Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


UnattendJoin using Windows 7 sysprep and unattend xml file

Posted on 2011-09-23
Medium Priority
Last Modified: 2012-06-27

I have created a custom Windows 7 image and I am now trying to configure the unattendjoin component of my unattend file to make the computer join our domain as part of the sysprep process.

I have this working partially. Using the following entries I can get the PC to join the Domain but when I try to log on as Domain admins to the recently sysprep'd machine I am given some sort of error which is associated with there being no machine account in Active Directory.

Why if the unattend file is joining the machine to the domain is it not creating a machine account in AD?

Is there an option to get the PC to prompt you as part of the setup to put the machine on the Domain just like sysprep worked in Windows XP?

Furthermore there appears to be two options for joining the machine to the domain, secure and unsecure. I am led to believe that if you leave unsecure as false the you must enter domain name, username and password credentials for joining the PC to the Domain under the credentials field. (This is the option that I have been using that results in the PC appearing as if it is on the Domain but has no machine account associated in AD, and yes the credentials I am using are domain admins!)

If setting unsecurejoin to true apparently you leave all fields under credentials blank but instead enter the relevant details under the Identifications field for Domain etc. There is also a field for Machine password. Can anything be typed in here???


 <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">


<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

This options results in my pc being on the Workgroup whilst the first option results in my pc being on the domain but has no machine account in AD.

Has anyone managed to get this working?

I am working from a sypreped image and using ghost to deploy.
Question by:Anne_Ward
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 41

Expert Comment

ID: 36596742
Can you post the actual error message you are seeing?

Are you sure the computer is actually joined to the domain?  If you log on locally, look at computer properties...

I tend to prefer using UnsecureJoin=true so I don't have to included credentials in any text file, but anyway...  If using this, the credentials section should not have empty elements, so delete it entirely.  Also delete the MachineObjectOU element unless you're filling it out.

Are you using the Windows AIK to create the answer file?

Also, in both cases, how are you going about naming the computer?  This has to be set in the answer file for the domain join to succeed.

There is no way to prompt you to join the domain.

Author Comment

ID: 36598216
Hi Footech:

The error is:

The trust relationship between this workstation and the primary domain failed.

I have already double checked under the properties and the PC has a fqdn PC3600.local.mydomain.co.uk.

Also i did not realise that you ahve to remove the machine password and credentials if not using which is good however i do have sysprep prompting for the PC name as we have nop way of automating the PC names because they are the same as the asset tag we put on them.

Does this then mean that the only way to get the PC to join the Domain, in my case, with the correct PC name is to do it manually?

LVL 41

Accepted Solution

footech earned 2000 total points
ID: 36599213
Correct.  The domain join process happens in phase 4 (specialize).  If you don't supply a computer name until the prompt, this is happening in stage 7 (OOBE).  Frankly I'm surprised that it's being joined to the domain at all, as I've never heard of this succeeding unless the computer name is specified in the answer file as well (either specifically or with *).

I suppose you could use a random name to do the join and then change it manually afterwards to match the asset tag, but it doesn't save you much work, if any.

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question