Wondering about local administrator joining domain in specific OU. RRS feed

  • Question

  • I do not work with AD in our org. I requested that our AD group create a user account that has permissions to join computers to our domain.
    I've been given a user account (ID and p/w) and I use that in MDT so our pc's can join our domain. However, there is only one
    OU to which computers can join.

    I am wondering if anyone is aware of a GPO change that would allow our pc's to join our domain in ANY OU we wish.
    They way we work is... first create a computer name in AD (in that specific OU). Then, MDT will join the pc and auto-logon with
    administrator to finish the cloning process.
    IF the pc is anywhere but that one OU, we get stumped at the security banner and must choose "Other" then manually sign on...then MDT continues on fine.

    What I'm asked to find out is what has to change in AD/GPO so that the local admin can sign on regardless of where the pc name is within AD. I don't use a TS step to join...I have always used the unattend.xml to join. It is the only way I know and would prefer to keep that setup. The hassle is that we have to manually create a pc inside of that OU first, or move it if it already exists. I've looked at moving pc's around with a TS step and all that...nothing I wish to do.

    Monday, September 17, 2018 3:14 PM