MDT 2010: Joining a Domain

When deploying an operating system, automating the domain join process is pretty straightforward. There is a task sequence step called Recover from Domain that runs a script called ZTIDomainJoin.WSF. This script automates the whole process. It uses variables that can be set in a task sequence or in the customsettings.ini like in this example:

JoinDomain=scriptimus.local
DomainAdmin=ScriptimusPrime
DomainAdminDomain=scriptimus.local
DomainAdminPassword=H4rdP4$$0rd

If you upgrade or replace a machine it will use the same computername and stay in the same OU where the current computer account exists. For new machines you can specify the Organization to which you new machine will be placed. For example:

MachineObjectOU=OU=testlab,OU=computers,DC=scriptimus,DC=local

When creating reference images I dont usually join the domain unless I have to. In those cases I use an isolated OU as above.

In other instances to join a custom workgroup you can use these settings:

JoinWorkGroup=Scriptimus
About these ads

About Andrew Barnes

A Scipting and Deployment Specialist.
This entry was posted in Deployment, MDT 2010 and tagged , , , , , , , . Bookmark the permalink.

9 Responses to MDT 2010: Joining a Domain

  1. Harimohan Singh says:

    hi,
    is there any way to query Active directory for computer name conflict. in case of Conflict MDT will overwite existing computer name.

    Like this

    • Hi Harimohan,

      You would need to create a custom script to do that. It depends on what you want to do. If you want to force your clients to use a particular OU then MDT can do that for you.

      Like this

      • Harimohan Singh says:

        Hi Andrew,

        Tanks for update.
        Let me explain my issue again:
        Lets say I have one computer account (xyz) in Domain. While OS deployment if I give same computer name (xyz) as OSDComputer name, it will not generate any error for conflict instead computername will be overwritten ny new deployment.

        I am looking solution for that.

        Like this

      • This behaviour is by design and is what most people would expect. If you refresh a computer, from XP for example then a new account for Windows 7 would be created with the same name.

        You can modify your active directory computer accounts so that they can’t be overwritten.There is information about this on technet.

        Like this

  2. Hola! I’ve been following your web site for a long time now and finally got the bravery to go ahead and give you a shout out from Lubbock Texas! Just wanted to tell you keep up the excellent work!

    Like this

  3. Hi. Is there a way to store the credentials used to connect to the deployment share as variables and pass those variables to be used for connecting the computer to the domain? This is assuming that the credentials to connect to the deployment share will be manually entered in by IT staff and that we want to use the same credentials used to connect to the deployment share to also join the computer to the domain.

    Like this

  4. Josh says:

    Is there a way to force the selection of an OU. I don’t want my team deploying Computers without selecting an OU. Soi if anyone knows of a way you can’t click next without the selection of an OU, that would be much help!

    Like this

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s