none
MDT 2012 Update 1 - Deployment ignorning Domain Join information

    Question

  • Hello,

    I'm currently testing MDT 2012 Update 1 as we'd like to begin deploying Windows 8 and our MDT 2010 setup does not support the OS.

    I've installed MDT 2012 Update 1 on a new VM and have it configured to virtually memic our 2010 deployment. I wanted to start fresh instead of copying over all our deployments and upgrading the share.

    I've got the capture and image deployment features working just fine but my PCs will not join our domain. I've specified all the necessary domain join options in the unattend.xml but when I look at the unattended.xml file in C:\Windows\Panther on the deployed computer, it has the JoinWorkspace settings, ignoring my DomainJoin settings. All other settings look to be working.

    I've seen others on forums claim this was a bug, but I dont see it under the Known Issues section of the Read Me file.

    I dont want to set the variables in the task sequences as that hides configuration details, and I dont want to put them in the CustomSettings.ini either as we have multiple domains.

    Anyone else have issues with PC domain joins with MDT 2012 Update 1?

    Thanks!

    Wednesday, June 19, 2013 9:03 PM

All replies

  • Can you post your Unattend.xml, ZTIConfigure, smsts.log, and bdd.log (perhaps to a cloud storage and provide link)?  I haven't had any issues with domain joining from MDT 2012 Update 1, but can take a look and maybe figure out what is causing your issue specifically.

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, June 20, 2013 1:48 AM
    Answerer
  • Thanks for the response David.

    here is my Unattend.xml, I've modified the personal information and added a placeholder.

    -----------------------------------------------------------

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="windowsPE">
            <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
                <ImageInstall>
                    <OSImage>
                        <WillShowUI>OnError</WillShowUI>
                        <InstallTo>
                            <DiskID>0</DiskID>
                            <PartitionID>1</PartitionID>
                        </InstallTo>
                        <InstallFrom>
                            <Path>.\Operating Systems\WIN7SP1X64-05-13-11\WIN7SP1X64.wim</Path>
                            <MetaData>
                                <Key>/image/index</Key>
                                <Value>1</Value>
                            </MetaData>
                        </InstallFrom>
                        <InstallToAvailablePartition>false</InstallToAvailablePartition>
                    </OSImage>
                </ImageInstall>
                <UpgradeData>
                    <Upgrade>false</Upgrade>
                </UpgradeData>
                <Display>
                    <ColorDepth>16</ColorDepth>
                    <HorizontalResolution>1024</HorizontalResolution>
                    <RefreshRate>60</RefreshRate>
                    <VerticalResolution>768</VerticalResolution>
                </Display>
                <ComplianceCheck>
                    <DisplayReport>OnError</DisplayReport>
                </ComplianceCheck>
                <UserData>
                    <AcceptEula>true</AcceptEula>
                    <ProductKey>
                        <Key></Key>
                    </ProductKey>
                    <FullName></FullName>
                    <Organization></Organization>
                </UserData>
            </component>
            <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SetupUILanguage>
                    <UILanguage>en-US</UILanguage>
                </SetupUILanguage>
                <InputLocale>0409:00000409</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UserLocale>en-US</UserLocale>
            </component>
        </settings>
        <settings pass="generalize">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
                <RegisteredOrganization>DOWL HKM</RegisteredOrganization>
            </component>
        </settings>
        <settings pass="specialize">
            <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
                <Identification>
                    <Credentials>
                        <Username>_ImageDeploy</Username>
                        <Domain>DOMAINNAME</Domain>
                        <Password>USERPASSWORD</Password>
                    </Credentials>
                    <JoinDomain>DOMAINNAME</JoinDomain>
                    <JoinWorkgroup></JoinWorkgroup>
                    <MachineObjectOU>OU=PC Deployments,DC=DOMAINNAME,DC=COM</MachineObjectOU>
                </Identification>
            </component>
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
                <ComputerName></ComputerName>
                <ProductKey>PRODUCT KEY IS ENTERED HERE</ProductKey>
                <RegisteredOrganization>COMPANY NAME</RegisteredOrganization>
                <RegisteredOwner>COMPANY NAME</RegisteredOwner>
                <DoNotCleanTaskBar>true</DoNotCleanTaskBar>
                <TimeZone>Mountain Standard Time</TimeZone>
                <CopyProfile>true</CopyProfile>
            </component>
            <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <Home_Page>intranet.DOMAINNAME.com</Home_Page>
                <IEWelcomeMsg>false</IEWelcomeMsg>
            </component>
            <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <RunSynchronous>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>EnableAdmin</Description>
                        <Order>1</Order>
                        <Path>cmd /c net user Administrator /active:yes</Path>
                    </RunSynchronousCommand>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>UnfilterAdministratorToken</Description>
                        <Order>2</Order>
                        <Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
                    </RunSynchronousCommand>
                    <RunSynchronousCommand wcm:action="add">
                        <Description>Disable UAC</Description>
                        <Order>3</Order>
                        <Path>cmd.exe /c %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f</Path>
                    </RunSynchronousCommand>
                </RunSynchronous>
            </component>
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>0409:00000409</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UserLocale>en-US</UserLocale>
            </component>
            <component name="Microsoft-Windows-TapiSetup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <TapiConfigured>0</TapiConfigured>
                <TapiUnattendLocation>
                    <AreaCode>""</AreaCode>
                    <CountryOrRegion>1</CountryOrRegion>
                    <LongDistanceAccess>9</LongDistanceAccess>
                    <OutsideAccess>9</OutsideAccess>
                    <PulseOrToneDialing>1</PulseOrToneDialing>
                    <DisableCallWaiting>""</DisableCallWaiting>
                    <InternationalCarrierCode>""</InternationalCarrierCode>
                    <LongDistanceCarrierCode>""</LongDistanceCarrierCode>
                    <Name>Default</Name>
                </TapiUnattendLocation>
            </component>
            <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DisableSR>1</DisableSR>
            </component>
        </settings>
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
                <UserAccounts>
                    <AdministratorPassword>
                        <Value>PASSWORD ENTERED HERE</Value>
                        <PlainText>false</PlainText>
                    </AdministratorPassword>
                    <DomainAccounts>
                        <DomainAccountList wcm:action="add">
                            <DomainAccount wcm:action="add">
                                <Group>Users</Group>
                                <Name>Domain Users</Name>
                            </DomainAccount>
                            <Domain>DOMAINNAME</Domain>
                            <DomainAccount wcm:action="add">
                                <Group>Administrators</Group>
                                <Name>_ImageDeploy</Name>
                            </DomainAccount>
                        </DomainAccountList>
                    </DomainAccounts>
                </UserAccounts>
                <AutoLogon>
                    <Enabled>true</Enabled>
                    <Username>_ImageDeploy</Username>
                    <Domain>DOMAINNAME</Domain>
                    <Password>
                        <Value>PASSWORD ENTERED HERE</Value>
                        <PlainText>false</PlainText>
                    </Password>
                    <LogonCount>5</LogonCount>
                </AutoLogon>
                <Display>
                    <ColorDepth>32</ColorDepth>
                    <HorizontalResolution>1024</HorizontalResolution>
                    <RefreshRate>60</RefreshRate>
                    <VerticalResolution>768</VerticalResolution>
                </Display>
                <FirstLogonCommands>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>cscript.exe C:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
                        <Description>Lite Touch new OS</Description>
                        <Order>1</Order>
                    </SynchronousCommand>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>cscript.exe D:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
                        <Description>Lite Touch new OS</Description>
                        <Order>2</Order>
                    </SynchronousCommand>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>cscript.exe E:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
                        <Description>Lite Touch new OS</Description>
                        <Order>3</Order>
                    </SynchronousCommand>
                    <SynchronousCommand wcm:action="add">
                        <CommandLine>cscript.exe F:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
                        <Description>Lite Touch new OS</Description>
                        <Order>4</Order>
                    </SynchronousCommand>
                </FirstLogonCommands>
                <OOBE>
                    <HideEULAPage>true</HideEULAPage>
                    <NetworkLocation>Work</NetworkLocation>
                    <ProtectYourPC>1</ProtectYourPC>
                    <SkipUserOOBE>true</SkipUserOOBE>
                </OOBE>
                <RegisteredOrganization>DOWL HKM</RegisteredOrganization>
                <RegisteredOwner>DOWL HKM</RegisteredOwner>
                <TimeZone></TimeZone>
            </component>
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>0409:00000409</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UserLocale>en-US</UserLocale>
            </component>
        </settings>
        <settings pass="offlineServicing">
            <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DriverPaths>
                    <PathAndCredentials wcm:keyValue="1" wcm:action="add">
                        <Path>\Drivers</Path>
                    </PathAndCredentials>
                </DriverPaths>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="catalog://bil-hg-as06/mdt$/operating systems/win7sp1x64-base-3-29-13/win7sp1x64_cap_base_vmddrive.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>

    -----------------------------------------------------------------------

    The ZTIConfigure.wsf and .xml are the defaults.

    -----------------------------------------------------------------------

    Thursday, June 20, 2013 4:21 PM
  • SMSTS Log: https://skydrive.live.com/redir?resid=521FA7E5EAD24503!105

    BDD.Log: https://skydrive.live.com/redir?resid=521FA7E5EAD24503!105

    ZTIConfigure.Log: https://skydrive.live.com/redir?resid=521FA7E5EAD24503!105
    • Edited by Brett_MCITP Thursday, June 20, 2013 4:47 PM Appended 3rd Log
    Thursday, June 20, 2013 4:28 PM
  • I meant ZTIConfigure.log, so if you can post that also.  The location I'm at today blocks access to cloud storage, so I will look tonight and see if we can track down your issue. : )

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Thursday, June 20, 2013 4:38 PM
    Answerer
  • David,

    I've uploaded the other log file.

    Thursday, June 20, 2013 4:47 PM
  • Sorry, for the delay.  I've looked through the logs and believe you are setting JoinWorkgroup in your CustomSettings.ini (or perhaps MDT DB if you are using that).  Here's the segment I noticed in your ZTIConfigure.log:

    Updated C:\MININT\Unattend.xml with JoinWorkgroup=WORKGROUP (value was )
    Removed //settings[@pass="specialize"]/component[@name="Microsoft-Windows-UnattendedJoin"]/Identification/JoinDomain entry from C:\MININT\Unattend.xml
    Removed //settings[@pass="specialize"]/component[@name="Microsoft-Windows-UnattendedJoin"]/Identification/Credentials entry from C:\MININT\Unattend.xml
    Removed //settings[@pass="specialize"]/component[@name="Microsoft-Windows-UnattendedJoin"]/Identification/MachineObjectOU entry from C:\MININT\Unattend.xml

    Later, the script is unable to update those values because they had previously been removed.  It is using the Unattend.xml from your Control file, but it updates it based on MDT Variables right before applying.


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Saturday, June 22, 2013 8:23 PM
    Answerer
  • David,

    I do not have it in my CustomSettings.ini:

    ------------------------------------------------------

    [Settings]
    Priority=Default
    Properties=MyCustomProperty

    [Default]

    OSInstall=YES
    SkipApplications=YES
    SkipAppsOnUpgrade=YES
    SkipAdminPassword=YES
    SkipBDDWelcome=YES
    SkipBitLocker=YES
    SkipCapture=NO
    SkipComputerBackup=YES
    SkipDeploymentType=YES
    DeploymentType=NEWCOMPUTER
    DeploymentMethod-UNC
    SkipDomainMembership=YES
    SkipLocaleSelection=YES
    KeyboardLocale=en-US
    UserLocal=en-US
    UILanguage=en-US
    SkipPackageDisplay=YES
    SkipProductKey=YES
    SkipSummary=YES
    SkipFinalSummary=YES
    SkipTimeZone=Yes
    TimeZoneName=Mountain Standard Time
    SkipUserData=YES
    EventService=http://SERVERNAME:9800

    --------------------------------------------------------

    If I set the variables in the task sequence it works, but would prefer to have it read the unattend.xml file correctly.

    Thanks for your continued help!

    Monday, June 24, 2013 2:36 PM
  • Anyone else see any issues with my configuration or have had success using an unattend.xml file to join computers to the domain?
    Wednesday, June 26, 2013 5:46 PM
  • Two things I just noticed:

    DeploymentType=NEWCOMPUTER
    DeploymentMethod-UNC

    One, there is a type in the second line (- vs =).  But secondly, you really can't set either of those in CustomSettings.ini (although you can set DeploymentType by passed parameter when running LiteTouch.vbs).  The scripts dynamically set them... what are you trying to accomplish by setting them manually?

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Wednesday, June 26, 2013 5:54 PM
    Answerer
  • I guess that was hold over from our old configuration. Let me remove them and try a deployment.
    Wednesday, June 26, 2013 9:52 PM
  • David,

    I removed those two lines and the unattended join did not work.

    Wednesday, June 26, 2013 10:36 PM
  • You say you have several domains.

    Do they all run on unique IP-subnets (with unique DGW address)?

    If they do, you coud modify CustomSettings.ini to include someting like this:

    [Settings]
    Priority=DefaultGateway001,Default
    
    [Default]
    SkipDomainMembership=YES
    {other default settings}
    
    [192.168.1.1]
    JoinDomain=domain1.local
    DomainAdmin=joinaccount
    DomainAdminPassword=Pa$$w0rd
    DomainAdminDomain=domain1.local
    
    [192.168.2.1]
    JoinDomain=domain2.local
    DomainAdmin=joinaccount
    DomainAdminPassword=Pa$$w0rd
    DomainAdminDomain=domain2.local
    

    Your machine gets joined to a workgroup because you do NOT include JoinDomain in CustomSettings.ini, which makes MDT use the default: joining a workgroup.

    Hope this helps,

    Martin


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, June 27, 2013 8:14 AM
  • Thanks for the insight Martin. I am trying to avoid using the CustomSettings.ini file and want to use the unattend.xml.

    I do not have the JoinDomain option in my MDT 2010 setup and it works just fine.

    Friday, June 28, 2013 4:20 PM