OSD and joining a domain
I have a client that has removed their Computers CN in AD. They then created two OUs named Computers_Default and Computers_All. (They did all this following directions found on Technet.) When attempting to join machines to the domain and one of those created OUs using the Apply Network Settings task, the machines simply would not join the domain. When we edited the task and pointed them at an OU whose name did not begin with "Computers", the machines joined just fine. Is this a known 'bug' with MDT and the DomainJoin script? I know about not attempting to join the systems to the Computers container, but an OU is not a CN, so the assumption was that this would work. Mike /mike
May 4th, 2012 12:35am

what does the c:\windows\debug\netsetup.log tell you about the problem ? it should list domain join failure errors Step by Step ConfigMgr 2007 Guides | Step by Step ConfigMgr 2012 Guides | I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 1:16am

I'll look at the logs in the morning. Thanks Niall./mike
May 4th, 2012 1:19am

The account used to join the computer to domain in Apply Network Settings, does it have enough rights on the OU where it is attempting to add computers?
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 10:59am

It should. the account exists in Account Operaters security group./mike
May 4th, 2012 2:10pm

Anything in the logs?
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 2:12pm

There was nothing in the netsetup.log that would lead to believe that it even attempted to join the domain. Let's let this one languish as unanswered. Time ran short with my client and they didn't want to continue spinning their wheels when simply pointing the domain join to a different OU worked fine. Myself, I would like to know the reason. I am suspecting that the Task Sequence or SCCM or MDT saw the LDAP OU beginning with Computers and balked. If someone from the Microsoft MDT team wants to chime in, please do. If one of you are part of the MDT team, thank you for creating a superb product. It isn't perfect, but it definitely does the job./mike
May 5th, 2012 1:08am

perhaps your step had wmi options on it or similar which caused it not to run, either way without logs there's not a whole lot we can help with, Step by Step ConfigMgr 2007 Guides | Step by Step ConfigMgr 2012 Guides | I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 1:05pm

It had NO options set. This is what it looked like when the system failed to join the domain: and this is what it looked like when it did join the domain. The only change you see here is the ONLY change we made to the task. /mike
May 5th, 2012 1:37pm

I just found KB324949 which states the following: CN=USERS and CN=COMPUTERS containers are system-protected objects that cannot, and must not, be removed for backward compatibility. However, they can be renamed. Organizational units, on the other hand, are subject to accidental tree deletions by administrators. I will be advising my client that they are operating their AD environment in an 'unsupported' configuration since they did delete the default containers. This may cause them additional troubles down the road when they begin integrating more system center and advanced server systems into their environment. Thanks to everyone for your responses./mike
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 1:47pm

I just found KB324949 which states the following: CN=USERS and CN=COMPUTERS containers are system-protected objects that cannot, and must not, be removed for backward compatibility. However, they can be renamed. Organizational units, on the other hand, are subject to accidental tree deletions by administrators. I will be advising my client that they are operating their AD environment in an 'unsupported' configuration since they did delete the default containers. This may cause them additional troubles down the road when they begin integrating more system center and advanced server systems into their environment. Thanks to everyone for your responses./mike
May 5th, 2012 1:47pm

thanks for posting the kb Mike cheers niall Step by Step ConfigMgr 2007 Guides | Step by Step ConfigMgr 2012 Guides | I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2012 2:28pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics