[WDS] Domain Join Problem with Imageunattend.xml file for image

[_techie_]

Hi all,

we have been playing around with Windows 7 and unattended installs. With much research and reading we are 99% there!

We have managed to get WinPE to be totally unattended, apart from being able to select a particular image from a list (I like this option, since it will allow us to choose wim's containing 'difficult' to deploy software (e.g. Prodesktop 8!).

We have also managed to automate most of the oobe part of installation with Windows 7, however, we have stumbled across a problem with automating the domain join.

We CAN get the ImageUnattend.xml file to auto add the machine to the domain, but we would also like the ability to choose the computer name, (for setting up new classrooms). I do not particularly want to pre-stage the accounts in AD.

The machine completes the automated oobe, then when it reboots, looks to have joined the domain.

When we try to logon, we get a confusing error message:


I think this is due to the timing of naming the computer (which 'I think' occurs after the unattended domain join). The domain join puts an account in AD, after which we type in the computer name which is different to the record in AD, which is causing the problem. Is it possible to setup the computer name during WinPE, or before doing the domain join?

Thanks

[DMcCoy]

We CAN get the ImageUnattend.xml file to auto add the machine to the domain, but we would also like the ability to choose the computer name, (for setting up new classrooms). I do not particularly want to pre-stage the accounts in AD.

You cannot get it to prompt *and* join this way. The domain join happens before oobe and will occur with a random name. Once this is changed by oobe the trust relationship is broken. Microsoft know, they don't care as it's "by design" and was introduced with Vista.

I prestaged all our Vista machines just to get around it. Windows 7 may have some additional possiblities with the offline join.

[jsnetman]

You can if you use MySysprep which is a rewrite of sysprep, something that microsoft could'nt do or did'nt want to do. http://tsaysoft.com/mysysprep2/

I am rolling out my win 7 machines with this and it asks for computer name like it did in XP sysprep.

[DMcCoy]

You can if you use MySysprep which is a rewrite of sysprep, something that microsoft could'nt do or did'nt want to do. http://tsaysoft.com/mysysprep2/

I am rolling out my win 7 machines with this and it asks for computer name like it did in XP sysprep.

Hmm, I tried mysysprep2. It didn't work, prompted for the name but never set it.

[sparkeh]

I do not particularly want to pre-stage the accounts in AD.

Can I ask why not as this seems to solve your problem?

[jsnetman]

Hmm, I tried mysysprep2. It didn't work, prompted for the name but never set it

Ok I will post my imageunattend below, if the prompt for machine is in the wrong place it fails. Also I tried Mysysprep with the unattend.xml on the c: drive and I could not get it to work but got it to work when I attached the xml file to the image in WDS.

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RegisteredOrganization>Schhol Name</RegisteredOrganization>
<RegisteredOwner>School User</RegisteredOwner>
<ComputerName>%Please input a computer name%</ComputerName>
<CopyProfile>true</CopyProfile>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>domain.local</Domain>
<Password>********</Password>
<Username>administrator</Username>
</Credentials>
<JoinDomain>domain.local</JoinDomain>
</Identification>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-gb</InputLocale>
<SystemLocale>en-gb</SystemLocale>
<UILanguage>en-gb</UILanguage>
<UserLocale>en-gb</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserAccounts>
<AdministratorPassword>
<Value>*****</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>YwBoAHMAMQBQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</Password>
<DisplayName>temp</DisplayName>
<Name>temp</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOrganization>School Name</RegisteredOrganization>
<RegisteredOwner>School User</RegisteredOwner>
<AutoLogon>
<Password>
<Value>******</Value>
<PlainText>true</PlainText>
</Password>
<Domain>domain.local</Domain>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>sysrebuild</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<RequiresUserInput>false</RequiresUserInput>
<Order>1</Order>
<Description>delete tmp account</Description>
<CommandLine>net user temp /delete</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>false</HideWirelessSetupInOOBE>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<TimeZone>GMT Standard Time</TimeZone>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
</settings>
<settings pass="auditSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Display>
<ColorDepth>16</ColorDepth>
<HorizontalResolution>1024</HorizontalResolution>
<VerticalResolution>768</VerticalResolution>
</Display>
</component>

<component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DriverPaths>
<PathAndCredentials wcm:keyValue="facddfe3" wcm:action="add">
<Path>\\srv2\REMINST\drivers</Path>
<Credentials>
<Domain>domain.local</Domain>
<Password>******</Password>
<Username>administrator</Username>
</Credentials>
</PathAndCredentials>
</DriverPaths>
</component>


</settings>
<cpifflineImage cpi:source="wim:c:/windows7sysprep/install.wim#Windows 7 PROFESSIONAL" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

[DMcCoy]

Ok I will post my imageunattend below, if the prompt for machine is in the wrong place it fails. Also I tried Mysysprep with the unattend.xml on the c: drive and I could not get it to work but got it to work when I attached the xml file to the image in WDS.

I was running it from the local drive too, I was still testing the various sysprep settings and hadn't built the final image for wds.

[_techie_]

Thanks all for your comments.

I was thinking that the enevitable of pre-staging accounts in AD was going to be the final and only solution. My only issue with this, is obtaining the GUID information quickly? Is there a way to do this remotely?

Would be good if we could.

Thanks,

[DMcCoy]

Thanks all for your comments.

I was thinking that the enevitable of pre-staging accounts in AD was going to be the final and only solution. My only issue with this, is obtaining the GUID information quickly? Is there a way to do this remotely?

Would be good if we could.

Thanks,

Use the MAC address instead? I pulled ours from an export from dhcp.

[_techie_]

I guess this is not really a problem, when setting up new machines we tend to do this in the holidays. I just think that they have gone a slight step backwards from RIS in this instance, but that is just my opinion...

I have found out how to add the computers to the domain first, and also add the GUID, as well as setting WDS to respond only to known clients.

How would you go about unattending the computer name, once we move over to pre-staging?

Thanks for your help.

[DMcCoy]

When using <ComputerName>%MACHINENAME%</ComputerName> in the unattended file on a WDS server it will replace it with the prestaged name instead.

Also slightly related, if you don't want to create a user account you can do a group change instead

<UserAccounts>
<DomainAccounts>
<DomainAccountList wcm:action="add">
<DomainAccount wcm:action="add">
<Group>Administrators</Group>
<Name>SysAdmin Users</Name>
</DomainAccount>
<Domain>domain.name</Domain>
</DomainAccountList>
</DomainAccounts>
</UserAccounts>