none
UDI with MDT-only (non-SCCM) - domain join fails

    Question

  • Hi fellas,

    I was using Lee Stevens' blog, found here, to harness a particular capability of the UDI that MDT doesn't have natively:  to produce a dropdown menu of available domains, along with a list of OUs that change depending on which domain is selected.

    I found that, while the computer does name itself correctly, the domain cannot be joined successfully, and on further investigation discovered the reason to be that the credentials specified in the Domain Join Credentials portion of the UDI were not being passed into the domain join attempt, as the screenshot of netsetup.log shows below:

    Subsequent attempts to join to the domain manually work fine, and show the account used in netsetup.log.

    Troubleshooting further, I added the domain credentials and password directly into customsettings.ini, and the machine successfully joined to the domain after the next reimage.  I had hoped to avoid that in production, preferring the way it works natively (authentication credentials are passed to the domain-join credentials in MDT's ComputerName page).  I didn't want to add credentials in cleartext anywhere in MDT if I could avoid it.

    Troubleshooting yet further, I removed the credentials from customsettings and tried pre-filling them in the UDI wizard designer.

    On the next attempt, I manually entered my password in the wizard, and the machine failed to join the domain.  It did, however, try to use the username specified during the domain join - it looks like it just left out the password when it tried.

    I realize UDI is designed to work in conjunction with SCCM and so I'm going off in the weeds here, but I was wondering if anyone else might've tried this.  The holy grail would be to automatically use authentication credentials for the domain join as specified in the UDI.  Thanks.





    • Edited by Atreus21 Friday, August 10, 2018 6:43 PM
    Friday, August 10, 2018 4:31 PM

Answers

  • If anyone's interested, I think I figured this out, although not without some issues.

    You have to create three "Set Task Sequence Variable" tasks in the task sequence:

    JoinDomain set to value %OSDDomainName%

    MachineObjectOU set to value %OSDDomainOUName%

    Domain Admin set to value %OSDJoinAccount%

    DomainAdminPassword set to value %OSDJoinPassword%

    I created those right after the first step in the task sequence, which calls the UDI wizard as per the original blog I mentioned.

    After this change, the machine joined the domain and dropped in the correct OU.  However:

    ISSUE 1:  Offline User State Capture

    I had to disable the entire Offline User State Capture folder, as the UDI wizard sets the variable in such a way as to invoke the process.  In my case, as I don't use USMT at all in my deployments, that brought the task sequence to a halt and it errored out.  Disabling the folder resolved this issue.

    ISSUE 2:  Imaging to workgroup

    Trying to image to a workgroup makes the task sequence freeze at the Configure step.  I tried fiddling with the UDI variable %OSDJoinWorkgroup% but it made no difference.  That's an acceptable sacrifice for me, as we can always join a domain initially and pull it into a workgroup manually post-deployment.

    • Edited by Atreus21 Thursday, August 16, 2018 4:03 PM
    • Marked as answer by Atreus21 Thursday, August 16, 2018 4:04 PM
    Thursday, August 16, 2018 3:55 PM