Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Cannot Unattended Join


 Share

Recommended Posts

For a bit of background, I used audit mode to build a pre-activated Windows 7 x64 WIM for my company (around 1500+ computers) and everything is working with the exception of one OOBE page. I cannot get my answer file to join our domain in the default "Computers" OU and skip creating a local user while still prompting for a unique computer name. The unattended join section of my XML:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="________________" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>______.com</Domain>
<Password>_______</Password>
<Username>____________</Username>
</Credentials>
<DebugJoin>true</DebugJoin>
<JoinDomain>______.com</JoinDomain>
</Identification>
</component>
</settings>
<cpi:offlineImage cpi:source="wim://_______/windowspartition.wim#____Win7" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

Is there something I did wrong here?

Edit: other than the blanks, had to remove a few things for obvious security reasons.

Edited by setthecat
Link to comment
Share on other sites


For the user issue you need to add a user account or domain account to the administrators group. I add a domain users group for the support personnel that support the machines.

For the issue with joining the OU try specifying the machine object OU.

Here is what I use in my answer file:


<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserAccounts>
<DomainAccounts>
<DomainAccountList wcm:action="add">
<Domain>mydomain.com</Domain>
<DomainAccount wcm:action="add">
<Group>Administrators</Group>
<Name>Admin Members</Name>
</DomainAccount>
</DomainAccountList>
</DomainAccounts>
</UserAccounts>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>mydomain.com</Domain>
<Username>DomainAdmin</Username>
<Password>DomainAdminPassword</Password>
</Credentials>
<JoinDomain>mydomain.com</JoinDomain>
<MachineObjectOU>OU=computers,DC=mydomain,DC=com</MachineObjectOU>
</Identification>
</component>
</settings>

Link to comment
Share on other sites

Ok, no longer creating a local account but still not wanting to joint my domain...

    <settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>______.com</Domain>
<Password>_______</Password>
<Username>____________</Username>
</Credentials>
<DebugJoin>true</DebugJoin>
<JoinDomain>______.com</JoinDomain>
<MachineObjectOU>OU=computers,DC=______,DC=com</MachineObjectOU>
</Identification>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>net user administrator /active:yes</Path>
<Description>Admin On</Description>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserAccounts>
<AdministratorPassword>
<Value>________________________________________________________________________</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>________________________________________</Value>
<PlainText>false</PlainText>
</Password>
<Description>Local Administrator</Description>
<DisplayName>Administrator</DisplayName>
<Group>Administrators</Group>
<Name>Administrator</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Password>
<Value>________________________________________</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>administrator</Username>
</AutoLogon>
</component>
</settings>

Is creation of a domain user during oobe required? And does my username need to be just the username or username@domain.com? I'm not even getting debug errors so I can't tell where it fails or why.

Link to comment
Share on other sites

And the domain user and password used to join are valid on the domain to join a machine to the computers OU.

Not quite sure what you mean, but for temporary testing purposes I'm using my own personal credentials.

Edit: Ok, maybe I'm just 'tarded... Looks like I had my password in the username field and my username in the password field... Wish I could re-test this without spending an hour reverting to an image I made in audit mode...

Edited by setthecat
Link to comment
Share on other sites

That is more or less what I meant. That the user account being used had the appropriate domain rights to join a machine to the domain in the computers OU. Essentially can you manually use that account to join a machine is the easiest way to check that.

Easier way to test your images, build them in a VM. Dpending upon what VM software you use (my preference is VMWAre Workstation) you have the ability to take snapshots. Then whenyou need to test something you can take a snapshot before hand (take 30ish seconds) test what you need and if it didn't work go back to the snapshot (takes 60ish seconds) and try again. Has saved me many hours when building images.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...