Copy credentials to domain join properties


  • Greetings,

      At the beginning of the MDT process, credentials are gathered and stored in the properties - username, userpassword and userdomain.

      When the "recover from domain" step runs post install, I want to use these credentials. So how do I copy username to domainadmin, userdomain to joindomain and domainadmindomain and userpassword to domainadminpassword please?

    Also, I would like to use the userdomain property as part of the target OU e.g.

    MachineObjectOU=OU=Staging,DC=%userdomain%,DC=acme,DC=com ??? Is this possible?


    David Z

    Tuesday, August 6, 2013 12:24 AM


All replies

  • Should just be a simple case of reading it and setting it (haven't tried it):

    oEnvironment.Item("DomainAdmin") = oEnvironment.Item("UserID") oEnvironment.Item("DomainAdminDomain") = oEnvironment.Item("UserDomain") oEnvironment.Item("DomainAdminPassword") = oEnvironment.Item("UserPassword")

    oEnvironment.Item("MachineObjectOU") = "OU=Staging,DC=" & oEnvironment.Item("UserDomain") & ",DC=acme,DC=com"

    Andrew has a great blog / guide on how to use VBScript with MDT here:

    David Coulter | | @DCtheGeek

    • Marked as answer by David Zemdegs Tuesday, August 6, 2013 3:33 AM
    Tuesday, August 6, 2013 2:13 AM
  • Thanks....Could it also be done by inserting task sequence steps to set a TS variable to another variable? Im thinking that maybe the password might not work as I know the oenvironment object calls do encoding and decoding.
    Tuesday, August 6, 2013 3:03 AM
  • Probably, but then it'd be a few steps and as you said might get complicated around the password.  I'd just put it in VBScript or PoSH and have it all done in one place.  Then it could be easily re-used in other Task Sequences going forward.

    David Coulter | | @DCtheGeek

    Tuesday, August 6, 2013 3:28 AM
  • I did as you suggested, but when it ran the Recover from Domain step, it said it had already joined the domain? I dont what could have caused it to automatically join the domain but it put the account in the computers container which I didnt want.
    Tuesday, August 6, 2013 10:59 PM
  • Well, remember that "Recover from Domain" is just another attempt to join the domain in the event the first failed.  If you set MachineObjectOU, then ZTIConfigure would have injected that into the Unattend.xml and it would have been used when the machine first booted up (which is where it probably first joined the domain).  Where did you set this script?  It needs to be at least before "Configure" in Preinstall group, otherwise it'll be too late.

    David Coulter | | @DCtheGeek

    Tuesday, August 6, 2013 11:28 PM
  • Thanks. The problem is that I am now getting the message, "cannot join domain because joinworkgroup = workgroup". I have not set joinworkgroup in customsettings.ini or unattend.xml. Where is it coming from?

    I had a look at the script and indeed if there is a value in joinworkgroup then it will not join the domain. But the microsoft doco says joinworkgroup cannot be blank!!!!!!!!!!!

    So how do I force it to be blank at the time ztidomainjoin runs?

    Friday, August 9, 2013 1:13 AM
  • I found it. I just added 

    oEnvironment.Item("JoinWorkgroup") = ""

    to my script and it worked. So much for the doco saying this cannot be a blank value.

    Saturday, August 10, 2013 5:48 AM