UnattendJoin using Windows 7 sysprep and unattend xml file

Posted on 2011-09-23
Last Modified: 2012-06-27

I have created a custom Windows 7 image and I am now trying to configure the unattendjoin component of my unattend file to make the computer join our domain as part of the sysprep process.

I have this working partially. Using the following entries I can get the PC to join the Domain but when I try to log on as Domain admins to the recently sysprep'd machine I am given some sort of error which is associated with there being no machine account in Active Directory.

Why if the unattend file is joining the machine to the domain is it not creating a machine account in AD?

Is there an option to get the PC to prompt you as part of the setup to put the machine on the Domain just like sysprep worked in Windows XP?

Furthermore there appears to be two options for joining the machine to the domain, secure and unsecure. I am led to believe that if you leave unsecure as false the you must enter domain name, username and password credentials for joining the PC to the Domain under the credentials field. (This is the option that I have been using that results in the PC appearing as if it is on the Domain but has no machine account associated in AD, and yes the credentials I am using are domain admins!)

If setting unsecurejoin to true apparently you leave all fields under credentials blank but instead enter the relevant details under the Identifications field for Domain etc. There is also a field for Machine password. Can anything be typed in here???


 <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">


<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">

This options results in my pc being on the Workgroup whilst the first option results in my pc being on the domain but has no machine account in AD.

Has anyone managed to get this working?

I am working from a sypreped image and using ghost to deploy.
Question by:Anne_Ward
  • 2
LVL 39

Expert Comment

ID: 36596742
Can you post the actual error message you are seeing?

Are you sure the computer is actually joined to the domain?  If you log on locally, look at computer properties...

I tend to prefer using UnsecureJoin=true so I don't have to included credentials in any text file, but anyway...  If using this, the credentials section should not have empty elements, so delete it entirely.  Also delete the MachineObjectOU element unless you're filling it out.

Are you using the Windows AIK to create the answer file?

Also, in both cases, how are you going about naming the computer?  This has to be set in the answer file for the domain join to succeed.

There is no way to prompt you to join the domain.

Author Comment

ID: 36598216
Hi Footech:

The error is:

The trust relationship between this workstation and the primary domain failed.

I have already double checked under the properties and the PC has a fqdn

Also i did not realise that you ahve to remove the machine password and credentials if not using which is good however i do have sysprep prompting for the PC name as we have nop way of automating the PC names because they are the same as the asset tag we put on them.

Does this then mean that the only way to get the PC to join the Domain, in my case, with the correct PC name is to do it manually?

LVL 39

Accepted Solution

footech earned 500 total points
ID: 36599213
Correct.  The domain join process happens in phase 4 (specialize).  If you don't supply a computer name until the prompt, this is happening in stage 7 (OOBE).  Frankly I'm surprised that it's being joined to the domain at all, as I've never heard of this succeeding unless the computer name is specified in the answer file as well (either specifically or with *).

I suppose you could use a random name to do the join and then change it manually afterwards to match the asset tag, but it doesn't save you much work, if any.

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

After playing around with my ASUS 1215n ( Netbook, I finally managed to get smooth HD 1080p ( playback of videos on it. Second Generation Intel Atom (http://en.…
I hope this helps those who have been battling the SanDisk / U3 problem for a while. For anyone that is running Windows 7 64bit and is receiving and searching the internet for the “Windows Error: Windows has allocated a drive letter to the U3 dri…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now