on a Domain
If you’ve followed the steps above, you should be to join a Windows 11 PC to a domain in just a few minutes. If you need to remove the device, you can quickly disconnect it via Settings. You can reconnect the device at any time, but only if the network administrator allows you to do so.