The user you have specified is not permitted to join the machine to th

[infoteklink]

Small problem. RIS server is win2k3. I'm trying to get a new XP profile to install and join to a domain automatically. I've searched the forums and on google. I've tried several suggestions, but none have worked. Here is the error I receive.

Network Configuration

The user you have specified is not permitted to join the machine to the domain. Would you like to proceed for now and try joining the domain later?

If I choose no and enter the same username and password I always use then it joins the domain and all is good until it tries to AutoLogon for the first time. At that point I get another error.

Logon Message

Your account has been disabled. Please see your system administrator

The reason it is saying that is because in the "Log on to:" field the computer name is there instead of the domain and the username account I'm trying to login with is not on the local pc, but on the domain. If I select the domain and login with the user name and password I always use, it works fine.

Anyone know what I'm doing wrong?

Here is my .sif file

[data]
floppyless = "1"
msdosinitiated = "1"
OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
OriTyp = "4"
LocalSourceOnCD = 1
DisableAdminAccountOnDomainJoin = 1

[SetupData]
OsLoadOptions = "/noguiboot /fastdetect"
SetupSourceDevice = "\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"

[Unattended]
OemPreinstall = yes
FileSystem = LeaveAlone
ExtendOEMPartition = 0
TargetPath = \WINDOWS
OemSkipEula = yes
InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
LegacyNIC = 1

[UserData]
FullName = "name"
OrgName = "name"
ComputerName = *
ProductID = "xxxxx-xxxxx-xxxxx-xxxxx-xxxxx"

[GuiUnattended]
OemSkipWelcome = 1
OemSkipRegional = 1
TimeZone = 35
AdminPassword = "my-password"
AutoLogon=Yes
AutoLogonCount=1


[Display]
BitsPerPel = 32
XResolution = 1024
YResolution = 768
VRefresh = 60

[Networking]

[GuiRunOnce]
Command1 = "\\risserver\e$\RemoteInstall\Setup\English\Images\winxpsp2\i386\$oem$\$1\install.bat"

[NetServices]
MS_Server=params.MS_PSched

[Identification]
JoinDomain = mydomain.com
DoOldStyleDomainJoin = Yes
CreateComputerAccountInDomain = Yes

[RemoteInstall]
Repartition = Yes
UseWholeDisk = Yes


[OSChooser]
Description ="Microsoft Windows XP Professional SP2"
Help ="Automatically installs Microsoft Windows XP Professional without 

prompting the user for input."
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com"
ImageType =Flat
Version="5.1 (2600)"

[infoteklink]

-bump-

Anyone have any ideas?

[hosebeast]

I wrote you a detailed explanation but my !@#$ cable modem died and took my browser session with it, so you will have to settle for the short version. First, delete the line:

DisableAdminAccountOnDomainJoin = 1

Do not try to keep the line by changing the 1 to 0 or No or False because it won't work. You must delete the entire line.

Next, change the line:

CreateComputerAccountInDomain = Yes

to

CreateComputerAccountInDomain = No

This option was poorly named. The computer account will still get created when this is set to No. The difference is that it will get created by Windows (during GUI mode setup) rather than by RIS (before text mode setup begins).

[infoteklink]

Thanks for your reply hosebeast. I did what you suggested but it still gives me the same problem.

here is my updated .sif file that I modified with hosebeasts suggestion.

[data]
floppyless = "1"
msdosinitiated = "1"
OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
OriTyp = "4"
LocalSourceOnCD = 1

[SetupData]
OsLoadOptions = "/noguiboot /fastdetect"
SetupSourceDevice = "\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"

[Unattended]
OemPreinstall = yes
FileSystem = LeaveAlone
ExtendOEMPartition = 0
TargetPath = \WINDOWS
OemSkipEula = yes
InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
LegacyNIC = 1

[UserData]
FullName = "AAA"
OrgName = "AAA"
ComputerName = *
ProductID = "xxxxx-xxxxx-xxxxx-xxxxx-xxxxx"

[GuiUnattended]
OemSkipWelcome = 1
OemSkipRegional = 1
TimeZone = 35
AdminPassword = "password"
AutoLogon=Yes
AutoLogonCount=1


[Display]
BitsPerPel = 32
XResolution = 1024
YResolution = 768
VRefresh = 60

[Networking]

[GuiRunOnce]
Command1 = "\\risserver\e$\RemoteInstall\Setup\English\Images\winxpsp2\i386\$oem$\$1\install.bat"

[NetServices]
MS_Server=params.MS_PSched

[Identification]
JoinDomain = mydomain.com
DoOldStyleDomainJoin = Yes
CreateComputerAccountInDomain = No

[RemoteInstall]
Repartition = Yes
UseWholeDisk = Yes


[OSChooser]
Description ="Microsoft Windows XP Professional SP2"
Help ="Automatically installs Microsoft Windows XP Professional without prompting the user for input."
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com"
ImageType =Flat
Version="5.1 (2600)"

Thanks for your help!

[bluescreens]

Small problem. RIS server is win2k3. I'm trying to get a new XP profile to install and join to a domain automatically. I've searched the forums and on google. I've tried several suggestions, but none have worked. Here is the error I receive.

Network Configuration

The user you have specified is not permitted to join the machine to the domain. Would you like to proceed for now and try joining the domain later?

If I choose no and enter the same username and password I always use then it joins the domain and all is good until it tries to AutoLogon for the first time. At that point I get another error.

Logon Message

Your account has been disabled. Please see your system administrator

The reason it is saying that is because in the "Log on to:" field the computer name is there instead of the domain and the username account I'm trying to login with is not on the local pc, but on the domain. If I select the domain and login with the user name and password I always use, it works fine.

Anyone know what I'm doing wrong?

Here is my .sif file

____

What, exactly, is "the same name and password you always use"? Is that the same name and password as what you use in the blue screens to log into the RIS server and see the RIS images? If not, that's your problem. If so, then that user account (the RIS name/pw you're using to build the PC, at the blue screen) has probably joined 10+ PCs to the domain, which is the limit, and you'll need to fix that seperately (if that's the issue LMK and I'll help you search Microsoft.com for the solution).

The second issue is normal - you're prompted to log into the local machine rather than the domain; change the third prompt to your domain, and you'll be able to log in normally.

To me it looks like you're all OK, aside from the name/password bit...

[infoteklink]

What, exactly, is "the same name and password you always use"? Is that the same name and password as what you use in the blue screens to log into the RIS server and see the RIS images? If not, that's your problem.

Yes, it is the same name. It is actually the administrator account that is used. What I meant by "the account I always use" is, when I get the error "The user you have specified is not permitted to join the machine to the domain. Would you like to proceed for now and try joining the domain later?" is where I've used the same user account and password. Example... My "RIS blue screen" is where I use the administrator account and password, when I get the above error I choose no. Then it prompts me to enter a user and password. So I enter the administrator and the password I used in the "RIS blue screens" and it works. So why do I need to enter that information twice, when I already used it in the "RIS blue screens"? Did I explain that right? :-)

If so, then that user account (the RIS name/pw you're using to build the PC, at the blue screen) has probably joined 10+ PCs to the domain, which is the limit, and you'll need to fix that seperately (if that's the issue LMK and I'll help you search Microsoft.com for the solution).

Thats got to be the issue then. I've looked and can not find any info on how to correct this. Any help would be great!

The second issue is normal - you're prompted to log into the local machine rather than the domain; change the third prompt to your domain, and you'll be able to log in normally.

A local administrator account needs to be created on these systems anyway, so is there a way to specify a local administrator account on these systems as well as have the domain option so when it logs in for the first time it does so using the local account but still has the proper FQDN?

Thanks for your input bluescreens!

-infoteklink