+ Post New Thread
Results 1 to 10 of 10
O/S Deployment Thread, Windows 7 client joining to domain problems in Technical; Hi Currently doing some work MDT to deploy Windows 7 enterprise to our machines in an automated way. I have ...
  1. #1
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    732
    Thank Post
    100
    Thanked 42 Times in 32 Posts
    Rep Power
    25

    Windows 7 client joining to domain problems

    Hi

    Currently doing some work MDT to deploy Windows 7 enterprise to our machines in an automated way. I have used WDS to deploy the image via PXE boot and also used WISM to create an unattend file and also a winPE unattend file.

    I am nearly close with it working but am having problems once the machine is live and ready to be used. From previous threads after a machine is sysprepped I wanted the machine to ask the user for a computer name but for all the rest for it to be all automatic e.g. regional settings, time etc which I have successfully done via the unattend xml file. I have even managed that once the image is deployed windows will ask the user for a computer name but once the machine is ready to be used and i attempt to login as a domain user i get the following message:

    "The security database on the server does not have a computer account for this workstation trust relationship"

    I have tried rebooting and looking at various forum. One forum said it could be GPO setting at domain level to do with the 'primary DNS suffix' which could be set but when I look at settings its al set to not configured.

    As the machine claims it was on the domain I checked in AD and in the computers OU the machine appeared in here. I have tried to disjoin the machine from the domain and put onto a workgroup and then rejoin it onto the domain and once this has been done it has worked but would rather i didnt need to do this to 400 machines.

    Anyone else had this problem.

    Thanks

  2. #2
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    I just jumped onto the WDS band wagon, but haven't messed with Win7 deployment using it yet; I've been far too busy shoving an XP image down its throat. I did however experiment deploying it with Ghost 11.0, and got a fair amount of success out of it.

    If you want it to ask for a name, then forget about auto domain joining. What is happening right now is it is joining the domain, then asking for a name. When the name changes, it only changes on the local machine, thus breaking the domain trust. There is no way to change its order of doing this.

    What I did is disabled the auto join, have it ask for a name, auto login, and then run a VB script to join the domain.

    Here is that script....

    Call DoSomething

    Sub DoSomething

    Dim strPassword
    Dim strDomain
    Dim strUser

    Const JOIN_DOMAIN = 1
    Const ACCT_CREATE = 2
    Const ACCT_DELETE = 4
    Const WIN9X_UPGRADE = 16
    Const DOMAIN_JOIN_IF_JOINED = 32
    Const JOIN_UNSECURE = 64
    Const MACHINE_PASSWORD_PASSED = 128
    Const DEFERRED_SPN_SET = 256
    Const INSTALL_INVOCATION = 262144

    strDomain = "yourdomain"
    strUser = "accountwithaccesstojoin"

    Set objNetwork = CreateObject("WScript.Network")
    strComputer = objNetwork.ComputerName

    Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonat e}!\\" & strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")

    Do
    strPassword = InputBox("Enter password to join domain:", "Join to Domain", "password")
    If strPassword = "" Then Exit Sub

    ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, NULL, JOIN_DOMAIN + ACCT_CREATE)

    If ReturnValue = 1326 Then
    MsgBox "Logon failure: unknown username or bad password."
    End If

    If ReturnValue <> 1326 Then Exit Do
    Loop

    If ReturnValue = 5 Then
    MsgBox "Access is denied. Run from an elevated command prompt."
    Exit Sub
    ElseIf ReturnValue = 87 Then
    MsgBox "The parameter is incorrect."
    Exit Sub
    ElseIf ReturnValue = 110 Then
    MsgBox "The system cannot open the specified object."
    Exit Sub
    ElseIf ReturnValue = 1323 Then
    MsgBox "Unable to update password."
    Exit Sub
    ElseIf ReturnValue = 1355 Then
    MsgBox "The specified domain does not exist or could not be contacted."
    Exit Sub
    ElseIf ReturnValue = 2224 Then
    MsgBox "The account already exists."
    Exit Sub
    ElseIf ReturnValue = 2691 Then
    MsgBox "The machine is already joined to the domain."
    Exit Sub
    ElseIf ReturnValue = 2692 Then
    MsgBox "The machine is not currently joined to the domain."
    Exit Sub
    End If

    If ReturnValue = 0 Then
    If MsgBox("Domain joined successfully. Restart machine?", vbQuestion + vbYesNo) = vbYes Then
    Set OpSysSet = GetObject("winmgmts:{(Shutdown)}//./root/cimv2").ExecQuery("select * from Win32_OperatingSystem where Primary=true")
    For Each OpSys in OpSysSet
    OpSys.Reboot()
    Next
    Else
    'Just quit
    End If
    End If

    End Sub
    This script must be ran from an elevated command prompt. I forget what I had to do. I think it involved disabling UAC and something else.

    Let me know if you need anything else. Goodluck!

  3. Thanks to Duke5A from:

    jlucas (15th October 2010)

  4. #3
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32

    Post

    One more thing... Add the script into your unattended.xml under the oobeSystem pass.

    <FirstLogonCommands>
    <SynchronousCommand wcm:action="add">
    <CommandLine>c:\image\scripts\DomainJoin.vbs</CommandLine>
    <Order>1</Order>
    <RequiresUserInput>true</RequiresUserInput>
    </SynchronousCommand>
    </FirstLogonCommands>
    I ran it synchronously so other script I had would run without waiting for this one to end.

    Good luck!

  5. Thanks to Duke5A from:

    ranj (2nd August 2010)

  6. #4

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,213
    Thank Post
    286
    Thanked 778 Times in 588 Posts
    Rep Power
    338
    We do this purely with WDS without using MDT. How we do it is in wds set the option to require administrative approval for unknown clients, which then appear in the pending section of the wds manager. You can then right click and select approve and name.
    If the machine is already in Active Directory and has a GUID assigned to the machine it will pick this account up and name it as per its current AD name.
    The unattend files for doing this are:
    Attached Files Attached Files

  7. #5
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    We got round the asking for computer name problem by using a modified version of sysprep called mysysprep2.

    http://tsaysoft.com/mysysprep2/

  8. #6

    Join Date
    Aug 2010
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It doesn't work does anyone have a good script for Windows 7 Professional for automatic join into the Domain ?

  9. #7
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    732
    Thank Post
    100
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Quote Originally Posted by RainGigel View Post
    It doesn't work does anyone have a good script for Windows 7 Professional for automatic join into the Domain ?
    Which script doesnt work? I have tried Duke5A, vbscript domain join and can confirm it does work. As long as you add it in as a first command using an unattend.xml it does work. I have also tried mysysprep2 and found that works also but prefer the vb script.

  10. #8

    Join Date
    Aug 2010
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    None of this works on my network, I tried all the scrips from this thred (except the VBS script), I tried the MySysprep and it geting stuck on "Setting on....", and I've tried like 12 different scripts, I tried secure join, I tried unsecure, still nothing, does anyone has a scrip just for joining ?? or at least should the window for joining pup up so I can do it manually, all I get is to create a new user which sux

  11. #9

    Join Date
    Aug 2010
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I wanna try the WDS route is it a lot better system over RIS?

  12. #10

    Join Date
    Sep 2011
    Location
    Norway
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    'Fraid not...

    Quote Originally Posted by ranj View Post
    Which script doesnt work? I have tried Duke5A, vbscript domain join and can confirm it does work. As long as you add it in as a first command using an unattend.xml it does work. I have also tried mysysprep2 and found that works also but prefer the vb script.
    Do you mean <FirstLogonCommands> <SynchronousCommand wcm:action="add"> as order 1? Tried as order 3 because i have also 2 commands to set KEY and activate windows.

    The command added to use the vbscript for joindomain makes sysprep crash like a giant meteor... Take the command out and sysprep is happy again. And mysysprep2 also makes sysprep crash.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 15
    Last Post: 19th July 2010, 09:46 AM
  2. Replies: 8
    Last Post: 10th March 2010, 03:46 PM
  3. Joining MAC's to a Windows 2008 Domain
    By speckytecky in forum Mac
    Replies: 10
    Last Post: 8th January 2010, 10:58 AM
  4. Replies: 1
    Last Post: 30th November 2009, 06:32 PM
  5. Replies: 12
    Last Post: 16th November 2009, 03:30 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •