none
Really very rudimentary 'join to domain' question.

    Question

  • This is a very basic MDT question but I am not clear on this. In my setup, we first manually add computers to AD.
    Then, we clone the pc through MDT and in the Wizard, type in the computer name that the pc will have. In my INI, I specify the domain, the domain admin name, p/w and OU.

    I do not know the purpose of this, however. We've already created a pc name in that OU before kicking off a deploy.
    I guess my question is: Without having to first manually add the pc name into AD, how can MDT handle that? Does/can MDT create the computer in AD when you type in the name in the Wizard? I'm guessing so, since that window exists, but unless I first add the pc to AD, the 'join domain' step fails because it doesn't see the pc in AD.

    Can someone explain how MDT adds the computer to that OU and thus joins to the domain during MDT?
    Thanks

    Friday, May 18, 2018 1:54 PM

All replies

  • If your domain join step fails, then it is most likely related to the djoin account not having sufficient permissions. Btw, MDT does indeed create a computer account if it does not exist, it will, however, not move an already existing account to a different OU you specify in the wizard / CS.ini.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Friday, May 18, 2018 3:38 PM
  • So discussing this here a bit, by the time we look up an available pc name, they think it might be just as good to add the name into AD at that time. The point being, as they are now seeing it, you don't want to tell MDT to add a pc into AD if one already exists. What would it do at that point? So, I think for now they are having techs manually look up an available pc name and go ahead and add it manually while in there. If there is some easy logic as for what MDT is to do with a duplicate possible name, that might be worth looking into, though.
    Friday, May 18, 2018 3:43 PM
  • Well, basically, if you type in a computer name being already in use, this will basically remove the other computer from domain. Most of my customers either rely on the MDT database for prestaging or use a web service to query AD and return the next available computer name.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Friday, May 18, 2018 5:12 PM
  • I recall one issue in my way with this method. (we never do things easily)....

    When we add a pc to AD, we also add, in the 'User or group:' field, a group which contains all of the tech support people. This allows everyone in the group to move the computers around and such. Is that something that can be added while creating the pc in AD, through MDT?

    Friday, May 18, 2018 5:19 PM
  • Yeah. However, scripting to achieve this can be somewhat messy as it involves ADSI queries most of the time.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Friday, May 18, 2018 5:27 PM
  • Soooo.....I'm thinking if techs have to go in and add the USS group in AD for each pc, they may as well just pre-add the computer into AD in our cloning OU. Technically, then, I should be able to remove the MachineObjectOU=OU=our open ou?

    I think I still need to keep the
    JoinDomain=xxxx
    DomainAdmin=xxxx
    DomainAdminDomain=xxxx
    DomainAdminPasword=xxxx

    so they can join, but I can delete the line
    MachineObjectOU=OU=our OU?

    Thanks


    And if I do, would I need to make a new boot.wim?
    Friday, May 18, 2018 5:32 PM
  • You could, in this case MDT should default to the Computer OU, if a computer account does not already exist. No need to regenerate your boot images as you are making modifications to your CustomSettings.ini. Modifying your Bootstrap is a different story - this action always requires boot image regen.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Saturday, May 19, 2018 8:17 AM