none
Domain Join Issue RRS feed

  • Question

  • Hi All!

    I am using a standard task sequence to deploy previous captured gold image and install some apps.

    For some of the machines I have to use autologon and change local admin password. I've created a GPO and link it to a specific OU and within a deployment pinpoint to that OU at task sequence wizard. The problem is, after the Recover from domain step, new machine applies the GPO settings and breaks the deployment process, as it cannot be continued because of local admin pw changed.

    I've tried to move Recover from domain step to the task sequence end, in this scenario everything installed correctly, but TS still cannot completed, if I try to deploy this machine again, MDT find broken installation and cannot continue.

    How can I accomplish this task?

    Is it possible to use LTICleanup script where I can use machine OU variable? E.g.:

    if %MachineObjectOU% -contains  "OU1" then

    autologon settings....

    ..etc. 

    Thanks in advance!

    Tuesday, July 7, 2015 3:58 AM

Answers

  • Thanks for you replies!

    I've accomplished the task by scripting logic in LTICleanup.wsf based on machine name. For certain names autologon settings are applied for other not.

    Thursday, July 9, 2015 5:42 AM

All replies

  • Can you post your logs from when you change the recover from domain step later?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, July 7, 2015 5:14 PM
    Moderator
  • This is actually a quite common problem. You want to delay joining the domain until as late in the TS as possible, the very last step if you can, and then the trick is, you edit the ZTIDomainJoin.wsf file to skip the required reboot after joining the domain.

    Skipping the reboot allows the task sequence to finish. Set the Task sequence FINISHACTION=REBOOT, to force the reboot after everything is done.

    You set your domain join parameters as usual in the wizard or database, and then in the TS, you save them to variables, change to a workgroup deploy, then at the end, you restore the domain join parmaters from wher eyou saved them. Follow these instructions:

    https://mdtguy.wordpress.com/2014/06/13/delaying-domain-join-when-legal-notices-break-mdt-autologin/


    • Proposed as answer by JoeZeppy Wednesday, July 8, 2015 6:15 PM
    • Edited by JoeZeppy Wednesday, July 8, 2015 6:20 PM
    Wednesday, July 8, 2015 6:15 PM
  • Thanks for you replies!

    I've accomplished the task by scripting logic in LTICleanup.wsf based on machine name. For certain names autologon settings are applied for other not.

    Thursday, July 9, 2015 5:42 AM