OSD and joining a domain
I have a client that has removed their Computers CN in AD. They then created two OUs named Computers_Default and Computers_All. (They did all this following directions found on Technet.) When attempting to join machines to the domain and one of those created
OUs using the Apply Network Settings task, the machines simply would not join the domain. When we edited the task and pointed them at an OU whose name did not begin with "Computers", the machines joined just fine. Is this a known 'bug' with
MDT and the DomainJoin script? I know about not attempting to join the systems to the Computers container, but an OU is not a CN, so the assumption was that this would work.
Mike
/mike
May 4th, 2012 12:35am
what does the c:\windows\debug\netsetup.log tell you about the problem ? it should list domain join failure errors
Step by Step ConfigMgr 2007
Guides | Step by Step ConfigMgr 2012
Guides | I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 1:16am
I'll look at the logs in the morning. Thanks Niall./mike
May 4th, 2012 1:19am
The account used to join the computer to domain in Apply Network Settings, does it have enough rights on the OU where it is attempting to add computers?
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 10:59am
It should. the account exists in Account Operaters security group./mike
May 4th, 2012 2:10pm
Anything in the logs?
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 2:12pm
There was nothing in the netsetup.log that would lead to believe that it even attempted to join the domain.
Let's let this one languish as unanswered. Time ran short with my client and they didn't want to continue spinning their wheels when simply pointing the domain join to a different OU worked fine.
Myself, I would like to know the reason. I am suspecting that the Task Sequence or SCCM or MDT saw the LDAP OU beginning with Computers and balked. If someone from the Microsoft MDT team wants to chime in, please do. If one of you are part of the MDT team,
thank you for creating a superb product. It isn't perfect, but it definitely does the job./mike
May 5th, 2012 1:08am
perhaps your step had wmi options on it or similar which caused it not to run, either way without logs there's not a whole lot we can help with,
Step by Step ConfigMgr 2007
Guides | Step by Step ConfigMgr 2012
Guides | I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 1:05pm
It had NO options set. This is what it looked like when the system failed to join the domain:
and this is what it looked like when it did join the domain. The only change you see here is the ONLY change we made to the task.
/mike
May 5th, 2012 1:37pm
I just found KB324949 which states the following:
CN=USERS and CN=COMPUTERS containers are system-protected objects that cannot, and must not, be removed for backward compatibility. However, they can be renamed. Organizational units, on the other hand, are subject to accidental tree deletions by administrators.
I will be advising my client that they are operating their AD environment in an 'unsupported' configuration since they did delete the default containers. This may cause them additional troubles down the road when they begin integrating more system center
and advanced server systems into their environment.
Thanks to everyone for your responses./mike
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 1:47pm
I just found KB324949 which states the following:
CN=USERS and CN=COMPUTERS containers are system-protected objects that cannot, and must not, be removed for backward compatibility. However, they can be renamed. Organizational units, on the other hand, are subject to accidental tree deletions by administrators.
I will be advising my client that they are operating their AD environment in an 'unsupported' configuration since they did delete the default containers. This may cause them additional troubles down the road when they begin integrating more system center
and advanced server systems into their environment.
Thanks to everyone for your responses./mike
May 5th, 2012 1:47pm
thanks for posting the kb Mike
cheers
niall
Step by Step ConfigMgr 2007
Guides | Step by Step ConfigMgr 2012
Guides | I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2012 2:28pm