For demo and lab setups sometimes the Domain Controller and Clients are not in the same network – e. g. DC running in AWS and the clients like Windows 10 or 11 are running with VirtualBox on your Desktop. How would you join these clients to the DC? Tailscale to the rescue!
Headless Mode / Unattended Mode
After you installed Tailscale on your DC and your clients, be sure to enable headless mode / unattended mode. I always restart the machines and test if access via RDP and the Tailscale IP works – just to be safe 😉
Add custom domain routing
In the Tailscale DNS settings you must have defined at least one public DNS. Then create a new custom nameserver.
Enter the Tailscale IP from your Domain Controller and restrict the search domain to your Active Directory name. In my example I used thomasheinz.net as the Domain.
Join client to domain
Now you can join your client as usual to the Active Directory Domain, network connectivitiy provided by Tailscale!