# Step 5: Domain Join (~1-2 hours per machine, remote via ScreenConnect) --- ## 5a — Pre-join verification (once, from any INTERNAL machine) Run `scripts/phase3-pre-join-verify.ps1` or manually: ```cmd nslookup cs-server.cascades.local nslookup _ldap._tcp.cascades.local ping 192.168.2.254 net view \\192.168.2.254 ``` **All must succeed.** If they don't, fix DNS/firewall (Step 2) before proceeding. --- ## 5b — Join non-domain machines (one at a time) **Order:** DESKTOP-KQSL232 → CHEF-PC → SALES4-PC → MDIRECTOR-PC (least critical first) ### Pre-requisites per machine | Machine | Blocker | Action Needed | |---------|---------|---------------| | DESKTOP-KQSL232 | None known | Verify OS edition supports domain join | | CHEF-PC | None known | Verify OS edition supports domain join | | SALES4-PC | **Not on network** (absent from ARP/DHCP as of 2026-03-06) | Locate machine, verify powered on | | MDIRECTOR-PC | **Windows 10 Home** — cannot domain-join | Upgrade to Pro first (key available). Users: Anna Pitzlin, Shelby Trozzi, localadmin. No Desktop/Documents data to migrate. MAC: 98:ee:cb:9d:8a:81 | For each machine, run `scripts/phase3-join-domain.ps1` via ScreenConnect: ### Per machine: 1. **Document current state** (automated by script) - systeminfo, ipconfig, printers, mapped drives saved to `C:\IT-Migration\` 2. **Create local admin backup account** - Localadmin local admin account (for rollback access) 3. **Verify DNS resolves AD** - Must resolve `cs-server.cascades.local` - If fails: check DHCP DNS settings (should get 192.168.0.1 via DHCP) 4. **Join domain** - `Add-Computer -DomainName cascades.local -OUPath "OU=Staff PCs,OU=Workstations,DC=cascades,DC=local"` - Automatic reboot 5. **Post-reboot verification** (run `scripts/phase3-post-join-verify.ps1`): - [ ] `gpresult /r` — GPOs applied? - [ ] `\\CS-SERVER\Shares` accessible? - [ ] Mapped drives appear (S:, department drive)? - [ ] Printers auto-installed? - [ ] Print test page works? - [ ] Internet works? - [ ] `nltest /dsgetdc:cascades.local` returns CS-SERVER? 6. **Migrate user profile if needed** - Copy local Desktop/Documents to network share - Or use ForensiT User Profile Wizard (free) to migrate local → domain profile --- ## 5c — Link GPOs (after first successful join) 1. Link "CSC - Security Baseline" → domain root 2. Link "CSC - Drive Mappings" → user OUs (Departments, Management, Sales, MemCare) 3. Link "CSC - Printer Deployment" → OU=Workstations 4. Link "CSC - Windows Update" → domain root 5. Link "CSC - Folder Redirection" → user OUs Run `gpupdate /force` on first machine, verify everything works. --- ## 5d — Update existing domain machines Run on CRYSTAL-PC, ACCT2-PC, DESKTOP-H6QHRR7, DESKTOP-1ISF081: ```powershell gpupdate /force # Verify drive mappings and printers appeared ``` --- ## Rollback (per machine) 1. Log in with `Localadmin` local account 2. Run: `Remove-Computer -UnjoinDomainCredential (Get-Credential) -Restart` 3. Machine returns to workgroup mode with local accounts intact