7 thoughts on “How to Deploy Offline Domain Join with Workspace ONE”

  1. I’m looking for a sanity check on this whole process. I understand that after the enrollment process is complete and the tunnel app/tunnel profile is on the device, the ability for pre-login vpn allows for end-user to log-in off network with AD creds and finish the enrollment. However, does the initial process using the ppkg and unattend where it is enrolled using the staging account and bind to the domain actually have to be on a network with line of sight to the DC? Everything I have seen and tested says yes

    Reply
    • No, the initial application of the offline domain join blog does NOT require line of sight to the domain. The ACC talks to the DC and sends the blog back to WS1 which in turns send it to the device. The only time you need line of sight is for the first time user login. But if you configure tunnel correctly , it will fire off automatically, creating that tunnel and LOS and login will complete.

      Reply
    • The current factory provisioning process is “offline” meaning that everything happens in the dell factory without internet. The new “online” drop ship provisioning that is available to dell will support this as there will be an internet connect to facilitate enrollment and the offline domain join blob. I did a session at VMworld this year talking about a DIY version of this – where you can do a full bare metal deployment and complete the ODJ process. Once 20.11 drops, I’ll put out a blog on it.

      Reply
  2. can we leverage Azure AD with AutoPilot and hybrid on-prem AD join AND dell offline factory provisioning in conjunction with each other, or can we perform only one or the other?

    Reply
    • If you do the “offline” one, then yes you can use both. The offline factory provisioning just applies the PPKG which includes apps and then Autopilot handles the rest of OOBE configuration and whether it is cloud joined or hybrid joined.

      Reply

Leave a Comment