How to Join Active Directory Domain Controller via Customer Edge Router


This guide walks you through a practical demonstration of joining a client machine behind a customer edge router to an AD domain controller via NetFoundry service. The config steps are included. in this guide.

Sample Architecture



For this demonstration, we have considered setting up a network between an ER running on a VMWARE VM on-premise (Assuming it is the headquarters) (egress ER) and Azure South India that hosts the Windows 11 client VM and Customer ER (ingress ER). The NetFoundry-hosted edge routers are provisioned at Azure & AWS in India. We expect to join the Azure VM to AD domain controller hosted at HQ.

Step 1. Build the Network using our Getting Started Guide.


Step 2. Provision of NetFoundry-hosted Edge routers

At least one publicly accessible Edge Router is required for endpoints and edge routers to create a fabric. Having a min of two hosted ERs is a best practice for redundancy and smart routing. 

To learn more about Edge Routers go to the Create and Manage Edge Routers article on the NetFoundry Support Hub.


Step 3. Provision of Customer-hosted Edge Routers ( On-prem and Azure) :

Customer self-hosted Edge Routers (CERs) act as egress routers for endpoints / other CERs to reach the services terminated on the CER endpoint.

Create and Register CERs in a private cloud

Use the below deployment guides to provision a customer-hosted Edge Router into a branch office or a private cloud.

Create and Register CERs on AWS / Azure / OCI / any Public Cloud

Use the below deployment guides to provision a customer-hosted Edge Router into your AWS / Azure/ GCP/ OCI.


Step 4. Create a Service

The service definition provides the details of what device or devices will be utilized to provide access to services, either on the device (Zero Trust Client SDK Application) or the network connected to the device (via its LAN, for example).  The service also defines how the endpoints acting as clients will access the service.  Also, the service hosting details are provided.

To know more about Services go to Create and Manage Services article on the Netfoundry support hub.



Step 5. Creating the AppWAN

The AppWAN defines the services that one or more client endpoints can access.

To know more about AppWAN go to Create and Manage AppWAN article on the Netfoundry support hub.


Note: The endpoint/service/edge router attribute will select all endpoints/services/edge routers with that specific attribute. The @ symbol is used to tag Individual endpoints/services/edge routers and the # symbol is used to tag a group of endpoints/services/edge routers.\


Step 6. Add routes where needed

Add a Route entry in the Azure route table

Add a route in Azure for subnet of the headquarters pointing to the egress ER interface-

  • Go to the Azure portal
  • In the search bar, search for Route Tables
  • Create a routing table if you don’t have one already
  • Go to routes in the route table, add a route by adding the IP address in destination IP addresses/CIDR Ranges, select the next hop type as a virtual appliance, and add the egress router IP address
  • Go to subnets in the route table, and associate a subnet to the route that was added earlier. Click on associate and assign the appropriate Vnet and subnet for the route.


Go to the manage route table to know more about the Azure Routes.


Step 7. Join the Client in Domain Controller

To know more about joining the client machine in the domain controller click here

  • On the Desktop, click the start button, type Settings, and then press ENTER.

  • Navigate to System then go to about.

  • Under computer name, domain, and workgroup settings, click change settings.

  • Under the Computer Name tab, click Change.

  • Under Member of, click domain, type the name of the domain that you wish this computer to join, and then click OK.

  • Click OK in the Computer Name/Domain Changes dialog box and restart the computer.













Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.