I am using MDT 2010 to deploy Windows 7 image and I had some issues to make the computer automatically join the domain after the deployment!
By default MDT has this covered and you just need to answer a few question on this page
it will add the computer to the default “computer” OU, if you want to put everywhere else, just create a “DomainOUList.xml” file and save it in control folder, you will see a drop down error next to “option” for you to select the path.
The DomainOUList.xml looks like below and you could add more lines to it.
<?xml version="1.0" encoding="utf-8"?>
<DomainOUs>
<DomainOU>OU=OU=Workstation,Windows 7,DC=xyz,DC=com</DomainOU>
</DomainOUs>
This should work without issue. But in our environment we have a GPO to redirect the Windows Update to internal WSUS and also deploy ConfigMgr Agent which breaks my MDT deployment process because I enabled post-application Windows update which was redirected to the internal WSUS and start the ConfigMgr Agent install loop, eventually fails.
This blog talks about the workaround for scenario like this, I followed the instruction -
1) Removed the reference to domain join in Unattend.xml;
2) Put all the variables in customersetting.ini;
3) Added a TS to the end of the deployment;
I later realized that I have to move the “rename local admin” TS to the after domain join TS!
I gave it a try and my deployment now loops in “Recover From Domain”, which I go ahead to Disable “Recover From Domain” TS.
By now the domain join part works for default “Computer” OU but I still have trouble to add the computer to the OU I wanted, with some help from the MDT Forum and myself, I realized I got the OU path wrong!
With the syntax below, it is now much happier!
MachineObjectOU=OU=Desktops,OU=Windows 7,OU=Workstations,DC=xyz,DC=com
[ByType]
Subsection=Laptop-%IsLaptop%
[Laptop-True]
MachineObjectOU=OU=Laptops,OU=Windows 7,OU=Workstations,DC=xyz,DC=com
The lesson learned here is that there are a lot of good help (blog, forum etc) on the internet, they point you to the right direction but you still need to do some hard work yourself to work out the solution for your environment!
I am currently leading an effort to Upgrade our client OS from XP to Windows 7. We decided to move away from logon script (mostly used for drive mapping & printer mapping) to Group Policy Preference.
So how we determine what logon script assigned to a particular user?
My friend Jeffery Hicks has a blog about this, I like the word “Legacy”, I have long been advocating to get rid of logon script using every opportunity I have!
PS S:\> get-qaduser -LogonScript * | sort LogonScript | select name, LogonScript
What if I want to get logon script information for users from a OU, no problem-
Get-QADUser -searchroot 'OU=whatever,DC=xyz,DC=com'|select name, logonscript
Now this always get me, what if I want to pull logon script information for users from a group? It’s a little tricky, as you can’t figure it out by simply do a get-help get-qaduser –full
After few trial and errors
PS C:\Users\yl.admin\Documents\PS> $grp = get-qadgroup 'CN=whatever1, OU=whatever2,OU=whatever3,DC=xyz,DC=com'
PS C:\Users\yl.admin\Documents\PS> get-qaduser -MemberOf $grp|select name, logonscript
Last but not least, the whole point is not just get the logon script assigned to users but to get rid of them!
PS C:\Users\yl.admin\Documents\PS> get-qaduser -MemberOf $grp|set-qaduser –logonscript “”