none
Offline domain join with offline media? RRS feed

  • Question

  • We are going to deploy some laptops using offline media.

    The computer names will be generated based on the computer serial numbers.  So we will provision computer accounts in AD based on these serial numbers.

    How can we create a task sequence in an offline media deployment that will automatically do an offline domain join based on the computer name?

    Friday, April 20, 2018 11:13 PM

All replies

  • MDT has a Join domain screen that will prompt for all necessary if.  If you want to automate it here are the settings below:

    To automate the Computername add the following line in your customsettings.ini

    OSDComputername=%SerialNumber%

    To automate joining the domain add the following to customsettings.ini

    JoinDomain= domain systems will join
    DomainAdmin= account with permissions to add systems to domainDomainAdminDomain = domain of account with permissions to add system to domain
    DomainAdminPassword = password for account joining system to domainMachineObjectOU =OU to create computer account in (not needed if computer accounts are created in advance)

    BTW - there is no way to join a domain offline.  The system MUST be on the network to join the domain.

    • Proposed as answer by JiteshKumar Monday, April 23, 2018 4:59 PM
    • Unproposed as answer by Kalimanne Tuesday, April 24, 2018 3:35 AM
    Monday, April 23, 2018 2:24 PM
  • You can do an offline join of the domain, just probably not from offline media.  First off, DJoin is what you would use to create the computer in AD and generate the binary file to perform the offline join.  If you know all of the computers you need to join to the domain, you could stage them in AD, create the binary files, import the binaries into the offline media, and use the media to offline join those machines.  If you have 10 computers and know the 10 serial numbers, you can create the 10 binary files needed and go from there.  If you needed to do this on computers other than the 10 you know and staged, then this would not work.

    One major limitation I see for this, is that you would need to have a DC for the user to authenticate against for them to login the first time.

    https://mizitechinfo.wordpress.com/2014/09/06/simple-step-how-to-use-offline-domain-join-djoin-exe-in-active-directory/

    https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/directaccess-offline-domain-join

    LawsonT


    • Proposed as answer by tonibert Monday, April 23, 2018 5:37 PM
    Monday, April 23, 2018 3:04 PM
  • Good info!  Learn something new every day.

    Thanks

    Monday, April 23, 2018 5:33 PM
  • You can do an offline join of the domain, just probably not from offline media.  First off, DJoin is what you would use to create the computer in AD and generate the binary file to perform the offline join.  If you know all of the computers you need to join to the domain, you could stage them in AD, create the binary files, import the binaries into the offline media, and use the media to offline join those machines.  If you have 10 computers and know the 10 serial numbers, you can create the 10 binary files needed and go from there.  If you needed to do this on computers other than the 10 you know and staged, then this would not work.

    One major limitation I see for this, is that you would need to have a DC for the user to authenticate against for them to login the first time.

    https://mizitechinfo.wordpress.com/2014/09/06/simple-step-how-to-use-offline-domain-join-djoin-exe-in-active-directory/

    https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/directaccess-offline-domain-join

    LawsonT


    There will have a DC available, but on wifi.  The main reason we want offline media and offline domain join is because we have many wireless devices to deploy, MDT doesn't support deployment over wireless and we can't buy usb-ethernet dongles for them all.  Instead we will buy usb thumb drives, deploy with offline media and do an automated offline domain join.  Before the user logs in, they simply connect to wifi.

    We could just build them in a workgroup and manually join to the domain, but offline domain join would be faster if it can all be automated and work with offline media.

    Is there a more efficient way to do this other than offline media with offline domain join?

    Could we have MDT join the wifi at the end of the deployment and join the machine to the domain without throwing errors about deployment can't run on wireless connections?

    Tuesday, April 24, 2018 3:44 AM
  • I dont think there is a more efficient way at this point.  Your assessment of your limitations are spot on.  I feel like you could do a few things though... IDK how you join computers to WiFi, but you could use this option to script the join to WiFi.  Then you could join the domain as one of your later steps and forget about the offline join.

    The most difficult part of this with an offline domain join would be getting the binary to the computer.  You would have to take all your computers that were just delivered, use DJoin to prep them in AD and spit out the binary.  Once you got all of the binaries, you would have to recreate your offline media to incorporate them.  Write some script that picks the correct binary for the right computer (not difficult if the binaries have the SN as the name).

    I would test the Wifi connect script and attempt that first.  It seems like that might be the best bet at this point.  It has less moving parts to maintain in the long run.  Having to recreate your offline media every 1 or 2 weeks for new computers, deployment of broken hardware, or for a new employee, just seems tedious to manage.

    One other option would be to invest in 5 USB NIC dongles and only use them for image deployments.  Just a thought.... You dont need one for every computer, just enough to deploy a few machines.

    Hope this works out for you.

    Tuesday, April 24, 2018 4:54 AM
  • 5 dongles isn't going to do it.  We have 200 laptops to deploy in a day.  It's much cheaper to buy 16GB USB sticks than buying the proprietary Ethernet dongles that will only be used once.  Plus we don't have enough network connections to do that many in a day on a wired network.

    Since it's a one time project with known serial numbers, it could be possible to somehow script it out from a text file of computer names with everything saved onto the offline media, but automating joining wifi and joining the domain via scripts could be easier if it works.



    • Edited by Kalimanne Tuesday, April 24, 2018 6:47 AM
    Tuesday, April 24, 2018 6:45 AM
  • I was using the 5 as a for instance, but I definitely get what you are saying about time and network port limitations.

    IMO, I would start with the connect to WiFi script to see if that works... then just join the domain with a TS Step after you connect to the WiFi.  If that doesn't work, you can probably script the DJoin to run all 200 known SN's, generate the binaries, and add the files to the deployment share.  Once those are available, call DJoin with the appropriate switches to access the binary file for that computer at deploy time.


    Tuesday, April 24, 2018 5:51 PM