Jump to content

Unattend will not join domain

jschuk
 Share

Recommended Posts

jschuk

jschuk

Posted
Posted

I have been trying to create an unattended script for Windows 7 for the past several weeks. I have searched the forums and found a few tips regarding using FQDN for domain joins. I have seen other unresolved posts for people with the same issue of not being able to join their computer. I am not sure why mine is not working. I have built a reference image in Audit Mode and am running sysprep /generalize /oobe /shutdown /unattend:win7answer.xml. When the machine comes back up, it prompts for Machine Name and TimeZone (good) and proceeds to login under my Administrator account, but it never joins the domain. I would like to put the computer in a specific OU, but I have tried it leaving the Machine Object blank as well to let it go to the default Computers OU. I have verified my domain creds are correct as I can manally join the computer to the domain.

I renamed the setupact.log to setupact.txt

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Path>net user administrator /active:yes</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipAutoActivation>true</SkipAutoActivation>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <CopyProfile>true</CopyProfile>
            <ShowWindowsLive>false</ShowWindowsLive>
            <TimeZone>Mountain Time Zone</TimeZone>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>COMPANY.COM</Domain>
                    <Password>P455W0RD</Password>
                    <Username>JOINER</Username>
                </Credentials>
                <JoinDomain>COMPANY.COM</JoinDomain>
                <MachineObjectOU>OU=Desktop Computers,OU=COMPANY Computers, DC=COMPANY,DC=com</MachineObjectOU>
                <DebugJoin>true</DebugJoin>
            </Identification>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-us</InputLocale>
            <SystemLocale>en-us</SystemLocale>
            <UILanguage>en-us</UILanguage>
            <UILanguageFallback>en-us</UILanguageFallback>
            <UserLocale>en-us</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <AutoLogon>
                <Password>
                    <Value>aQBjAGEAbgB0AGUAbAB1AFAAYQBzAHMAdwBvAHIAZAA=</Value>
                    <PlainText>false</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>5</LogonCount>
                <Username>administrator</Username>
                <Domain></Domain>
            </AutoLogon>
            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</CommandLine>
                    <Order>1</Order>
                    <RequiresUserInput>false</RequiresUserInput>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <Order>2</Order>
                    <CommandLine>cscript //b c:\windows\system32\slmgr.vbs /ato</CommandLine>
                    <RequiresUserInput>false</RequiresUserInput>
                </SynchronousCommand>
            </FirstLogonCommands>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>1</ProtectYourPC>
            </OOBE>
            <UserAccounts>
                <AdministratorPassword>
                    <Value>aQBjAGEAbgB0AGUAbAB1AEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>aQBjAGEAbgB0AGUAbAB1AFAAYQBzAHMAdwBvAHIAZAA=</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>Local Administrator</Description>
                        <DisplayName>Administrator</DisplayName>
                        <Group>Administrators</Group>
                        <Name>Administrator</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <RegisteredOrganization>VISTAR Corporation</RegisteredOrganization>
            <RegisteredOwner>VISTAR Corporation</RegisteredOwner>
            <ShowWindowsLive>false</ShowWindowsLive>
            <WindowsFeatures>
                <ShowWindowsMediaPlayer>false</ShowWindowsMediaPlayer>
                <ShowMediaCenter>false</ShowMediaCenter>
            </WindowsFeatures>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="catalog:c:/users/wdg/desktop/install_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

Copy of Win7Answer.xml

setupact.txt

Link to comment
Share on other sites

arwidmark

arwidmark

Posted
Posted

Here is a working sample you can compare with, if you want to copy and paste you need to remove wasPassProcessed=true and assign your own password and user accounts...

For joindomain troubleshooting, check the netsetup.log file on the client.

<?xml version='1.0' encoding='utf-8'?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
	<settings pass="windowsPE" wasPassProcessed="true">
		<component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
			<ImageInstall>
				<OSImage>
					<WillShowUI>OnError</WillShowUI>
					<InstallTo>
						<DiskID>0</DiskID>
						<PartitionID>1</PartitionID>
					</InstallTo>
					<InstallFrom>
						<Path>\\MDT01\MDTProduction$\Operating Systems\Windows 7 Enterprise Eng x86 Custom Image\W7-X86-001.wim</Path>
						<MetaData>
							<Key>/image/index</Key>
							<Value>1</Value>
						</MetaData>
					</InstallFrom>
				</OSImage>
			</ImageInstall>
			<UpgradeData>
				<Upgrade>false</Upgrade>
			</UpgradeData>
			<Display>
				<ColorDepth>16</ColorDepth>
				<HorizontalResolution>1024</HorizontalResolution>
				<RefreshRate>60</RefreshRate>
				<VerticalResolution>768</VerticalResolution>
			</Display>
			<ComplianceCheck>
				<DisplayReport>OnError</DisplayReport>
			</ComplianceCheck>
			<UserData>
				<AcceptEula>true</AcceptEula>
			</UserData>
		</component>
		<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<SetupUILanguage>
				<UILanguage>en-US</UILanguage>
			</SetupUILanguage>
			<InputLocale>0409:00000409</InputLocale>
			<SystemLocale>en-US</SystemLocale>
			<UILanguage>en-US</UILanguage>
			<UserLocale>en-US</UserLocale>
		</component>
	</settings>
	<settings pass="generalize">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
		</component>
	</settings>
	<settings pass="specialize" wasPassProcessed="true">
		<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
			<Identification>
				<Credentials>
					<Username>TSLAB\JoinAccount</Username>
					<Domain></Domain>
					<Password>*SENSITIVE*DATA*DELETED*</Password>
				</Credentials>
				<JoinDomain>TSLAB</JoinDomain>
				<MachineObjectOU>ou=Workstations,dc=tslab,dc=net</MachineObjectOU>
			</Identification>
		</component>
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
			<ComputerName>MININT-5SR4D09</ComputerName>
			<RegisteredOrganization>TrueSec</RegisteredOrganization>
			<RegisteredOwner>TrueSec</RegisteredOwner>
			<TimeZone>Pacific Standard Time</TimeZone>
			<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
		</component>
		<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<Home_Page>about:blank</Home_Page>
			<IEWelcomeMsg>false</IEWelcomeMsg>
		</component>
		<component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<RunSynchronous>
				<RunSynchronousCommand wcm:action="add">
					<Description>EnableAdmin</Description>
					<Order>1</Order>
					<Path>cmd /c net user Administrator /active:yes</Path>
				</RunSynchronousCommand>
				<RunSynchronousCommand wcm:action="add">
					<Description>EnableAdmin_ploc</Description>
					<Order>2</Order>
					<Path>cmd /c net user Administrator_ploc /active:yes</Path>
				</RunSynchronousCommand>
				<RunSynchronousCommand wcm:action="add">
					<Description>UnfilterAdministratorToken</Description>
					<Order>3</Order>
					<Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
				</RunSynchronousCommand>
			</RunSynchronous>
		</component>
		<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<InputLocale>0409:00000409</InputLocale>
			<SystemLocale>en-US</SystemLocale>
			<UILanguage>en-US</UILanguage>
			<UserLocale>en-US</UserLocale>
		</component>
		<component name="Microsoft-Windows-TapiSetup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<TapiConfigured>0</TapiConfigured>
			<TapiUnattendLocation>
				<AreaCode>""</AreaCode>
				<CountryOrRegion>1</CountryOrRegion>
				<LongDistanceAccess>9</LongDistanceAccess>
				<OutsideAccess>9</OutsideAccess>
				<PulseOrToneDialing>1</PulseOrToneDialing>
				<DisableCallWaiting>""</DisableCallWaiting>
				<InternationalCarrierCode>""</InternationalCarrierCode>
				<LongDistanceCarrierCode>""</LongDistanceCarrierCode>
				<Name>Default</Name>
			</TapiUnattendLocation>
		</component>
		<component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<DisableSR>1</DisableSR>
		</component>
	</settings>
	<settings pass="oobeSystem" wasPassProcessed="true">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
			<UserAccounts>
				<AdministratorPassword>*SENSITIVE*DATA*DELETED*</AdministratorPassword>
				<LocalAccounts>
					<LocalAccount wcm:action="add">
						<Description>Temp account</Description>
						<DisplayName>Temp account</DisplayName>
						<Group>Users</Group>
						<Name>TempAccount</Name>
					</LocalAccount>
				</LocalAccounts>
			</UserAccounts>
			<AutoLogon>
				<Enabled>true</Enabled>
				<Username>Administrator</Username>
				<Domain>.</Domain>
				<Password>*SENSITIVE*DATA*DELETED*</Password>
				<LogonCount>999</LogonCount>
			</AutoLogon>
			<Display>
				<ColorDepth>32</ColorDepth>
				<HorizontalResolution>1024</HorizontalResolution>
				<RefreshRate>60</RefreshRate>
				<VerticalResolution>768</VerticalResolution>
			</Display>
			<FirstLogonCommands>
				<SynchronousCommand wcm:action="add">
					<CommandLine>cscript.exe C:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
					<Description>Lite Touch new OS</Description>
					<Order>1</Order>
				</SynchronousCommand>
				<SynchronousCommand wcm:action="add">
					<CommandLine>cscript.exe D:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
					<Description>Lite Touch new OS</Description>
					<Order>2</Order>
				</SynchronousCommand>
				<SynchronousCommand wcm:action="add">
					<CommandLine>cscript.exe E:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
					<Description>Lite Touch new OS</Description>
					<Order>3</Order>
				</SynchronousCommand>
				<SynchronousCommand wcm:action="add">
					<CommandLine>cscript.exe F:\MININT\Scripts\LiteTouch.wsf /start</CommandLine>
					<Description>Lite Touch new OS</Description>
					<Order>4</Order>
				</SynchronousCommand>
			</FirstLogonCommands>
			<OOBE>
				<HideEULAPage>true</HideEULAPage>
				<NetworkLocation>Work</NetworkLocation>
				<ProtectYourPC>1</ProtectYourPC>
				<SkipUserOOBE>true</SkipUserOOBE>
			</OOBE>
			<RegisteredOrganization>TrueSec</RegisteredOrganization>
			<RegisteredOwner>TrueSec</RegisteredOwner>
			<TimeZone>Pacific Standard Time</TimeZone>
		</component>
		<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<InputLocale>0409:00000409</InputLocale>
			<SystemLocale>en-US</SystemLocale>
			<UILanguage>en-US</UILanguage>
			<UserLocale>en-US</UserLocale>
		</component>
	</settings>
	<settings pass="offlineServicing" wasPassProcessed="true">
		<component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<DriverPaths>
				<PathAndCredentials wcm:keyValue="1" wcm:action="add">
					<Path>\Drivers</Path>
				</PathAndCredentials>
			</DriverPaths>
		</component>
	</settings>
</unattend>

Link to comment
Share on other sites
jschuk

jschuk

Posted
  • Author
Posted (edited)

Thank you for the netsetup.log file. I found that my computer was actually joining the domain, just not with the machine name I gave it. This caused issues where the computer account was not found because it seems the computer name is being changed after it joins. I changed my answer file to specify a machine name like yours and it works fine, but our company needs to be able to manually specify a machine name for each computer. I tried leaving the machine name blank (I had the line deleted altogether originally) and it just randomly generates a name without prompting us for one. I see that you are specifying a machine name. Are you changing this field for each computer you deploy? Do you have something else that changes the name later in the process?

Jason

Here is a working sample you can compare with, if you want to copy and paste you need to remove wasPassProcessed=true and assign your own password and user accounts...

For joindomain troubleshooting, check the netsetup.log file on the client.

	<settings pass="specialize" wasPassProcessed="true">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
			<ComputerName>MININT-5SR4D09</ComputerName>
			<RegisteredOrganization>TrueSec</RegisteredOrganization>
			<RegisteredOwner>TrueSec</RegisteredOwner>
			<TimeZone>Pacific Standard Time</TimeZone>
			<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
		</component>

Edited by jschuk
Link to comment
Share on other sites
jschuk

jschuk

Posted
  • Author
Posted (edited)

I did find a script that allows me to change the computer name during setup. It reboots one more time in the process, but the reboot occurs after most of the setup is complete and it not very noticeable. I modified the script to include the domain username and password so it only prompts for the computer name.

http://www.msserveradmin.com/add-a-custom-script-to-a-vista-syspreped-image/

Thank you for the netsetup.log file. I found that my computer was actually joining the domain, just not with the machine name I gave it. This caused issues where the computer account was not found because it seems the computer name is being changed after it joins. I changed my answer file to specify a machine name like yours and it works fine, but our company needs to be able to manually specify a machine name for each computer. I tried leaving the machine name blank (I had the line deleted altogether originally) and it just randomly generates a name without prompting us for one. I see that you are specifying a machine name. Are you changing this field for each computer you deploy? Do you have something else that changes the name later in the process?

Jason

Edited by jschuk
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...