Joining domain

[zedox]

I need help,

I work in the it department at a small company, I've made an unattended disc for our office but would like it to automatically join our domain and login as our domain administrator on first boot.

generally, when I add a new pc to our domain it requires a domain login to authorise it.

Any advice would be greatly appreciated, and I apologise if this is heavily documented elsewhere.

Many thanks

[hosebeast]

To join the domain, your WINNT.SIF file should have an [identification] section with something like this:

JoinDomain=YOURDOMAIN
CreateComputerAccountInDomain=Yes
DomainAdmin=YOURDOMAIN\Administrator
DomainAdminPassword=Your-Password

This covers CD-based installs where you simply want the computer to wind up in the default Computers container. If you need to place the computer in a specific Active Directory Organizational Unit, check out the MachineObjectOU option. If you use RIS and/or prestage your computer accounts, you would want to use CreateComputerAccountInDomain=No and DoOldStyleDomainJoin=Yes.

The AutoLogon feature of WINNT.SIF only supports local accounts, not domain accounts. If you want your unattended install to automatically logon as a domain account, you need to have it first logon as the local Administrator and set the necessary registry values under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon then reboot.

This is done with the [GuiUnattended] section by setting AutoLogon=Yes and AutoLogonCount=1. Do not use the EncryptedAdminPassword option in this section because AutoLogon will not work. (This is not well documented.)

Then in [GuiRunOnce], you can either add the commands to update the registry and reboot, or you can execute a batch file which contains those commands. If you've already got a batch file being run from GuiRunOnce, you may want to simply add the commands to it. To update the registry, you can either prepare a REG file and use REGEDIT /S to merge it, or you can use REG ADD /F to set the values directly. If you need help with the details of the registry values, search for AutoAdminLogon.

To reboot at the end, use SHUTDOWN -R -F (which you may already have if you're already doing stuff in a GuiRunOnce batch file).

[Bezalel]

The AutoLogon feature of WINNT.SIF only supports local accounts, not domain accounts. If you want your unattended install to automatically logon as a domain account, you need to have it first logon as the local Administrator and set the necessary registry values under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon then reboot.

When I need to autologon with domain credentials I don't set autologon in my winnt.sif instead I import all the nessasary registry values from cmdlines.txt this way the local administrator profile never gets created.