Have you ever found yourself wanting to remotely a join workstation to a domain that isn’t running a VPN? If so you’ve come to the right place. Lets dive on in.

  • The full version of TeamViewer must be installed on the workstation as well as a domain controller within the domain you wish to join.
  • Your local network must NOT be running on the same subnet as the remote domain network. If they are running on the same subnet, change your local subnet to something different.
The Mission:

Essentially, we’ll be making use of TeamViewer’s VPN to trick our workstation and server into thinking that they are on the same local network as each other. There is more to this than simply connecting the VPN so read on.

Step 1:

Open up TeamViewer on the workstation and punch in the TeamViewer ID for the server, change the connection type to VPN, hit connect and when prompted, enter the servers TeamViewer password.

Once connected, you’ll get confirmation the form of the following window which pops up, take note of your partners IP address, we’ll need this later:

Step 2:

Now, lets gets your workstation to resolve domain names on your domain network, this is relatively simple. Open up Control Panel and navigate to Network and Internet > Network and Sharing Centre’ and then on the left-hand menu click on change adapter settings.
In the window which has just opened, right click on the TeamViewer VPN adapter and select properties.

In the properties window we are going to make two changes, first, uncheck IPv6. Next select IPv4 and click on properties.

Leave the first option on “Obtain an IP address automatically” and move onto the DNS section, select “Use the following DNS servers” and punch your partners IP address into the preferred DNS server field and click on OK twice.

If all went well, you should now be able to use your workstation to resolve names on your domain network. Try to ping your domain, e.g. ProvidingIT.local, it should resolve and respond successfully, however the response will be coming from the “External” IP address which TeamViewer assigned to the server, this is no good!

Step 3

We’re almost done! The second last step is for you to manually tell your computer how to reach the local IP range of the domain network. To do this we are going to add a static route to the windows routing table on the workstation. To do so, open up an elevated command prompt and type in the following command:

route ADD *domains local IP range* MASK *Partners IP address*
In practice, it should look something like this: route ADD MASK

*Note, the routing table is cleared out upon restarting.

Once you’ve added the route in you should get a response from the remote servers local IP address when you ping it. You are now ready to connect the workstation to the domain, go ahead and do this.

Step 4

This final step of the process is very important!
Once you have joined the domain and restarted the workstation, log back into the local account.
Now, repeat steps 1 to 3 to get the VPN back up and running (Connect VPN, note partner IP, set primary DNS server, add static route) and then switch users and login with a your domain account.
Just like that, your workstation is connected to the domain and the domain credentials are cached locally. You can now disconnect the VPN and finish setting up that user profile before delivering the workstation.