I work for an MSP.
I have made an automation script within our RMM system (Connectwise Automate) which when ran on a device will find a domain controller within the same Client container as the device, then join the machine to the domain offline via DJOIN.exe. This helps us with new PC builds, as it means the machine can be built and configured away from the client's network (e.g. in our Workshop)
All it does is run Djoin on the Domain Controller, passing in the name of the device you ran the script on, then it sends the resultant djoin blob txt file back to the device, on which the oppsite djoin /requestodj command is executed, successfully joining the device to the domain whilst away from the corporate network.
What I am curious about now is whether or not I can provision a domain user profile on the machine, whilst it is still technically not on the domain (DJOIN will not actually connect the machine to the domain until it's first contact with the Domain Controller, which means we cannot currently log in as the intended domain user and get their profile setup, log into outlook ready for them etc.)
I know this can be achieved using a quick VPN to the domain network, however I am trying to make this as automated as possible. I feel like there should be some way to make that first point of contact with the domain controller through an SSH Tunnel or a SOCKS proxy perhaps, however my searches for this kind of information have so far found nothing.
Is it possible to achieve this, or is there a way to manually create a "domain" profile on the machine before the connection to the domain controller has been made, perhaps some registry hack?
