add computer to AD group and local admin group
-
Saturday, August 04, 2012 1:00 PM
We normally do the following:
1. For each freshly created PC in AD, add a group to the PC that applies policy.
2. Manually add a domain group to local admin for developers that need it.
I think that I understand how to do #2 (Administrators001=DOMAIN\GroupName in my cs.ini), but I'd like to figure out how to do #1.
The main problem is that #1's policy will be renaming the local administrator account, so I need it to apply before the auto-login step in the deployment sequence (so I can have it properly auto-login and finish the deployment).
I did see this old post, but I was sorta hoping that there was something awesome built in by now, or something easier.
All Replies
-
Sunday, August 05, 2012 7:43 PM
No such thing is built-in.
In general it's suggested to use a staging OU where there's no GPO's that affect the deployment, and as a last step of the deployment move the computer account to a different OU. This way the task sequence can complete normally and once it's done, the GPO can take effect to rename the admin account after the reboot.
And the post you found should still apply to solve the issue regarding adding the computer object to a security group.
Kind regards,
Stephan Schwarz.
If one of these posts answered your question or issue, please click on "Mark as answer".
My Blog | Twitter: @Schwarz_Stephan | MCTS, MCITP, MCSA, MCC-2011.
How to configure Windows RE/OEM Recovery Partition with MDT
- Edited by Stephan Schwarz Sunday, August 05, 2012 7:43 PM
- Edited by Stephan Schwarz Sunday, August 05, 2012 7:44 PM
- Marked As Answer by VulturEMaN Monday, August 06, 2012 12:23 PM
.png)
