Joining a domain over a site to site vpn tunnel

connect small offices to your AD domain

Thu, 04 Oct 2018

Some budgets don’t allow for smaller offices to have their own domain controllers yet you still need to make sure computers are getting up to date policies from your domain. I’ll show you a quick way to add a computer to a domain over a site to site vpn tunnel.


First thing you want to do is make sure that your pc can reach your domain controller. Run a quick nslookup with your domain controller of choice.

nslookup dc1

If you have a basic setup, the response you should get will look similar to this

Server: unknown

Name: dc1

The address for the server should show the gateway of the computer the command is being ran from and the address for dc1 should just be its actual IP address.

Active Directory Sites and Services

After verifying that we can reach our domain controller we want to set up site and services. Open up Active Directory Sites and Services on your domain controller. We want to create a new site and a new subnet. The dialogs for both of these options is very straightforward. You’re going to want to create a subnet and site for both the remote and local locations. Once created, your domain controllers and clients will know what domain controller to route request to.


This is the last portion of the setup is setting up a DHCP scope. You need to create a new scope with the remote locations subnet. You can use whatever options you wish for your scope options. The only mandatory options you need is router(the remote locations router IP), DNS Domain Name(your domain name) and DNS Servers(list of DNS servers at your main site). After setting this up, you want to log into the remote locations router and set up DHCP Relay to use the domain controller from your main site. Once you do that, open up cmd and renew your IP address to get new settings from your domain controller

ipconfig /release && ipconfig /renew

Test it out!

Now that we finished with all of that setup, we can test out our setup by attempting to join a domain. Open up powershell on the computer you want to join to your domain and run the following command

Add-Computer -domain “” -restart -force

That command will add the current computer to the specified domain and restart it so the changes apply. Check out this post to get more details about the command.

Buy Me A CoffeeDigitalOcean Referral Badge
Edward Beazer

Edward Beazer - I just like to build shit. Sometimes I get stuck for hours, even days while trying to figure out how to solve an issue or implement a new feature. Hope my tips and tutorials can save you some time.

DigitalOcean Referral Badge