Solved

Moving Computer into different OU after computer is joined to domain using Vmware Customization Specifications

Posted on 2011-09-14
12
2,633 Views
Last Modified: 2012-05-12
I have created a Windows Server 2008 R2 template and I am able to get it to join my domain using the customization specification.  Using a Run Once script in the customization I am able to move the computer from one OU to another.  My problem is that it does this after the machine has been created, rebooted and got group polices from the Computers OU, which I don't want.  Is there a way to tell VMware that I want the machine created in a certain OU instead of the Computers OU?  
0
Comment
Question by:thomashospital
12 Comments
 
LVL 40

Expert Comment

by:coolsport00
ID: 36535575
Not that I'm aware of; I believe that is a reflection of Active Directory, not VMware.

~coolsport00
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36535663
What you could do is create a NEW OU called "New Computers" and BLOCK ALL GPO's on that ou. Then set AD to use that ou for All new computers joining the domain. Now you can move them before any GPO's get applied.

See http://support.microsoft.com/kb/324949
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36535673
OR
Of course you could just precreate the computer object in AD in the OU you want them in. That way when you join the computer to the domain it already knows where it lives :D
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 8

Expert Comment

by:Sinder255248
ID: 36535682
what about changing the folder that your computers go into when they join the domain:

redircmp ou=computers1,DC=test,dc=com

http://support.microsoft.com/kb/324949

Or

Why not join the VM to a workgroup and on the RunOnce run a script that joins the machine to the domain using netdom where you can specify the OU (maybe as a variable).
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36535777
@Sinder255…

Please do not repost what has already been said INCLUDING the same links to the same articles. Read a thread before you post please.
0
 

Author Comment

by:thomashospital
ID: 36535838
I can't redirect where the computer go into because of our security policy, If a machine is joined to the domain and not moved to the correct OU then it will get the basic Group Polices.  I tried doing a run once script in the customization specification to join it to the domain using the netdom join command but it joins it to the domain and then VMware moves it to a workgroup.  My last effort, and I don't want to do this, is to try a runonce script in Windows itself to join it to the domain using netdom.  This means I would have to set this each time I want to power up this template to make any changes to it.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36535999
So like I said create the computer account First in AD where you need it.
0
 

Accepted Solution

by:
thomashospital earned 0 total points
ID: 36537114
I was able to figure out a "workaround" to solve my problem.  First I created a bat file that joins the server to the domain in the OU I want and put it on the root of the C: drive on the template.  In the Customization Specification this is what I changed:

Under the Administrator Password I checked Automatically log on as the Administrator and set it to 1.

Under Run Once I added the batch file so it will run when administrator logs in.

Under Workgroup or Domain I changed it to Workgroup and called it VMTEMPLATE

Now after it does its Sysprep thing and reboots a couple of times it logs back into windows as the administrator and joins to the domain and reboots.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36537259
Why go to all that effort When you could do as I guested and just open ADCU and create a computer object before you deploy the machine? Take you what? 20 seconds?
0
 

Author Comment

by:thomashospital
ID: 36538156
That is all well and good but I want to deploy my template and walk away and when I come back it is ready for me to install what I need too.  
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36538394
It would be. Your sat at your desk, you think OOOH I need to deploy a new machine, open ADUC, create a new computer object in your deploment container and then in VCenter you deploy your template. Job done.

What you could of course do is script the whole lot with powershell, have a single script that you run, asks you what template to deploy, what computer name it is to have and then does the rest for you.
0
 

Author Closing Comment

by:thomashospital
ID: 36572297
I was able to figure out what I was wanting to do.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last article we focus in how to VMware: How to create and use VMs TAGs – Part 1 so before follow this article and perform the next tasks, you should read the first article how to create the TAG before using them in Veeam Backup Jobs.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now