Joining domain in depolying image with Unattend file

active-directory domain-name unattended deployment wds

I am deploying windows 7 images to our classroom PC's via WDS. Am trying to get the machine to auto join the domain through the unattend file but am running into an issue. The unattendfile is created with WSIM. The domain section to my understanding is done within the Specialise phase under 'unattendjoin' the part of which my unattend file looks like this:

 <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86"     publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Identification>
            <Credentials>
                <Domain>domainname</Domain>
                <Password>adminpassword</Password>
                <Username>domainadmin</Username>
            </Credentials>
            <JoinDomain>domainnaim</JoinDomain>
        </Identification>
    </component>
</settings>

My issue is however is that once this is done, the machine can still not log into the domain. Instead an error is received on login:

The trust relationship between this workstation and the primary domain failed.

I can log into the default local machine admin, and I find that the domain is set to

domainname.local

It is only after this is set back to

domainname

and the computer restarted can I then log into the domain (basically joining the domain manually.)

Is there anyway I can get the machine to correctly join the domain from within the unattend file, so that we can start the deploy and walk away? We have many classrooms of PC's to deploy so it really needed.


It's kind of a weird design flaw in the Windows sysprep system. Joining the domain happens in the specialize phase. You can't be prompted to name the computer until the OOBE phase though. What I suspect is happening is that you are trying to name the computer in the out of box experience after you've already joined the computer to the domain. This breaks the computer account in the domain. You can solve this in 1 of 2 ways:

  1. Write a script to join the computer to the domain. Run this script after the OOBE. You'll likely want to specify an autologon in your sysprep answer file as well as a runonce to specify your script.

  2. Write a script to prompt for a computername to be run at the start of the specialize phase. You do this by running sysprep with the /quit flag then replacing the value of HKLM\System\Setup\CmdLine to point to your script. Have your script popup an input box for the computer name and then perform a find and replace on the answer file located in %windir%\panther\unattend.xml. When the script is done, make sure it continues the process by calling %windir%\system32\oobe\windeploy.exe

Check out this thread for some additional information and ideas:
http://social.technet.microsoft.com/Forums/en/itprovistadeployment/thread/2d03e17d-c2ea-4d19-bf32-7db2e9975251

Related

Why isn't OpenVZ in the Linux kernel by default?
zsh autocompletes folders that don't exist
Why does ssh-agent have SGID set?
Backups take so long that the firewall closes the connection
Can I make git extract a working copy only from a remote repository?
Permission error during installation of Microsoft SQL Server 2008 R2
High CPU usage of flush process
Virtual Host - Server not found
What is the difference between the properties Keys and AllKeys on a NameValueCollection?
How do I get a NameTable from an XDocument?
Unable to apply publish properties?
ldconfig equivalent in Mac OS X?