Joining the Domain with MDT

Somebody asked me the other day about joining to the domain with MDT, to which I replied, oh that’s easy.

Let’s take a dive:

The beauty of MDT over other “cloning” tools that I’ll leave nameless is that it’s more than just a disk cloning tool, it’s an entire OS deployment framework. All the scripts are written, you just add variables to an ini file and away you go.

A default standard client task sequence will join a PC to the domain, that’s why by default the LTI Wizard asks for all that information. You can tell the wizard not to ask and just do it “automagically” for you.

To automate your domain joins, there are four variables you’ll need to set in your customsettings.ini file; JoinDomain, DomainAdmin, DomainAdminDomain and DomainAdminPassword.

JoinDomain=yourdomainname.local
DomainAdmin=ServiceAccount
DomainAdminDomain=yourdomainname.local
DomainAdminPassword=P@$$WoRD12345!

It’s that easy. By default, the system gets joined to domain immediately and on first boot, it’s joined and ready to rock so it’ll grab group policies almost immediately. If you don’t have stupid group policies, it’s all downhill from here. If you have stupid group policies, you’ll have to modify your XML file and move the domain join to the very end of your task sequence like this.

Now, with that out of the way, what if you want to specify the OU? Well, there’s another customsettings.ini variable for that too, it’s MachineObjectOU.

MachineObjectOU=OU=yourouname,OU=computers,DC=yourdomainname,DC=local

And finally, if you’re having trouble joining the domain, you’ll be looking for ZTIDomainJoin.log. It’ll be in the %WINDIR%\TEMP\DeploymentLogs. For most of you, that’ll be C:\Windows\Temp\DeploymentLogs or your server side logs location if you have that configured as well, just use Trace32 to read them, because they’re pretty hard to decipher from notepad.

As Johan says, Happy Deployments!

Advertisements