When deploying an operating system, automating the domain join process is pretty straightforward. There is a task sequence step called Recover from Domain that runs a script called ZTIDomainJoin.WSF. This script automates the whole process. It uses variables that can be set in a task sequence or in the customsettings.ini like in this example:
JoinDomain=scriptimus.local DomainAdmin=ScriptimusPrime DomainAdminDomain=scriptimus.local DomainAdminPassword=H4rdP4$$0rd
If you upgrade or replace a machine it will use the same computername and stay in the same OU where the current computer account exists. For new machines you can specify the Organization to which you new machine will be placed. For example:
MachineObjectOU=OU=testlab,OU=computers,DC=scriptimus,DC=local
When creating reference images I dont usually join the domain unless I have to. In those cases I use an isolated OU as above.
In other instances to join a custom workgroup you can use these settings:
JoinWorkGroup=Scriptimus
Scriptimus Ex Machina 
hi,
is there any way to query Active directory for computer name conflict. in case of Conflict MDT will overwite existing computer name.
LikeLike
Hi Harimohan,
You would need to create a custom script to do that. It depends on what you want to do. If you want to force your clients to use a particular OU then MDT can do that for you.
LikeLike
Hi Andrew,
Tanks for update.
Let me explain my issue again:
Lets say I have one computer account (xyz) in Domain. While OS deployment if I give same computer name (xyz) as OSDComputer name, it will not generate any error for conflict instead computername will be overwritten ny new deployment.
I am looking solution for that.
LikeLike
This behaviour is by design and is what most people would expect. If you refresh a computer, from XP for example then a new account for Windows 7 would be created with the same name.
You can modify your active directory computer accounts so that they can’t be overwritten.There is information about this on technet.
LikeLike
Will this work as a last step? Can you guide me as to how I can implement this towards the end? Currently I have the image being deployed, then applications, and now ideally I want to join domain as the last thing before I get a confirmation of deployment being successful. Can you help?
LikeLike
Hola! I’ve been following your web site for a long time now and finally got the bravery to go ahead and give you a shout out from Lubbock Texas! Just wanted to tell you keep up the excellent work!
LikeLike
Thanks mate!
LikeLike
Hi. Is there a way to store the credentials used to connect to the deployment share as variables and pass those variables to be used for connecting the computer to the domain? This is assuming that the credentials to connect to the deployment share will be manually entered in by IT staff and that we want to use the same credentials used to connect to the deployment share to also join the computer to the domain.
LikeLike
Yes, by NOT using the settings above. This is the default behaviour of MDT.
LikeLike
Is there a way to force the selection of an OU. I don’t want my team deploying Computers without selecting an OU. Soi if anyone knows of a way you can’t click next without the selection of an OU, that would be much help!
LikeLike
If you want to actually skip the page you must add the below skip command to your customsettings.ini file:
SkipDomainMembership=YES
You can still specify the values for your domain if you need them. It can looks like this:
SkipDomainMembership=YES
JoinDomain=scriptimus.local
DomainAdmin=ScriptimusPrime
DomainAdminDomain=scriptimus.local
DomainAdminPassword=H4rdP4$$0rd
LikeLike
Good catch. Yes that’s right.
LikeLike
You mention that you can domain join using variables set in a task sequence, can you give an example of how to achieve that?
LikeLike