Solved

UnattendJoin using Windows 7 sysprep and unattend xml file

Posted on 2011-09-23
3
1,599 Views
Last Modified: 2012-06-27
Hi,

I have created a custom Windows 7 image and I am now trying to configure the unattendjoin component of my unattend file to make the computer join our domain as part of the sysprep process.

I have this working partially. Using the following entries I can get the PC to join the Domain but when I try to log on as Domain admins to the recently sysprep'd machine I am given some sort of error which is associated with there being no machine account in Active Directory.

Why if the unattend file is joining the machine to the domain is it not creating a machine account in AD?

Is there an option to get the PC to prompt you as part of the setup to put the machine on the Domain just like sysprep worked in Windows XP?

Furthermore there appears to be two options for joining the machine to the domain, secure and unsecure. I am led to believe that if you leave unsecure as false the you must enter domain name, username and password credentials for joining the PC to the Domain under the credentials field. (This is the option that I have been using that results in the PC appearing as if it is on the Domain but has no machine account associated in AD, and yes the credentials I am using are domain admins!)

If setting unsecurejoin to true apparently you leave all fields under credentials blank but instead enter the relevant details under the Identifications field for Domain etc. There is also a field for Machine password. Can anything be typed in here???

UNSECUREJOIN FALSE EXAMPLE

 <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                       <Domain>MYDomain</Domain>
                    <Password>MyPassword</Password>
                    <Username>Administrator</Username>
                </Credentials>
                <JoinDomain>MyDomain</JoinDomain>

UNSECUREJOIN TRUE EXAMPLE

<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain></Domain>
                    <Password></Password>
                    <Username></Username>
                </Credentials>
                <JoinDomain>MyDomain</JoinDomain>
                <MachineObjectOU></MachineObjectOU>
                <UnsecureJoin>true</UnsecureJoin>

This options results in my pc being on the Workgroup whilst the first option results in my pc being on the domain but has no machine account in AD.

Has anyone managed to get this working?

I am working from a sypreped image and using ghost to deploy.
0
Comment
Question by:Anne_Ward
  • 2
3 Comments
 
LVL 39

Expert Comment

by:footech
ID: 36596742
Can you post the actual error message you are seeing?

Are you sure the computer is actually joined to the domain?  If you log on locally, look at computer properties...

I tend to prefer using UnsecureJoin=true so I don't have to included credentials in any text file, but anyway...  If using this, the credentials section should not have empty elements, so delete it entirely.  Also delete the MachineObjectOU element unless you're filling it out.

Are you using the Windows AIK to create the answer file?

Also, in both cases, how are you going about naming the computer?  This has to be set in the answer file for the domain join to succeed.

There is no way to prompt you to join the domain.
0
 

Author Comment

by:Anne_Ward
ID: 36598216
Hi Footech:

The error is:

The trust relationship between this workstation and the primary domain failed.

I have already double checked under the properties and the PC has a fqdn PC3600.local.mydomain.co.uk.

Also i did not realise that you ahve to remove the machine password and credentials if not using which is good however i do have sysprep prompting for the PC name as we have nop way of automating the PC names because they are the same as the asset tag we put on them.

Does this then mean that the only way to get the PC to join the Domain, in my case, with the correct PC name is to do it manually?

Thanks
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 36599213
Correct.  The domain join process happens in phase 4 (specialize).  If you don't supply a computer name until the prompt, this is happening in stage 7 (OOBE).  Frankly I'm surprised that it's being joined to the domain at all, as I've never heard of this succeeding unless the computer name is specified in the answer file as well (either specifically or with *).

I suppose you could use a random name to do the join and then change it manually afterwards to match the asset tag, but it doesn't save you much work, if any.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question