none
Copy credentials to domain join properties

    Question

  • Greetings,

      At the beginning of the MDT process, credentials are gathered and stored in the properties - username, userpassword and userdomain.

      When the "recover from domain" step runs post install, I want to use these credentials. So how do I copy username to domainadmin, userdomain to joindomain and domainadmindomain and userpassword to domainadminpassword please?

    Also, I would like to use the userdomain property as part of the target OU e.g.

    MachineObjectOU=OU=Staging,DC=%userdomain%,DC=acme,DC=com ??? Is this possible?

    Thanks

    David Z

    Tuesday, August 06, 2013 12:24 AM

Answers

All replies

  • Should just be a simple case of reading it and setting it (haven't tried it):

    oEnvironment.Item("DomainAdmin") = oEnvironment.Item("UserID") oEnvironment.Item("DomainAdminDomain") = oEnvironment.Item("UserDomain") oEnvironment.Item("DomainAdminPassword") = oEnvironment.Item("UserPassword")

    oEnvironment.Item("MachineObjectOU") = "OU=Staging,DC=" & oEnvironment.Item("UserDomain") & ",DC=acme,DC=com"


    Andrew has a great blog / guide on how to use VBScript with MDT here: http://scriptimus.wordpress.com/2012/04/16/mdt-scripting-using-vbscript-expressions-in-customsettings-ini-file/


    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    • Marked as answer by David Zemdegs Tuesday, August 06, 2013 3:33 AM
    Tuesday, August 06, 2013 2:13 AM
    Answerer
  • Thanks....Could it also be done by inserting task sequence steps to set a TS variable to another variable? Im thinking that maybe the password might not work as I know the oenvironment object calls do encoding and decoding.
    Tuesday, August 06, 2013 3:03 AM
  • Probably, but then it'd be a few steps and as you said might get complicated around the password.  I'd just put it in VBScript or PoSH and have it all done in one place.  Then it could be easily re-used in other Task Sequences going forward.

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Tuesday, August 06, 2013 3:28 AM
    Answerer
  • I did as you suggested, but when it ran the Recover from Domain step, it said it had already joined the domain? I dont what could have caused it to automatically join the domain but it put the account in the computers container which I didnt want.
    Tuesday, August 06, 2013 10:59 PM
  • Well, remember that "Recover from Domain" is just another attempt to join the domain in the event the first failed.  If you set MachineObjectOU, then ZTIConfigure would have injected that into the Unattend.xml and it would have been used when the machine first booted up (which is where it probably first joined the domain).  Where did you set this script?  It needs to be at least before "Configure" in Preinstall group, otherwise it'll be too late.

    David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek

    Tuesday, August 06, 2013 11:28 PM
    Answerer
  • Thanks. The problem is that I am now getting the message, "cannot join domain because joinworkgroup = workgroup". I have not set joinworkgroup in customsettings.ini or unattend.xml. Where is it coming from?

    I had a look at the script and indeed if there is a value in joinworkgroup then it will not join the domain. But the microsoft doco says joinworkgroup cannot be blank!!!!!!!!!!!

    So how do I force it to be blank at the time ztidomainjoin runs?

    Friday, August 09, 2013 1:13 AM
  • I found it. I just added 

    oEnvironment.Item("JoinWorkgroup") = ""

    to my script and it worked. So much for the doco saying this cannot be a blank value.

    Saturday, August 10, 2013 5:48 AM