locked
Delete AD Machine Account During Deployment RRS feed

  • Question

  • I was wondering if anyone might have an idea on how to fix an issue I'm running into. The issue I'm running into is modifying machine accounts in AD that were created by a domain admin. When we first started using WDS and MDT for our imaging process as a company we started using a domain admin account to join the machines to the domain. Well with MDT storing that password in plain text we want to stop using that account and using a more toned down service account. Everything works fine if the machine isn't already in AD, our service account will join the machine to the domain like it should but when we try to join a machine that was created with our domain admin account we get a permissions issue.

    Has anyone else had a run in similar to this and is the only option left to manually delete the machine before imaging? I've tried to run a PowerShell script during a task sequence but since the machine isn't joined to the domain the script isn't able to access AD.

    Wednesday, January 25, 2017 4:31 PM