windows 7 sysprep won't auto-join domain

All replies

• 

  

  0

  Sign in to vote

  Also, does the order of where I place the unattendedJoin component matter? In other words, in my xml file I have it listed 4th in my specialize pass...should I instead place it 1st? 2nd? Thank you

  
  

  edit: I just noticed that WSIM automatically adds components to the unattend file in the correct order, so disregard this question. 

  Thursday, March 4, 2010 8:57 PM
• 

  

  1

  Sign in to vote

  To be honest, I am not certain how it works. I would assume that in order for the computer to join the domain, the computer name should be known before that stage. This might not be true tho, I hope someone else can shed some light on that issue.
  
  However, the way I solved it was during the PE stage where I created a HTA application that asks for the computer name as input (it automattically suggests the name DNS name). This input is then saved into the unattend.xml file and copied back to C:\Windows\Panther just before Windows Setup does its first reboot.
  
  This might not be a solution for you if your not using a custom PE image.
  
  Have you tried just to test with a unattend.xml image file where you state the computer name under Microsoft-Windows-Shell-Setup -> <ComputerName>
  
  If that works, it suggests that it needs to know the computer name before the first reboot.
  
  How do you deploy the image? do you use WDS, MDT or SCCM or something else?

  Thursday, March 4, 2010 9:58 PM
• 

  

  0

  Sign in to vote

  Yes you are correct the computer name needs to be known by AD before it can join. For this reason, I have it set up so that it prompts for the computer name at first startup. This is how we did it with our xp images and it has always worked great.  Now with this win7 image, I enter the computer name at first startup but then does not join the domain anyway.   I'm using ghost 2.5 for deployment.  I don't think ghost is a factor since I can't join the domain even if I simply restart the computer after sysprepping (without touching ghost).

  
  

  I haven't tried hardcoding the computer name into the xml file but will give that a try and post here.  thank you very much for responding.

  Thursday, March 4, 2010 10:13 PM
• 

  

  1

  Sign in to vote

  Sorry, I wasnt quite clear. I wasnt thinking about the machine account in AD, I was thinking how Windows Setup reads the unattend.xml file.
  If the computer name does not exist in the unattend.xml image file, then I'm not sure if Windows Setup can use UnattendedJoin - this is what I hope someone can clarify.

  I do not have experience with Ghost Solution Suite 2.5, but I assume it should work okay even tho it states its compatible with Windows Vista.
  Is the Ghost Console still buggy and crash when you inhale some air while looking at it?
  
  Post back the result of the custom unattend.xml image with a hardcoded computer name included.

  Thursday, March 4, 2010 10:28 PM
• 

  

  0

  Sign in to vote

  Naw...ghost 2.5 is pretty stable, we have been using it a while now hehe. No complaints here.

  
  

  I hardcoded the computer name into the xml file and it still does not join.  I will continue to try and  post here if I solve it, although I have exhausted close to all possible solutions I have come across.  Its not really a deal breaker since it takes maybe 60 seconds to join the domain manually once it boots up but that is a step I would prefer to avoid as I'm sure you can understand.

  Friday, March 5, 2010 5:42 PM
• 

  

  1

  Sign in to vote

  I have experienced the same problem myself, but I then solved it by creating the XML file step by step.
  Try and make a new test.xml where your only goal is to join the domain.
  
  * Make sure the computer account exists in AD
  * In the XML-file, make sure you enter the credentials for joining the domain correcty, and make sure that the account have the required rights to the OU the computer object resides.
  
  Ill show you how mine looks like, maybe it will help - Keep in mine that its for the 64-bit versjon of Windows 7 Enterprise and not the 32-but which you use.
  
  

  <?xml version="1.0" encoding="utf-8"?>
  <unattend xmlns="urn:schemas-microsoft-com:unattend">
      <settings pass="specialize">
          <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <Identification>
                  <Credentials>
                      <Domain>testlab.local</Domain>
                      <Password>DeploymentUserPassword</Password>
                      <Username>DeploymentUsername</Username>
                  </Credentials>
                  <JoinDomain>testlab.local</JoinDomain>
              </Identification>
          </component>
          <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <ComputerName>TESTCOMPUTER</ComputerName>
          </component>
      </settings>
      <settings pass="oobeSystem">
          <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <InputLocale>en-US</InputLocale>
              <SystemLocale>en-US</SystemLocale>
              <UILanguage>en-US</UILanguage>
              <UserLocale>en-US</UserLocale>
          </component>
          <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <OOBE>
                  <HideEULAPage>true</HideEULAPage>
                  <ProtectYourPC>1</ProtectYourPC>
                  <SkipMachineOOBE>true</SkipMachineOOBE>
              </OOBE>
              <TimeZone>Pacific Standard Time</TimeZone>
              <UserAccounts>
                  <AdministratorPassword>
                      <Value>AInsaneLongPasswordWhichIsEvenVeryHardToType</Value>
                      <PlainText>false</PlainText>
                  </AdministratorPassword>
              </UserAccounts>
          </component>
      </settings>
      <cpi:offlineImage cpi:source="catalog:h:/image/windows 7 (x64)/image/install_windows 7 enterprise.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
  </unattend>

  • Marked as answer by Mindseye Tuesday, March 9, 2010 7:04 PM

  Friday, March 5, 2010 10:30 PM
• 

  

  0

  Sign in to vote

  Great.. I will give it a try.  I'm also wondering if user control access setting on the image might be interfering in some way with join domain.

  Monday, March 8, 2010 11:23 PM
• 

  

  0

  Sign in to vote

  So that simple join unattend was able to join the domain!  Now I will rebuild the rest of the xml file carefully step by step and hopefully have a fully functional xml at the end.  Thanks for all your help :)

  Tuesday, March 9, 2010 7:06 PM
• 

  

  1

  Sign in to vote

  Great work!
  Good luck on the rest of the configuration, hope it all works out the way you want it to :)

  Tuesday, March 9, 2010 9:33 PM
• 

  

  0

  Sign in to vote

  There have been a number of discussions regarding this, including http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/22b689ab-b4e7-4b57-bdb9-73a1a16058f2.
  
  From what I've seen, as I mention in the discussion, it seems that the workstation tries to join the Domain before it prompts for a Computername, which causes the issue.
  
  If using a generic sysprep for many machines then you either need to 'insert' the correct workstation name in sysprep using an automated method, as supported by MSCCM, Altiris etc. or use the * option in sysprep which creates a unique name.
  
  Cheers, Simon.

  Wednesday, March 10, 2010 2:01 PM
• 

  

  0

  Sign in to vote

  This issue had done my head in for a while, but there is away to get around this without having to pre-stage the computer account in AD. Seems the answer file does not allow you to join the domain unless there is a computer account already with that name, which when deploying hundreds of machines is going to be a pain in the backside for imaging the machines.

  But however, if you are deploying your images using Windows Deployment Services your in luck, you can set this up with where to create the computer account in AD a naming and a naming convention. Once the install image is on your box its also on the domain with you not having to do a thing. In fact the box to give a computer name is not displayed, only the initial user name when running through the bits of set-up. Of course if you have a strict naming convention for machines like we do then you may not be happy with the computer name given, but again its easy enough to run a script for the first time you log-in, just asking to change the computer name delete the temp account etc, easy once you have created a script and saves having a pre-stage an account everytime.

  Seems Windows Deployment Services does make it easier when having to image a whole bunch of machines.

  • Proposed as answer by DoubleDownBrown Tuesday, September 21, 2010 12:57 PM

  Tuesday, September 21, 2010 12:53 PM