none
WDS -- Auto-join Domain on Windows 10 and Setting PC name problems RRS feed

  • Question

  • Hello,

    We are currently in the testing phase of setting up WDS in our organization and are running into a few small problems.  Right now we have WDS on Server 2016 on a separate VLAN and this server also hosts the DHCP for that VLAN.  It can still talk to the other servers and most importantly talk to our AD domain.

    The problem I am running into is that on Windows 10 we seem to be unable to properly join a domain unattended.  We created a service account for the purpose and it works just fine on Windows 7 unattended installs.  It also works properly to connect to the WDS to get the list of images available.  What happens is after the first boot when it's prepping for the OOBE the machine will reboot and then say "Why did my PC restart?".  If we click OK then it will set it up properly on the next boot.  This can't be right.  I've also noticed that the checkboxes for joining a domain or not joining one in WDS properties appear to do nothing.  Ideally, I'd like to have it just setup the Administrator account silently the autologon to the service account so we can install our AV and any custom per-user software as a final step.  We have a group policy in effect that renames the Administrator account to something else and sets a password only we know and locks out the account on that machine.  Right now, it sets up an WDSAdmin account and autologon to this so we have to join the domain as a final step and rename the machine.  On reboot we logon to a domain admin account and remove the WDSAdmin account.

    Another problem we are having is that during approval process we set a machine name and this does not seem to get passed over to Windows.  I thought this would do this and I would like it to do so.

    We have two unattended files.  One is pointed to the image itself which does specialize and oobe pass.  During approval, we have an unattended for WinPE for picking an image and disk setup.  It also mirrors the specialize pass.  I am not sure if that is necessary, but I've seen that done as examples elsewhere.

    Here is our install XML we pick during the approval process:

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="windowsPE">
            <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SetupUILanguage>
                    <WillShowUI>OnError</WillShowUI>
                    <UILanguage>en-US</UILanguage>
                </SetupUILanguage>
                <InputLocale>en-US</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UILanguageFallback>en-US</UILanguageFallback>
                <UserLocale>en-US</UserLocale>
            </component>
            <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <WindowsDeploymentServices>
                    <Login>
                        <Credentials>
                            <Domain>XXX</Domain>
                            <Password>XXX</Password>
                            <Username>XXX</Username>
                        </Credentials>
                    </Login>
                    <ImageSelection>
                        <InstallImage>
                            <ImageGroup>Win_10_Pro_VLK</ImageGroup>
                            <ImageName>Win_10_Pro_VLK_VMWare_Unattend</ImageName>
                            <Filename>Win_10_Pro_VLK_VMWare_Unattend-(2).wim</Filename>
                        </InstallImage>
                        <InstallTo>
                            <DiskID>0</DiskID>
                            <PartitionID>4</PartitionID>
                        </InstallTo>
                    </ImageSelection>
                </WindowsDeploymentServices>
                <DiskConfiguration>
                    <Disk wcm:action="add">
                        <CreatePartitions>
                            <CreatePartition wcm:action="add">
                                <Order>1</Order>
                                <Size>500</Size>
                                <Type>Primary</Type>
                                <Extend>false</Extend>
                            </CreatePartition>
                            <CreatePartition wcm:action="add">
                                <Order>2</Order>
                                <Type>EFI</Type>
                                <Extend>false</Extend>
                                <Size>100</Size>
                            </CreatePartition>
                            <CreatePartition wcm:action="add">
                                <Order>3</Order>
                                <Extend>false</Extend>
                                <Size>16</Size>
                                <Type>MSR</Type>
                            </CreatePartition>
                            <CreatePartition wcm:action="add">
                                <Order>4</Order>
                                <Extend>true</Extend>
                                <Type>Primary</Type>
                            </CreatePartition>
                        </CreatePartitions>
                        <ModifyPartitions>
                            <ModifyPartition wcm:action="add">
                                <Active>false</Active>
                                <Format>NTFS</Format>
                                <Label>Recovery</Label>
                                <Order>1</Order>
                                <PartitionID>1</PartitionID>
                                <TypeID>DE94BBA4-06D1-4D40-A16A-BFD50179D6AC</TypeID>
                            </ModifyPartition>
                            <ModifyPartition wcm:action="add">
                                <Order>4</Order>
                                <Label>Windows</Label>
                                <Format>NTFS</Format>
                                <Letter>C</Letter>
                                <PartitionID>4</PartitionID>
                            </ModifyPartition>
                            <ModifyPartition wcm:action="add">
                                <Order>3</Order>
                                <PartitionID>3</PartitionID>
                            </ModifyPartition>
                            <ModifyPartition wcm:action="add">
                                <Order>2</Order>
                                <Format>FAT32</Format>
                                <Label>System</Label>
                                <PartitionID>2</PartitionID>
                            </ModifyPartition>
                        </ModifyPartitions>
                        <DiskID>0</DiskID>
                        <WillWipeDisk>true</WillWipeDisk>
                    </Disk>
                    <WillShowUI>OnError</WillShowUI>
                </DiskConfiguration>
                <UserData>
                    <ProductKey>
                        <Key>XXX</Key>
                        <WillShowUI>OnError</WillShowUI>
                    </ProductKey>
                    <AcceptEula>true</AcceptEula>
                    <FullName>XXX</FullName>
                    <Organization>XXX</Organization>
                </UserData>
            </component>
        </settings>
        <settings pass="specialize">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <ProductKey>XXX</ProductKey>
                <SignInMode>1</SignInMode>
                <DoNotCleanTaskBar>false</DoNotCleanTaskBar>
                <TimeZone>Eastern Standard Time</TimeZone>
            </component>
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>en-US</InputLocale>
                <SystemLocale>en-US</SystemLocale>
                <UILanguage>en-US</UILanguage>
                <UILanguageFallback>en-US</UILanguageFallback>
                <UserLocale>en-US</UserLocale>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:d:/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>

    Here is our XML we add to the image in the properties:

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="specialize">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DesktopOptimization>
                    <GoToDesktopOnSignIn>true</GoToDesktopOnSignIn>
                    <ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar>
                </DesktopOptimization>
                <ProductKey>XXX</ProductKey>
                <SignInMode>1</SignInMode>
                <DoNotCleanTaskBar>false</DoNotCleanTaskBar>
                <TimeZone>Eastern Standard Time</TimeZone>
                <ComputerName>WDSLab</ComputerName>
            </component>
        </settings>
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <DesktopOptimization>
                    <GoToDesktopOnSignIn>true</GoToDesktopOnSignIn>
                    <ShowWindowsStoreAppsOnTaskbar>false</ShowWindowsStoreAppsOnTaskbar>
                </DesktopOptimization>
                <UserAccounts>
                    <LocalAccounts>
                        <LocalAccount wcm:action="add">
                            <Password>
                                <Value>XXX</Value>
                                <PlainText>false</PlainText>
                            </Password>
                            <Description>Local Administrator Account</Description>
                            <DisplayName>WDSAdmin</DisplayName>
                            <Group>Administrators</Group>
                            <Name>WDSAdmin</Name>
                        </LocalAccount>
                    </LocalAccounts>
                </UserAccounts>
                <OOBE>
                    <HideEULAPage>true</HideEULAPage>
                    <HideLocalAccountScreen>true</HideLocalAccountScreen>
                    <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                    <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                    <ProtectYourPC>3</ProtectYourPC>
                </OOBE>
                <DoNotCleanTaskBar>false</DoNotCleanTaskBar>
                <SignInMode>1</SignInMode>
                <TimeZone>Eastern Standard Time</TimeZone>
                <AutoLogon>
                    <Password>
                        <Value>XXX</Value>
                        <PlainText>false</PlainText>
                    </Password>
                    <Enabled>true</Enabled>
                    <Username>WDSAdmin</Username>
                    <LogonCount>1</LogonCount>
                </AutoLogon>
            </component>
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>en-US</InputLocale>
                <UILanguage>en-US</UILanguage>
                <UILanguageFallback>en-US</UILanguageFallback>
                <UserLocale>en-US</UserLocale>
                <SystemLocale>en-US</SystemLocale>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:c:/users/franks/desktop/win10_aik/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>

    EDIT: I stripped out UnattendedJoin in the unattended file (since it was causing issues in Win10) but it was applied during the Specialize stage with amd64_Microsoft-Windows-UnattendedJoin.  We are not using UnsecureJoin.
    • Edited by FHSapone Tuesday, September 11, 2018 1:21 PM Info about UnattendedJoin
    Tuesday, September 11, 2018 1:19 PM

All replies

  • I should also mention that we make our images with VirtualBox.  Basically, we install Windows 10 with no networking and boot right into Audit mode on first boot.  From there, we install Office and a few other small apps that we need and then do OOBE generalize.  I mount the VHD and run DISM /capture-image and add it to the WDS.  We are not using SCCM/MDT/etc.
    Tuesday, September 11, 2018 1:24 PM
  • Hi,

    If possible, try to specify <UnsecureJoin>true</> in the answer file and check the result. 

    >on Windows 10 we seem to be unable to properly join a domain unattended.
    As a workaround, you may consider of join client system to domain using PowerShell script.

    Reference “Unattended install Windows 10 using Windows Deployement Service on Win Server 2012 R2” for detail scripts:
    https://geekdudes.wordpress.com/2015/10/30/unattended-install-windows-10-using-windows-deployement-service-on-win-server-2012-r2/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 13, 2018 8:36 AM
    Moderator
  • Adding a powershell script directly to the image to runonce will be unacceptable in our organization.  We have ITAR, DoD, and other types of users that must be segregated and audited so that is too much of a security risk to have service accounts for this purpose and to trust that the script gets deleted after execute is no good.

    Also, adding a script directly to the image will be bad because we actually do have some users that have laptops that never join the domain.  I was hoping an unattended file that we point to during the install process would make this faster but I guess this is not working properly in Windows 10?

    Friday, September 14, 2018 12:59 PM
  • Bump.  Still looking for a solution to this.
    Tuesday, October 9, 2018 3:55 PM
  • Bump.  Still looking.
    Tuesday, October 30, 2018 8:04 PM
  • Two months later and we are still wondering if/when Microsoft will resolve this issue as Windows 7 is able to join the domain just fine.
    Tuesday, November 20, 2018 8:55 PM
  • Don't know if you ever got this working but we FINALLY got it working with the following unattend files.  For the record, we were also experiencing issues when trying to do domain join on our usual "Workstations" OU with UnsecureJoin just like we've been doing for several years but it worked fine in the default "Computers" folder.

    Many tests ended up pointing the problem to a GPO we have applying on that OU.  I have no idea how a GPO can interfere with a computer during the OOBE process before it even logs in or why it only affects Windows 10 but there you go.  Disabling the GPO or rather moving the default WDS deployment OU elsewhere where the GPO does not apply "fixed" our issue.  We're still running tests to find a way to get it working with the GPO.  Currently investigating upgrading the servers to 2019 as well as the domain functional level to see if it makes a difference.

    Anyway, here are the files.  Please note that we install the OS in French on our end so you'll have to adjust the languages accordingly.

    WDSunattend-UEFI.xml - The WDS account referenced in the WDS -> Login -> Credentials section only has the minimal necessary delegated permissions to allow adding computers to the domain.  Nothing was changed here between our deployment of Win8.1 and Win10.

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="windowsPE">
            <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <WindowsDeploymentServices>
                    <Login>
                        <Credentials>
                            <Domain>XXX</Domain>
                            <Username>XXXXXX</Username>
                            <Password>XXXXXXXXXXXXXXXXXX</Password>
                        </Credentials>
                        <WillShowUI>OnError</WillShowUI>
                    </Login>
                    <ImageSelection>
                        <InstallTo>
                            <DiskID>0</DiskID>
                            <PartitionID>3</PartitionID>
                        </InstallTo>
                        <WillShowUI>OnError</WillShowUI>
                    </ImageSelection>
                </WindowsDeploymentServices>
                <UserData>
                    <AcceptEula>true</AcceptEula>
                    <Organization>XXXXXXXXXXXXXXXXXX</Organization>
                </UserData>
                <DiskConfiguration>
                    <Disk wcm:action="add">
                        <CreatePartitions>
                            <CreatePartition wcm:action="add">
                                <Extend>true</Extend>
                                <Order>3</Order>
                                <Type>Primary</Type>
                            </CreatePartition>
                            <CreatePartition wcm:action="add">
                                <Order>2</Order>
                                <Size>128</Size>
                                <Type>MSR</Type>
                            </CreatePartition>
                            <CreatePartition wcm:action="add">
                                <Order>1</Order>
                                <Type>EFI</Type>
                                <Size>200</Size>
                            </CreatePartition>
                        </CreatePartitions>
                        <ModifyPartitions>
                            <ModifyPartition wcm:action="add">
                                <Active>false</Active>
                                <Format>NTFS</Format>
                                <Label>OS</Label>
                                <Letter>C</Letter>
                                <Order>1</Order>
                                <PartitionID>3</PartitionID>
                                <Extend>false</Extend>
                            </ModifyPartition>
                        </ModifyPartitions>
                        <DiskID>0</DiskID>
                        <WillWipeDisk>true</WillWipeDisk>
                    </Disk>
                    <WillShowUI>OnError</WillShowUI>
                </DiskConfiguration>
            </component>
            <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <SetupUILanguage>
                    <UILanguage>fr-CA</UILanguage>
                    <WillShowUI>OnError</WillShowUI>
                </SetupUILanguage>
                <InputLocale>0c0c:00001009</InputLocale>
                <SystemLocale>fr-CA</SystemLocale>
                <UILanguage>fr-CA</UILanguage>
                <UserLocale>fr-CA</UserLocale>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:c:/temp/install.wim" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>

    ImageUnattend-Win10.xml - The only change here between our Win8.1 and Win10 deployment is the inclusion of the following field and value -> <ComputerName>%MACHINENAME%<$ComputerName> in the "Microsoft-Windows-Shell-Setup" section of the "Specialize" pass.

    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="oobeSystem">
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>0c0c:00001009</InputLocale>
                <SystemLocale>fr-CA</SystemLocale>
                <UILanguage>fr-CA</UILanguage>
                <UserLocale>fr-CA</UserLocale>
            </component>
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <OOBE>
                    <HideEULAPage>true</HideEULAPage>
                    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                    <ProtectYourPC>3</ProtectYourPC>
                    <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                    <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                </OOBE>
                <TimeZone>Eastern Standard Time</TimeZone>
                <RegisteredOrganization>XXXXXXXXXXXXXXX</RegisteredOrganization>
                <RegisteredOwner>XXXXXXXXXXX</RegisteredOwner>
            </component>
        </settings>
        <settings pass="specialize">
            <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <ComputerName>%MACHINENAME%</ComputerName>
                <RegisteredOrganization>XXXXXXXXXXXXXXXXXX</RegisteredOrganization>
                <RegisteredOwner>XXXXXXXXXXX</RegisteredOwner>
                <TimeZone>Eastern Standard Time</TimeZone>
            </component>
            <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <InputLocale>0c0c:00001009</InputLocale>
                <SystemLocale>fr-CA</SystemLocale>
                <UILanguage>fr-CA</UILanguage>
                <UserLocale>fr-CA</UserLocale>
            </component>
            <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <Identification>
                    <JoinDomain>XXXXXXXXXXXXXX</JoinDomain>
                    <UnsecureJoin>true</UnsecureJoin>
                    <MachinePassword>%MACHINEPASSWORD%</MachinePassword>
                </Identification>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:c:/temp/install.wim" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>

    Hopefully this helps you or anybody else having issues like I was.  It took me WEEKS of tweaking and tests before I figured out the GPO was the issue.

    Cheers!



    • Proposed as answer by naashkyr Friday, September 27, 2019 1:56 PM
    • Edited by naashkyr Friday, September 27, 2019 1:57 PM
    Friday, September 27, 2019 1:55 PM
  • Hi,

    I have been trying for several days to reach my machine in the AD via WDS. On some forums, they say it is not possible to do this with Win10 and they work around the problem with a script.
    It seems that you have succeeded despite the GPO problem.

    I don't see the arguments about your credentials to join the domain. Did you deliberately not post it?

    Thank you for your help.

    Kind regards,

    Nicolas Doigny


    Wednesday, November 6, 2019 11:05 AM