Offline domain join for MDT 2012 media based deployments at offsite
Hi,
How do we bring device into domain in media based deployments for offsite (device doesn't have access to the domain network) devices?
I am planning to run media based TS, shutdown the device (using shutdown command line in TS), adding step for 'recover from domain' after shutown step.
TS is working fine but it loose the continuity and gives an message that there already been deployment running on this device, do you want to continue(yes\No). If I click on NO, it proceed further with 'recover from domain'. Is there any step that I can
run before shutdown that can store the current status for TS and continue clean once system boot onsite ?
Regards,
The simple answer is: two Task Sequences.
The first would be to put the WIM on the machine, do any config you need and install any applications that can be installed sans network. This would be an Offline Media Task Sequence that you would run with the USB stick and no network connection.
This Task Sequence wouldn't join the domain, but would be configured to join a Workgroup. Name it like MDT-ConfigImage or something so you can easily spot devices on your network that haven't yet run TS#2.
The second would a Task Sequence to just run the join domain command, maybe run Windows Update (now that it's presumably connected to a WSUS server) and install any apps that require a connection to the network (hopefully none). This Task Sequence
would be pretty simple and could be launched via LiteTouch.vbs directly or configured to be booted from, then have the TS boot the full OS already installed (from Task Sequence #1) and "complete the configuration."
Keeping it as two has the added ability to quickly modify and update TS#2 without needing to regenerate your Offline Media for TS#1 and provide to whoever is doing that imaging. This is effectively what happens with some of the vendors (like Dell)
when they image your machine with your image in their config center and then they send you the box and you "finish it" on network (while it can join domain, etc.).
David Coulter | http://DCtheGeek.blogspot.com |
@DCtheGeek
Similar Messages
-
Windows 7 MDT Offline Domain Join
In a scenario where a user does not have access to the corporate network, a mostly automated media-based refresh is implemented.
- Refresh laptops from Windows XP/Vista to Windows 7
- MDT task sequence, OS, drivers, apps, contained on a supplied DVD
- User needs only to select the task sequence from the Wizard menu, all else is automated
- Hardlink user state capture and migration
The problem exists with joining the offline computer to the corporate domain. If the domain join fails, the user can't log on to his/her restored domain user profile.
Does anyone have any experience or tips related to using the Win7/2008 djoin.exe utility with an automated MDT task sequence? I can't find much information on it, and it's new to me.
I gather that you have to join the object at the domain first, then extract the required metadata, and somehow inject this individual computer data (aka Base64 blob) in the 'Microsoft-Windows-UnattendJoin/Identification/Provisioning' section of the unattend.xml
... but how to do that with some type of variable? I'd like to avoid creating a customized DVD for every single computer in the field.
I'll keep searching, but if anyone has done this before please let me know your experiences.Appreciate the reply, but I've already read through that. I'm looking for information specific to MDT and suggestion on how to include the process in a [semi] automated task sequence in a media-based offline scenario.
A general idea would be to compile a text file of target computer names, run a script to execute djoin.exe against the list to provision all the computers, generating a base64 blob text file for each. Then, store that repository of files in the deployment
share so it is included on the MDT media. Call the file as a Run Command step using the computer name variable during the task sequence State Restore phase to execute the offline join. eg:
cmd.exe /c djoin.exe /requestODJ /loadfile %ScriptRoot%\Blobs\%OSDComputerName%.txt /windowspath %windir% /localos
In testing, provisioning an existing computer on the DC breaks any domain relationship because the computer account is reset by the /reuse parameter. The relationship can be fixed by running the /requestODJ command on the computer - essentially 'rejoining'
the machine to the domain - but it presents a problem for the time lapse between pre-staging computers and distributing the media. Since the users are all currently running XP or Vista, it doesn't make sense to explore a theory of re-using the same blob
data multiple times, such as immediately after provisioning and then again during the reimage.
I'm opening a call with MS support, but still interested to hear if anyone has used this utility with MDT at all. -
Do SCCM clients need to be domain joined for Windows Patch Deployments
Hi,
We have SCCM 2012 R2 deployed in an environment with both workgroup and domain joined machines. Currently only the domained joined machines have the SCCM client installed. We were thinking of bringing patching into SCCM rather than WSUS but were wondering
if we install the SCCM client on workgroup machines do they need to be domain mebers to work or do they just need to be able to resolve the SCCM server?BAsically, I'm looking for confimation that we can patch non-domain joined machines via SCCM.
Thanks,
SimonHere's a nice blog post that adds some gotcha and additional detail:
http://blogs.technet.com/b/configurationmgr/archive/2014/07/01/managing-workgroup-clients-in-system-center-2012-configuration-manager.aspx
Ultimately, ConfigMgr doesn't care if systems are domain joined or not but there are some nuances and caveats that must be accounted for.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Domain Join to a specific OU based on Computer Name - ConfigMgr 2012 R2 / MDT 2013
Hi all
i need to build an OS deployment task sequence with ConfigMgr 2012 R2 and MDT 2013. my requirement is to be able to join a computer based on its computer name. there are three types of computers. Sales / Marketing and Technical. based on the prefix of the
computer name i need to place them on 3 different OUs. Computer Names would be SAL1100, MKT1100 or TEC1100, i would like to refer first three characters of the computer name and the decided on which OU they need to be allocated to.
i would appreciate if someone could tell me how i can do this within my task sequenceI don't think you can accomplish this by using conditions. Instead I'd use the script that Jörgen provided. Here's an edit of that so that it would suit your environment requirements of the first 3 characters of the OSDComputerName:
set env = CreateObject("Microsoft.SMS.TSEnvironment")
sComputerName = env("OSDComputerName")
threeChars = UCase(Left(sComputerName,3))
sBuiltOU = "NOT_set!"
If threeChars = "ABC" Then
sBuiltOU = "LDAP://OU=ABC,OU=Computers,DC=DOMAIN,DC=COM"
If threeChars = "DEF" Then
sBuiltOU = "LDAP://OU=DEF,OU=Computers,DC=DOMAIN,DC=COM"
If threeChars = "GHI" Then
sBuiltOU = "LDAP://OU=GHI,OU=Computers,DC=DOMAIN,DC=COM"
env("OSDDomainOUName") = sBuiltOU
Wscript.quit
Save this as 'SetOU.vbs' and create a package in ConfigMgr where you specify the source content to the location where you placed the script file. As Jason described, put a Run Command Line step right before Apply Windows Settings, use 'cscript.exe SetOU.vbs'
as the command line and point to the package you created. This script assumes that the OSDComputerName variable is already properly populated with the correct computer name.
Regards,
Nickolaj Andersen | www.scconfigmgr.com | @Nickolaja -
Adding a domain user to Local Admin Groups using MDT 2012
I don't know if this will help anyone, but it did me after weeks of searching. If you are trying to add a domain user or domain groups to the local administrators group using MDT, simply go to the cs.ini and add "SkipAdminAccounts=No".
But the administrators accounts page will only appear if you choose to join a domain.Correct, if you were to go into the %DeployRoot%\Scripts\DeployWiz_Definition_ENU.xml file you would see the entry for the DeployWiz_AdminAccounts.xml page as follows:
<Pane id="AdministratorAccounts" reference="DeployWiz_AdminAccounts.xml">
<Condition><![CDATA[ UCase(Property("SkipAdminAccounts")) = "NO" and UCase(Property("DeploymentType"))<>"REPLACE" and Property("DeploymentType")<>"CUSTOM" and Property("JoinDomain") <> "" ]]></Condition>
</Pane>
Most Wizard Pages are displayed by default, and you can turn them off by using the SkipXxxXxxxxx Page variable to hide them during wizard execution. This page is different, since it was added for MDT 2012, the MDT team decided to leave it *OFF* by default,
instead you must explicitly turn off the SkipAdminAccounts variable by setting it to "NO".
Additionally, you would not need to display this page if you were running a Refresh or a Custom Task Sequence.
Finally, this page does not actually *create* accounts, instead it just adds pre-existing user accounts and adds them to the local Administrators group. This scenario is only valid when you are joining the machine to a domain, so you must Join to the Domain.
If you are interested in adding other local users to the Administrators Group, you should write a script to create the account(s) and add them to the local group. Windows 8.1 has some *gotchas* that have to do with Microsoft Accounts, but that's a different
Story :^).
Keith Garner - keithga.wordpress.com -
Domain Join Issue during Task Sequence
SCCM 2012 R2 CU3 running Primary Site.
Using SCCM task sequence. Everything works except the machine won't join the domain.
Netsetup.log
12/20/2013 10:17:01:583 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
12/20/2013 10:17:01:583 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 10:17:01:583 NetpMachineValidToJoin: status: 0x0
12/20/2013 10:17:01:583 NetpJoinDomain
12/20/2013 10:17:01:583 Machine: 243WIN7BASETST
12/20/2013 10:17:01:583 Domain: judicial
12/20/2013 10:17:01:583 MachineAccountOU: (NULL)
12/20/2013 10:17:01:583 Account: judicial\pcsetup2
12/20/2013 10:17:01:583 Options: 0x27
12/20/2013 10:17:01:583 NetpLoadParameters: loading registry parameters...
12/20/2013 10:17:01:583 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
12/20/2013 10:17:01:583 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
12/20/2013 10:17:01:583 NetpLoadParameters: status: 0x2
12/20/2013 10:17:01:583 NetpValidateName: checking to see if 'judicial' is valid as type 3 name
12/20/2013 10:17:01:692 NetpCheckDomainNameIsValid [ Exists ] for 'judicial' returned 0x0
12/20/2013 10:17:01:692 NetpValidateName: name 'judicial' is valid for type 3
12/20/2013 10:17:01:692 NetpDsGetDcName: trying to find DC in domain 'judicial', flags: 0x40001010
12/20/2013 10:17:16:699 NetpDsGetDcName: failed to find a DC having account '243WIN7BASETST$': 0x525, last error is 0x0
12/20/2013 10:17:16:699 NetpLoadParameters: loading registry parameters...
12/20/2013 10:17:16:699 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
12/20/2013 10:17:16:699 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
12/20/2013 10:17:16:699 NetpLoadParameters: status: 0x2
12/20/2013 10:17:16:699 NetpDsGetDcName: status of verifying DNS A record name resolution for 'ATREYU1V-PII.jis.state.ct.us': 0x0
12/20/2013 10:17:16:699 NetpDsGetDcName: found DC '\\ATREYU1V-PII.jis.state.ct.us' in the specified domain
12/20/2013 10:17:16:699 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
12/20/2013 10:17:16:746 NetpJoinDomain: status of connecting to dc '\\ATREYU1V-PII.jis.state.ct.us': 0x0
12/20/2013 10:17:16:746 NetpProvisionComputerAccount:
12/20/2013 10:17:16:746 lpDomain: judicial
12/20/2013 10:17:16:746 lpMachineName: 243WIN7BASETST
12/20/2013 10:17:16:746 lpMachineAccountOU: (NULL)
12/20/2013 10:17:16:746 lpDcName: ATREYU1V-PII.jis.state.ct.us
12/20/2013 10:17:16:746 lpDnsHostName: (NULL)
12/20/2013 10:17:16:746 lpMachinePassword: (null)
12/20/2013 10:17:16:746 lpAccount: judicial\pcsetup2
12/20/2013 10:17:16:746 lpPassword: (non-null)
12/20/2013 10:17:16:746 dwJoinOptions: 0x27
12/20/2013 10:17:16:746 dwOptions: 0x40000003
12/20/2013 10:17:16:746 NetpLdapBind: Verified minimum encryption strength on ATREYU1V-PII.jis.state.ct.us: 0x0
12/20/2013 10:17:16:746 NetpLdapGetLsaPrimaryDomain: reading domain data
12/20/2013 10:17:16:746 NetpGetNCData: Reading NC data
12/20/2013 10:17:16:746 NetpGetDomainData: Lookup domain data for: DC=jis,DC=state,DC=ct,DC=us
12/20/2013 10:17:16:746 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=jis,DC=state,DC=ct,DC=us
12/20/2013 10:17:16:746 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
12/20/2013 10:17:16:761 NetpGetComputerObjectDn: Cracking DNS domain name jis.state.ct.us/ into Netbios on
\\ATREYU1V-PII.jis.state.ct.us
12/20/2013 10:17:16:761 NetpGetComputerObjectDn: Crack results: name = JUDICIAL\
12/20/2013 10:17:16:761 NetpGetComputerObjectDn: Cracking account name JUDICIAL\243WIN7BASETST$ on
\\ATREYU1V-PII.jis.state.ct.us
12/20/2013 10:17:16:761 NetpGetComputerObjectDn: Crack results: Account does not exist
12/20/2013 10:17:16:761 NetpGetComputerObjectDn: Cracking Netbios domain name JUDICIAL\ into root DN on
\\ATREYU1V-PII.jis.state.ct.us
12/20/2013 10:17:16:761 NetpGetComputerObjectDn: Crack results: name = DC=jis,DC=state,DC=ct,DC=us
12/20/2013 10:17:16:761 NetpGetComputerObjectDn: Got DN CN=243WIN7BASETST,OU=JB New Computers,DC=jis,DC=state,DC=ct,DC=us from the default computer container
12/20/2013 10:17:16:761 NetpModifyComputerObjectInDs: Initial attribute values:
12/20/2013 10:17:16:761 objectClass = Computer
12/20/2013 10:17:16:761 SamAccountName = 243WIN7BASETST$
12/20/2013 10:17:16:761 userAccountControl = 0x1000
12/20/2013 10:17:16:761 DnsHostName = 243WIN7BASETST.jis.state.ct.us
12/20/2013 10:17:16:761 ServicePrincipalName = HOST/243WIN7BASETST.jis.state.ct.us RestrictedKrbHost/243WIN7BASETST.jis.state.ct.us HOST/243WIN7BASETST RestrictedKrbHost/243WIN7BASETST
12/20/2013 10:17:16:761 unicodePwd = <SomePassword>
12/20/2013 10:17:16:761 NetpModifyComputerObjectInDs: Computer Object does not exist in OU
12/20/2013 10:17:16:761 NetpModifyComputerObjectInDs: Attribute values to set:
12/20/2013 10:17:16:761 objectClass = Computer
12/20/2013 10:17:16:761 SamAccountName = 243WIN7BASETST$
12/20/2013 10:17:16:761 userAccountControl = 0x1000
12/20/2013 10:17:16:761 DnsHostName = 243WIN7BASETST.jis.state.ct.us
12/20/2013 10:17:16:761 ServicePrincipalName = HOST/243WIN7BASETST.jis.state.ct.us RestrictedKrbHost/243WIN7BASETST.jis.state.ct.us HOST/243WIN7BASETST RestrictedKrbHost/243WIN7BASETST
12/20/2013 10:17:16:761 unicodePwd = <SomePassword>
12/20/2013 10:17:16:886 NetpEncodeProvisioningBlob: Encoding provisioning data
12/20/2013 10:17:16:886 NetpInitBlobWin7: Constructing blob...
12/20/2013 10:17:16:886 Blob version: 1
12/20/2013 10:17:16:886 lpDomain: judicial
12/20/2013 10:17:16:886 lpMachineName: 243WIN7BASETST
12/20/2013 10:17:16:886 lpMachinePassword: <omitted from log>
12/20/2013 10:17:16:886 DomainDnsPolicy:
12/20/2013 10:17:16:886 Name: JUDICIAL
12/20/2013 10:17:16:886 DnsDomainName: jis.state.ct.us
12/20/2013 10:17:16:886 DnsForestName: jis.state.ct.us
12/20/2013 10:17:16:886 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 10:17:16:886 Sid: S-1-5-21-1552756269-800212831-618671499
12/20/2013 10:17:16:886 DcInfo:
12/20/2013 10:17:16:886 DomainControllerName:
\\ATREYU1V-PII.jis.state.ct.us
12/20/2013 10:17:16:886 DomainControllerAddress:
\\10.16.6.99
12/20/2013 10:17:16:886 DomainControllerAddressType: 1
12/20/2013 10:17:16:886 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 10:17:16:886 DomainName: jis.state.ct.us
12/20/2013 10:17:16:886 DnsForestName: jis.state.ct.us
12/20/2013 10:17:16:886 Flags: 0xe00031fc
12/20/2013 10:17:16:886 DcSiteName: Judicial-Data-Centers
12/20/2013 10:17:16:886 ClientSiteName: EHFD-99ERiver
12/20/2013 10:17:16:886 Options: 0x40000003
12/20/2013 10:17:16:886 NetpInitBlobWin7: Blob pickling result: 0
12/20/2013 10:17:16:886 NetpEncodeProvisioningBlob: result: 0x0
12/20/2013 10:17:16:886 ldap_unbind status: 0x0
12/20/2013 10:17:16:886 NetpRequestOfflineDomainJoin:
12/20/2013 10:17:16:886 dwProvisionBinDataSize: 960
12/20/2013 10:17:16:886 JoinOptions: 0x27
12/20/2013 10:17:16:886 Options: 0x40000003
12/20/2013 10:17:16:886 lpWindowsPath: C:\Windows
12/20/2013 10:17:16:886 NetpDecodeProvisioningBlob: Unpickling provisioning blob with size 960 bytes
12/20/2013 10:17:16:886 NetpDecodeProvisioningBlob: Searching 1 blobs for supported ODJ blob, highest supported version: 1
12/20/2013 10:17:16:886 NetpDecodeProvisioningBlob: Found ODJ blob version: 1
12/20/2013 10:17:16:886 NetpDecodeProvisioningBlob: Selected ODJ blob version: 1
12/20/2013 10:17:16:886 Blob version: 1
12/20/2013 10:17:16:886 lpDomain: judicial
12/20/2013 10:17:16:886 lpMachineName: 243WIN7BASETST
12/20/2013 10:17:16:886 lpMachinePassword: <omitted from log>
12/20/2013 10:17:16:886 DomainDnsPolicy:
12/20/2013 10:17:16:886 Name: JUDICIAL
12/20/2013 10:17:16:886 DnsDomainName: jis.state.ct.us
12/20/2013 10:17:16:886 DnsForestName: jis.state.ct.us
12/20/2013 10:17:16:886 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 10:17:16:886 Sid: S-1-5-21-1552756269-800212831-618671499
12/20/2013 10:17:16:886 DcInfo:
12/20/2013 10:17:16:886 DomainControllerName:
\\ATREYU1V-PII.jis.state.ct.us
12/20/2013 10:17:16:886 DomainControllerAddress:
\\10.16.6.99
12/20/2013 10:17:16:886 DomainControllerAddressType: 1
12/20/2013 10:17:16:886 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 10:17:16:886 DomainName: jis.state.ct.us
12/20/2013 10:17:16:886 DnsForestName: jis.state.ct.us
12/20/2013 10:17:16:886 Flags: 0xe00031fc
12/20/2013 10:17:16:886 DcSiteName: Judicial-Data-Centers
12/20/2013 10:17:16:886 ClientSiteName: EHFD-99ERiver
12/20/2013 10:17:16:886 Options: 0x40000003
12/20/2013 10:17:16:886 NetpDoInitiateOfflineDomainJoin
12/20/2013 10:17:16:886 NetpDoInitiateOfflineDomainJoin: Setting backup/restore privileges
12/20/2013 10:17:16:902 NetpInitiateOfflineJoin
12/20/2013 10:17:16:902 lpLocalRegistryPath: C:\Windows\system32\config\SYSTEM
12/20/2013 10:17:16:902 dwOptions: 0x40000003
12/20/2013 10:17:16:902 NetpConvertBlobToJoinState: Translating provisioning data to internal format
12/20/2013 10:17:16:902 NetpConvertBlobToJoinState: Selecting version 1
12/20/2013 10:17:16:902 NetpConvertBlobToJoinState: exiting: 0x0
12/20/2013 10:17:16:902 NetpValidateFullJoinState: Validating provisioning data...
12/20/2013 10:17:16:902 NetpValidateFullJoinState: exiting: 0x0
12/20/2013 10:17:16:902 NetpClearFullJoinState: Removing cached state from the registry...
12/20/2013 10:17:16:902 NetpClearFullJoinState: Status of deleting join state key 0x2
12/20/2013 10:17:16:902 NetpSaveFullJoinStateInternal: Injecting provisioning data into image...
12/20/2013 10:17:16:902 NetpSaveFullJoinStateInternal: exiting: 0x0
12/20/2013 10:17:16:902 NetpSetComputerNamesOffline: Checking for pending name changes...
12/20/2013 10:17:16:902 SetHostName: TRUE
12/20/2013 10:17:16:902 SetDnsDomain: TRUE
12/20/2013 10:17:16:902 SetNetBiosName: TRUE
12/20/2013 10:17:16:902 SetCurrentValues: TRUE
12/20/2013 10:17:16:902 NetpSetComputerNamesOffline: Setting Hostname to 243WIN7BASETST
12/20/2013 10:17:16:902 NetpSetComputerNamesOffline: Setting Domain name to jis.state.ct.us
12/20/2013 10:17:16:902 NetpSetComputerNamesOffline: Setting NetBios computer name to 243WIN7BASETST
12/20/2013 10:17:16:917 NetpDoInitiateOfflineDomainJoin: status: 0x0
12/20/2013 10:17:16:917 NetRequestOfflineDomainJoin: Successfully initiated the offline domain join
12/20/2013 10:17:16:917 NetpJoinDomainOnDs: Setting netlogon cache.
12/20/2013 10:17:16:917 NetpJoinDomainOnDs: status of setting netlogon cache: 0x0
12/20/2013 10:17:16:917 NetpJoinDomainOnDs: Function exits with status of: 0x0
12/20/2013 10:17:16:917 NetpJoinDomainOnDs: status of disconnecting from '\\ATREYU1V-PII.jis.state.ct.us': 0x0
12/20/2013 10:17:16:917 NetpCompleteOfflineDomainJoin
12/20/2013 10:17:16:917 fBootTimeCaller: FALSE
12/20/2013 10:17:16:917 fSetLocalGroups: TRUE
12/20/2013 10:17:16:917 NetpLsaOpenSecret: status: 0xc0000034
12/20/2013 10:17:16:917 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 10:17:16:917 NetpJoinDomainLocal: NetpHandleJoinedStateInfo returned: 0x0
12/20/2013 10:17:16:917 NetpLsaOpenSecret: status: 0xc0000034
12/20/2013 10:17:17:292 NetpJoinDomainLocal: NetpManageMachineSecret returned: 0x0.
12/20/2013 10:17:17:292 Calling NetpQueryService to get Netlogon service state.
12/20/2013 10:17:17:292 NetpJoinDomainLocal: NetpQueryService returned: 0x0.
12/20/2013 10:17:17:417 NetpSetLsaPrimaryDomain: for 'JUDICIAL' status: 0x0
12/20/2013 10:17:17:417 NetpJoinDomainLocal: status of setting LSA pri. domain: 0x0
12/20/2013 10:17:17:417 NetpManageLocalGroupsForJoin: Adding groups for new domain, removing groups from old domain, if any.
12/20/2013 10:17:17:417 NetpManageLocalGroups: Populating list of account SIDs.
12/20/2013 10:17:17:760 [000004ec] NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 10:17:17:791 NetpManageLocalGroupsForJoin: status of modifying groups related to domain 'JUDICIAL' to local groups: 0x0
12/20/2013 10:17:17:791 NetpManageLocalGroupsForJoin: INFO: No old domain groups to process.
12/20/2013 10:17:17:791 NetpJoinDomainLocal: Status of managing local groups: 0x0
12/20/2013 10:17:18:275 [00000164] NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 10:17:18:665 NetpJoinDomainLocal: status of setting ComputerNamePhysicalDnsDomain to 'jis.state.ct.us': 0x0
12/20/2013 10:17:18:665 NetpJoinDomainLocal: Controlling services and setting service start type.
12/20/2013 10:17:18:665 NetpJoinDomainLocal: Updating W32TimeConfig
12/20/2013 10:17:18:743 NetpUpdateW32timeConfig: 0x0
12/20/2013 10:17:18:743 NetpClearFullJoinState: Removing cached state from the registry...
12/20/2013 10:17:18:743 NetpClearFullJoinState: Status of deleting join state key 0x0
12/20/2013 10:17:18:743 NetpCompleteOfflineDomainJoin: status: 0x0
12/20/2013 10:17:18:743 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
12/20/2013 10:17:18:743 NetpDoDomainJoin: status: 0x0
12/20/2013 10:17:21:953 -----------------------------------------------------------------
12/20/2013 10:17:21:953 NetpChangeMachineName: from '243WIN7BASETST' to '243WIN7BASEtst' using 'judicial\pcsetup2' [0x1000]
12/20/2013 10:17:21:953 NetpDsGetDcName: trying to find DC in domain 'JUDICIAL', flags: 0x1010
12/20/2013 10:17:21:953 NetpDsGetDcName: found DC '\\ATREYU1V-PII' in the specified domain
12/20/2013 10:17:21:953 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 10:17:21:953 NetpGetDnsHostName: Read NV Domain: jis.state.ct.us
12/20/2013 10:17:21:969 NetpGetComputerObjectDn: Cracking account name JUDICIAL\243WIN7BASETST$ on
\\ATREYU1V-PII
12/20/2013 10:17:21:969 NetpGetComputerObjectDn: Crack results: (Account already exists) DN = CN=243WIN7BASETST,OU=JB New Computers,DC=jis,DC=state,DC=ct,DC=us
12/20/2013 10:17:21:969 NetpModifyComputerObjectInDs: Initial attribute values:
12/20/2013 10:17:21:969 DnsHostName = 243WIN7BASEtst.jis.state.ct.us
12/20/2013 10:17:21:969 ServicePrincipalName = HOST/243WIN7BASEtst.jis.state.ct.us RestrictedKrbHost/243WIN7BASEtst.jis.state.ct.us HOST/243WIN7BASETST RestrictedKrbHost/243WIN7BASETST
12/20/2013 10:17:21:985 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
12/20/2013 10:17:21:985 DnsHostName = 243WIN7BASETST.jis.state.ct.us
12/20/2013 10:17:21:985 ServicePrincipalName = RestrictedKrbHost/243WIN7BASETST HOST/243WIN7BASETST RestrictedKrbHost/243WIN7BASETST.jis.state.ct.us HOST/243WIN7BASETST.jis.state.ct.us
12/20/2013 10:17:21:985 NetpModifyComputerObjectInDs: There are _NO_ modifications to do
12/20/2013 10:17:21:985 ldap_unbind status: 0x0
12/20/2013 10:17:21:985 NetpChangeMachineName: status of setting DnsHostName and SPN: 0x0
12/20/2013 13:30:34:370 -----------------------------------------------------------------
12/20/2013 13:30:34:440 NetpValidateName: checking to see if '243WIN7BASETST' is valid as type 1 name
12/20/2013 13:30:34:460 NetpCheckNetBiosNameNotInUse for '243WIN7BASETST' [MACHINE] returned 0x0
12/20/2013 13:30:34:460 NetpValidateName: name '243WIN7BASETST' is valid for type 1
12/20/2013 13:30:34:553 -----------------------------------------------------------------
12/20/2013 13:30:34:553 NetpValidateName: checking to see if '243WIN7BASEtst.jis.state.ct.us' is valid as type 5 name
12/20/2013 13:30:34:553 NetpValidateName: name '243WIN7BASEtst.jis.state.ct.us' is valid for type 5
12/20/2013 13:30:34:569 -----------------------------------------------------------------
12/20/2013 13:30:34:569 NetpValidateName: checking to see if 'JIS' is valid as type 2 name
12/20/2013 13:30:34:569 NetpCheckNetBiosNameNotInUse for 'JIS' [ Workgroup as MACHINE] returned 0x0
12/20/2013 13:30:34:569 NetpValidateName: name 'JIS' is valid for type 2
12/20/2013 13:30:34:585 -----------------------------------------------------------------
12/20/2013 13:30:34:585 NetpUnJoinDomain: unjoin from 'JUDICIAL' using '(null)' creds, options: 0x4
12/20/2013 13:30:34:585 OS Version: 6.1
12/20/2013 13:30:34:585 Build number: 7601 (7601.win7sp1_rtm.101119-1850)
12/20/2013 13:30:34:585 ServicePack: Service Pack 1
12/20/2013 13:30:34:585 SKU: Windows 7 Professional
12/20/2013 13:30:34:585 NetpUnJoinDomain: status of getting computer name: 0x0
12/20/2013 13:30:34:585 NetpApplyJoinState: actions: 0x2b805a
12/20/2013 13:30:34:585 NetpDsGetDcName: trying to find DC in domain 'JUDICIAL', flags: 0x1010
12/20/2013 13:30:34:694 NetpDsGetDcName: found DC '\\ATREYU1V-PII' in the specified domain
12/20/2013 13:30:34:819 NetUseAdd to \\ATREYU1V-PII\IPC$ returned 1326
12/20/2013 13:30:34:819 Trying add to
\\ATREYU1V-PII\IPC$ using NULL Session
12/20/2013 13:30:34:850 NetpApplyJoinState: status of connecting to dc '\\ATREYU1V-PII': 0x0
12/20/2013 13:30:36:113 NetpApplyJoinState: status of stopping and setting start type of Netlogon to 16: 0x0
12/20/2013 13:30:36:145 NetpApplyJoinState: NON FATAL: status of removing DNS registrations: 0x0
12/20/2013 13:30:36:145 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:36:145 NetpLsaOpenSecret: status: 0x0
12/20/2013 13:30:36:145 NetpLsaOpenSecret: status: 0x0
12/20/2013 13:30:36:410 SamOpenUser on 48956 failed with 0xc0000022
12/20/2013 13:30:36:410 NetpManageMachineAccountWithSid: status of disabling account '243WIN7BASETST$' on '\\ATREYU1V-PII': 0x5
12/20/2013 13:30:36:410 NetpApplyJoinState: status of disabling account: 0x5
12/20/2013 13:30:36:410 NetpApplyJoinState: initiating a rollback due to earlier errors
12/20/2013 13:30:36:410 NetpApplyJoinState: actions: 0x440210
12/20/2013 13:30:36:410 NetpDsGetDcName: trying to find DC in domain '(null)', flags: 0x1020
12/20/2013 13:30:36:425 NetpDsGetDcName: found DC '\\ATREYU1V-PII.jis.state.ct.us' in the specified domain
12/20/2013 13:30:36:441 NetUseAdd to
\\ATREYU1V-PII.jis.state.ct.us\IPC$ returned 1326
12/20/2013 13:30:36:441 Trying add to
\\ATREYU1V-PII.jis.state.ct.us\IPC$ using NULL Session
12/20/2013 13:30:36:441 NetpApplyJoinState: status of connecting to dc '\\ATREYU1V-PII.jis.state.ct.us': 0x0
12/20/2013 13:30:36:441 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:36:441 NetpLsaOpenSecret: status: 0xc0000034
12/20/2013 13:30:36:675 NetpSetMachineAccountPassword: NetUserSetInfo (level 1003) on '\\ATREYU1V-PII.jis.state.ct.us' for '243WIN7BASETST$' failed: 0x5
12/20/2013 13:30:36:675 NetpApplyJoinState: status of setting machine password: 0x5
12/20/2013 13:30:36:956 NetpApplyJoinState: status of starting and setting start type of Netlogon to 4: 0x0
12/20/2013 13:30:36:956 NetpApplyJoinState: NON FATAL: status of adding DNS registrations: 0x0
12/20/2013 13:30:36:956 NetpApplyJoinState: status of disconnecting from '\\ATREYU1V-PII.jis.state.ct.us': 0x0
12/20/2013 13:30:36:956 NetpApplyJoinState: status of disconnecting from '\\ATREYU1V-PII': 0x0
12/20/2013 13:30:36:956 NetpUnJoinDomain: status: 0x5
12/20/2013 13:30:41:886 -----------------------------------------------------------------
12/20/2013 13:30:41:886 NetpUnJoinDomain: unjoin from 'JUDICIAL' using 'jis.state.ct.us\a' creds, options: 0x4
12/20/2013 13:30:41:886 OS Version: 6.1
12/20/2013 13:30:41:886 Build number: 7601 (7601.win7sp1_rtm.101119-1850)
12/20/2013 13:30:41:886 ServicePack: Service Pack 1
12/20/2013 13:30:41:886 SKU: Windows 7 Professional
12/20/2013 13:30:41:886 NetpUnJoinDomain: status of getting computer name: 0x0
12/20/2013 13:30:41:886 NetpApplyJoinState: actions: 0x2b805a
12/20/2013 13:30:41:886 NetpDsGetDcName: trying to find DC in domain 'JUDICIAL', flags: 0x1010
12/20/2013 13:30:41:886 NetpDsGetDcName: found DC '\\ATREYU1V-PII' in the specified domain
12/20/2013 13:30:44:974 NetUseAdd to \\ATREYU1V-PII\IPC$ returned 1326
12/20/2013 13:30:44:974 Trying add to
\\ATREYU1V-PII\IPC$ using NULL Session
12/20/2013 13:30:44:990 NetpApplyJoinState: status of connecting to dc '\\ATREYU1V-PII': 0x0
12/20/2013 13:30:46:301 NetpApplyJoinState: status of stopping and setting start type of Netlogon to 16: 0x0
12/20/2013 13:30:46:301 NetpApplyJoinState: NON FATAL: status of removing DNS registrations: 0x0
12/20/2013 13:30:46:301 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:46:301 NetpLsaOpenSecret: status: 0x0
12/20/2013 13:30:46:301 NetpLsaOpenSecret: status: 0x0
12/20/2013 13:30:46:394 SamOpenUser on 48956 failed with 0xc0000022
12/20/2013 13:30:46:394 NetpManageMachineAccountWithSid: status of disabling account '243WIN7BASETST$' on '\\ATREYU1V-PII': 0x5
12/20/2013 13:30:46:394 NetpApplyJoinState: status of disabling account: 0x5
12/20/2013 13:30:46:394 NetpApplyJoinState: initiating a rollback due to earlier errors
12/20/2013 13:30:46:394 NetpApplyJoinState: actions: 0x440210
12/20/2013 13:30:46:394 NetpDsGetDcName: trying to find DC in domain '(null)', flags: 0x1020
12/20/2013 13:30:46:410 NetpDsGetDcName: found DC '\\ATREYU1V-PII.jis.state.ct.us' in the specified domain
12/20/2013 13:30:46:425 NetUseAdd to
\\ATREYU1V-PII.jis.state.ct.us\IPC$ returned 1326
12/20/2013 13:30:46:425 Trying add to
\\ATREYU1V-PII.jis.state.ct.us\IPC$ using NULL Session
12/20/2013 13:30:46:425 NetpApplyJoinState: status of connecting to dc '\\ATREYU1V-PII.jis.state.ct.us': 0x0
12/20/2013 13:30:46:425 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:46:425 NetpLsaOpenSecret: status: 0xc0000034
12/20/2013 13:30:46:659 NetpSetMachineAccountPassword: NetUserSetInfo (level 1003) on '\\ATREYU1V-PII.jis.state.ct.us' for '243WIN7BASETST$' failed: 0x5
12/20/2013 13:30:46:659 NetpApplyJoinState: status of setting machine password: 0x5
12/20/2013 13:30:46:815 NetpApplyJoinState: status of starting and setting start type of Netlogon to 4: 0x0
12/20/2013 13:30:46:815 NetpApplyJoinState: NON FATAL: status of adding DNS registrations: 0x0
12/20/2013 13:30:46:815 NetpApplyJoinState: status of disconnecting from '\\ATREYU1V-PII.jis.state.ct.us': 0x0
12/20/2013 13:30:46:815 NetpApplyJoinState: status of disconnecting from '\\ATREYU1V-PII': 0x0
12/20/2013 13:30:46:815 NetpUnJoinDomain: status: 0x5
12/20/2013 13:30:46:831 -----------------------------------------------------------------
12/20/2013 13:30:46:831 NetpUnJoinDomain: unjoin from 'JUDICIAL' using 'jis.state.ct.us\a' creds, options: 0x0
12/20/2013 13:30:46:831 OS Version: 6.1
12/20/2013 13:30:46:831 Build number: 7601 (7601.win7sp1_rtm.101119-1850)
12/20/2013 13:30:46:831 ServicePack: Service Pack 1
12/20/2013 13:30:46:831 SKU: Windows 7 Professional
12/20/2013 13:30:46:831 NetpUnJoinDomain: status of getting computer name: 0x0
12/20/2013 13:30:46:831 NetpApplyJoinState: actions: 0x2b005a
12/20/2013 13:30:47:096 [000009d8] NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:47:611 [000004e8] NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:48:173 NetpApplyJoinState: status of stopping and setting start type of Netlogon to 16: 0x0
12/20/2013 13:30:48:173 NetpApplyJoinState: NON FATAL: status of removing DNS registrations: 0x0
12/20/2013 13:30:48:173 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:48:173 NetpLsaOpenSecret: status: 0x0
12/20/2013 13:30:48:173 NetpLsaOpenSecret: status: 0x0
12/20/2013 13:30:48:391 NetpSetLsaPrimaryDomain: for 'JUDICIAL' status: 0x0
12/20/2013 13:30:48:391 NetpApplyJoinState: status of setting LSA pri. domain: 0x0
12/20/2013 13:30:48:625 NetpApplyJoinState: status of clearing ComputerNamePhysicalDnsDomain: 0x0
12/20/2013 13:30:48:625 NetpManageLocalGroups: Populating list of account SIDs.
12/20/2013 13:30:48:858 [000004e8] NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:48:889 NetpApplyJoinState: status of removing from local groups: 0x0
12/20/2013 13:30:48:889 NetpUpdateW32timeConfig: 0x0
12/20/2013 13:30:48:905 NetpUnJoinDomain: status: 0x0
12/20/2013 13:30:48:936 -----------------------------------------------------------------
12/20/2013 13:30:48:936 NetpDoDomainJoin
12/20/2013 13:30:48:936 NetpMachineValidToJoin: '243WIN7BASETST'
12/20/2013 13:30:48:936 OS Version: 6.1
12/20/2013 13:30:48:936 Build number: 7601 (7601.win7sp1_rtm.101119-1850)
12/20/2013 13:30:48:936 ServicePack: Service Pack 1
12/20/2013 13:30:48:952 SKU: Windows 7 Professional
12/20/2013 13:30:48:952 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 13:30:48:952 NetpMachineValidToJoin: status: 0x0
12/20/2013 13:30:48:952 NetpJoinWorkgroup: joining computer '243WIN7BASETST' to workgroup 'JIS'
12/20/2013 13:30:48:952 NetpValidateName: checking to see if 'JIS' is valid as type 2 name
12/20/2013 13:30:48:952 NetpCheckNetBiosNameNotInUse for 'JIS' [ Workgroup as MACHINE] returned 0x0
12/20/2013 13:30:48:952 NetpValidateName: name 'JIS' is valid for type 2
12/20/2013 13:30:49:077 NetpSetLsaPrimaryDomain: for 'JIS' status: 0x0
12/20/2013 13:30:49:295 NetpJoinWorkgroup: status: 0x0
12/20/2013 13:30:49:295 NetpDoDomainJoin: status: 0x0
12/20/2013 13:39:24:681 -----------------------------------------------------------------
12/20/2013 13:39:24:697 NetpValidateName: checking to see if 'WIN7SP1BASE' is valid as type 1 name
12/20/2013 13:39:24:728 NetpCheckNetBiosNameNotInUse for 'WIN7SP1BASE' [MACHINE] returned 0x0
12/20/2013 13:39:24:728 NetpValidateName: name 'WIN7SP1BASE' is valid for type 1
12/20/2013 13:39:24:775 -----------------------------------------------------------------
12/20/2013 13:39:24:775 NetpValidateName: checking to see if 'WIN7SP1BASE' is valid as type 5 name
12/20/2013 13:39:24:775 NetpValidateName: name 'WIN7SP1BASE' is valid for type 5
12/20/2013 14:22:43:445 -----------------------------------------------------------------
12/20/2013 14:22:43:445 NetpValidateName: checking to see if '243WIN7BASETST' is valid as type 1 name
12/20/2013 14:22:43:445 NetpCheckNetBiosNameNotInUse for '243WIN7BASETST' [MACHINE] returned 0x0
12/20/2013 14:22:43:445 NetpValidateName: name '243WIN7BASETST' is valid for type 1
12/20/2013 14:22:43:508 -----------------------------------------------------------------
12/20/2013 14:22:43:508 NetpValidateName: checking to see if '243WIN7BASEtst' is valid as type 5 name
12/20/2013 14:22:43:508 NetpValidateName: name '243WIN7BASEtst' is valid for type 5
12/20/2013 14:26:14:548 -----------------------------------------------------------------
12/20/2013 14:26:14:548 NetpValidateName: checking to see if '243WIN7BASETST' is valid as type 1 name
12/20/2013 14:26:14:548 NetpCheckNetBiosNameNotInUse for '243WIN7BASETST' [MACHINE] returned 0x0
12/20/2013 14:26:14:548 NetpValidateName: name '243WIN7BASETST' is valid for type 1
12/20/2013 14:26:14:595 -----------------------------------------------------------------
12/20/2013 14:26:14:595 NetpValidateName: checking to see if '243WIN7BASEtst' is valid as type 5 name
12/20/2013 14:26:14:595 NetpValidateName: name '243WIN7BASEtst' is valid for type 5
12/20/2013 14:26:14:626 -----------------------------------------------------------------
12/20/2013 14:26:14:626 NetpValidateName: checking to see if 'judicial' is valid as type 3 name
12/20/2013 14:26:14:751 NetpCheckDomainNameIsValid [ Exists ] for 'judicial' returned 0x0
12/20/2013 14:26:14:751 NetpValidateName: name 'judicial' is valid for type 3
12/20/2013 14:26:25:156 -----------------------------------------------------------------
12/20/2013 14:26:25:156 NetpDoDomainJoin
12/20/2013 14:26:25:156 NetpMachineValidToJoin: '243WIN7BASETST'
12/20/2013 14:26:25:156 OS Version: 6.1
12/20/2013 14:26:25:156 Build number: 7601 (7601.win7sp1_rtm.101119-1850)
12/20/2013 14:26:25:156 ServicePack: Service Pack 1
12/20/2013 14:26:25:156 SKU: Windows 7 Professional
12/20/2013 14:26:25:156 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
12/20/2013 14:26:25:156 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 14:26:25:156 NetpMachineValidToJoin: status: 0x0
12/20/2013 14:26:25:156 NetpJoinDomain
12/20/2013 14:26:25:156 Machine: 243WIN7BASETST
12/20/2013 14:26:25:156 Domain: judicial
12/20/2013 14:26:25:156 MachineAccountOU: (NULL)
12/20/2013 14:26:25:156 Account: judicial\pcsetup2
12/20/2013 14:26:25:156 Options: 0x25
12/20/2013 14:26:25:156 NetpLoadParameters: loading registry parameters...
12/20/2013 14:26:25:156 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
12/20/2013 14:26:25:156 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
12/20/2013 14:26:25:156 NetpLoadParameters: status: 0x2
12/20/2013 14:26:25:156 NetpValidateName: checking to see if 'judicial' is valid as type 3 name
12/20/2013 14:26:25:265 NetpCheckDomainNameIsValid [ Exists ] for 'judicial' returned 0x0
12/20/2013 14:26:25:265 NetpValidateName: name 'judicial' is valid for type 3
12/20/2013 14:26:25:265 NetpDsGetDcName: trying to find DC in domain 'judicial', flags: 0x40001010
12/20/2013 14:26:25:374 NetpLoadParameters: loading registry parameters...
12/20/2013 14:26:25:374 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
12/20/2013 14:26:25:374 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
12/20/2013 14:26:25:374 NetpLoadParameters: status: 0x2
12/20/2013 14:26:25:374 NetpDsGetDcName: status of verifying DNS A record name resolution for 'Wabash00-PII.jis.state.ct.us': 0x0
12/20/2013 14:26:25:374 NetpDsGetDcName: found DC '\\Wabash00-PII.jis.state.ct.us' in the specified domain
12/20/2013 14:26:25:374 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
12/20/2013 14:26:25:608 NetpJoinDomain: status of connecting to dc '\\Wabash00-PII.jis.state.ct.us': 0x0
12/20/2013 14:26:25:608 NetpProvisionComputerAccount:
12/20/2013 14:26:25:608 lpDomain: judicial
12/20/2013 14:26:25:608 lpMachineName: 243WIN7BASETST
12/20/2013 14:26:25:608 lpMachineAccountOU: (NULL)
12/20/2013 14:26:25:608 lpDcName: Wabash00-PII.jis.state.ct.us
12/20/2013 14:26:25:608 lpDnsHostName: (NULL)
12/20/2013 14:26:25:608 lpMachinePassword: (null)
12/20/2013 14:26:25:608 lpAccount: judicial\pcsetup2
12/20/2013 14:26:25:608 lpPassword: (non-null)
12/20/2013 14:26:25:608 dwJoinOptions: 0x25
12/20/2013 14:26:25:608 dwOptions: 0x40000003
12/20/2013 14:26:25:749 NetpLdapBind: Verified minimum encryption strength on Wabash00-PII.jis.state.ct.us: 0x0
12/20/2013 14:26:25:749 NetpLdapGetLsaPrimaryDomain: reading domain data
12/20/2013 14:26:25:749 NetpGetNCData: Reading NC data
12/20/2013 14:26:25:764 NetpGetDomainData: Lookup domain data for: DC=jis,DC=state,DC=ct,DC=us
12/20/2013 14:26:25:764 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=jis,DC=state,DC=ct,DC=us
12/20/2013 14:26:25:764 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
12/20/2013 14:26:25:780 NetpGetComputerObjectDn: Cracking DNS domain name jis.state.ct.us/ into Netbios on
\\Wabash00-PII.jis.state.ct.us
12/20/2013 14:26:25:780 NetpGetComputerObjectDn: Crack results: name = JUDICIAL\
12/20/2013 14:26:25:780 NetpGetComputerObjectDn: Cracking account name JUDICIAL\243WIN7BASETST$ on
\\Wabash00-PII.jis.state.ct.us
12/20/2013 14:26:25:796 NetpGetComputerObjectDn: Crack results: (Account already exists) DN = CN=243WIN7BASETST,OU=JB New Computers,DC=jis,DC=state,DC=ct,DC=us
12/20/2013 14:26:25:796 NetpModifyComputerObjectInDs: Initial attribute values:
12/20/2013 14:26:25:796 objectClass = Computer
12/20/2013 14:26:25:796 SamAccountName = 243WIN7BASETST$
12/20/2013 14:26:25:796 userAccountControl = 0x1000
12/20/2013 14:26:25:796 DnsHostName = 243WIN7BASETST.jis.state.ct.us
12/20/2013 14:26:25:796 ServicePrincipalName = HOST/243WIN7BASETST.jis.state.ct.us RestrictedKrbHost/243WIN7BASETST.jis.state.ct.us HOST/243WIN7BASETST RestrictedKrbHost/243WIN7BASETST
12/20/2013 14:26:25:796 unicodePwd = <SomePassword>
12/20/2013 14:26:25:796 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
12/20/2013 14:26:25:796 objectClass = top person organizationalPerson user computer
12/20/2013 14:26:25:796 SamAccountName = 243WIN7BASETST$
12/20/2013 14:26:25:796 userAccountControl = 0x1000
12/20/2013 14:26:25:796 DnsHostName = 243WIN7BASETST.jis.state.ct.us
12/20/2013 14:26:25:796 ServicePrincipalName = TERMSRV/243WIN7BASETST TERMSRV/243WIN7BASEtst.jis.state.ct.us RestrictedKrbHost/243WIN7BASETST HOST/243WIN7BASETST RestrictedKrbHost/243WIN7BASETST.jis.state.ct.us
HOST/243WIN7BASETST.jis.state.ct.us
12/20/2013 14:26:25:796 unicodePwd = Account exists, resetting password: <SomePassword>
12/20/2013 14:26:25:796 NetpModifyComputerObjectInDs: Attribute values to set:
12/20/2013 14:26:25:796 unicodePwd = <SomePassword>
12/20/2013 14:26:25:967 NetpModifyComputerObjectInDs: Toggled UserAccountControl successfully
12/20/2013 14:26:25:967 NetpEncodeProvisioningBlob: Encoding provisioning data
12/20/2013 14:26:25:967 NetpInitBlobWin7: Constructing blob...
12/20/2013 14:26:25:967 Blob version: 1
12/20/2013 14:26:25:967 lpDomain: judicial
12/20/2013 14:26:25:967 lpMachineName: 243WIN7BASETST
12/20/2013 14:26:25:967 lpMachinePassword: <omitted from log>
12/20/2013 14:26:25:967 DomainDnsPolicy:
12/20/2013 14:26:25:967 Name: JUDICIAL
12/20/2013 14:26:25:967 DnsDomainName: jis.state.ct.us
12/20/2013 14:26:25:967 DnsForestName: jis.state.ct.us
12/20/2013 14:26:25:967 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 14:26:25:967 Sid: S-1-5-21-1552756269-800212831-618671499
12/20/2013 14:26:25:967 DcInfo:
12/20/2013 14:26:25:967 DomainControllerName:
\\Wabash00-PII.jis.state.ct.us
12/20/2013 14:26:25:967 DomainControllerAddress:
\\10.16.8.100
12/20/2013 14:26:25:967 DomainControllerAddressType: 1
12/20/2013 14:26:25:967 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 14:26:25:967 DomainName: jis.state.ct.us
12/20/2013 14:26:25:967 DnsForestName: jis.state.ct.us
12/20/2013 14:26:25:967 Flags: 0xe00033fc
12/20/2013 14:26:25:967 DcSiteName: Judicial-Data-Centers
12/20/2013 14:26:25:967 ClientSiteName: EHFD-99ERiver
12/20/2013 14:26:25:983 Options: 0x40000003
12/20/2013 14:26:25:983 NetpInitBlobWin7: Blob pickling result: 0
12/20/2013 14:26:25:983 NetpEncodeProvisioningBlob: result: 0x0
12/20/2013 14:26:25:983 ldap_unbind status: 0x0
12/20/2013 14:26:25:983 NetpRequestOfflineDomainJoin:
12/20/2013 14:26:25:983 dwProvisionBinDataSize: 960
12/20/2013 14:26:25:983 JoinOptions: 0x25
12/20/2013 14:26:25:983 Options: 0x40000003
12/20/2013 14:26:25:983 lpWindowsPath: C:\Windows
12/20/2013 14:26:25:983 NetpDecodeProvisioningBlob: Unpickling provisioning blob with size 960 bytes
12/20/2013 14:26:25:983 NetpDecodeProvisioningBlob: Searching 1 blobs for supported ODJ blob, highest supported version: 1
12/20/2013 14:26:25:983 NetpDecodeProvisioningBlob: Found ODJ blob version: 1
12/20/2013 14:26:25:983 NetpDecodeProvisioningBlob: Selected ODJ blob version: 1
12/20/2013 14:26:25:983 Blob version: 1
12/20/2013 14:26:25:983 lpDomain: judicial
12/20/2013 14:26:25:983 lpMachineName: 243WIN7BASETST
12/20/2013 14:26:25:983 lpMachinePassword: <omitted from log>
12/20/2013 14:26:25:983 DomainDnsPolicy:
12/20/2013 14:26:25:983 Name: JUDICIAL
12/20/2013 14:26:25:983 DnsDomainName: jis.state.ct.us
12/20/2013 14:26:25:983 DnsForestName: jis.state.ct.us
12/20/2013 14:26:25:983 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 14:26:25:983 Sid: S-1-5-21-1552756269-800212831-618671499
12/20/2013 14:26:25:983 DcInfo:
12/20/2013 14:26:25:983 DomainControllerName:
\\Wabash00-PII.jis.state.ct.us
12/20/2013 14:26:25:983 DomainControllerAddress:
\\10.16.8.100
12/20/2013 14:26:25:983 DomainControllerAddressType: 1
12/20/2013 14:26:25:983 DomainGuid: 8108ed1e-d08f-40a0-8089-598b7f58e1e7
12/20/2013 14:26:25:983 DomainName: jis.state.ct.us
12/20/2013 14:26:25:983 DnsForestName: jis.state.ct.us
12/20/2013 14:26:25:983 Flags: 0xe00033fc
12/20/2013 14:26:25:983 DcSiteName: Judicial-Data-Centers
12/20/2013 14:26:25:983 ClientSiteName: EHFD-99ERiver
12/20/2013 14:26:25:983 Options: 0x40000003
12/20/2013 14:26:25:983 NetpDoInitiateOfflineDomainJoin
12/20/2013 14:26:25:983 NetpDoInitiateOfflineDomainJoin: Setting backup/restore privileges
12/20/2013 14:26:25:983 NetpInitiateOfflineJoin
12/20/2013 14:26:25:983 lpLocalRegistryPath: C:\Windows\system32\config\SYSTEM
12/20/2013 14:26:25:983 dwOptions: 0x40000003
12/20/2013 14:26:25:983 NetpConvertBlobToJoinState: Translating provisioning data to internal format
12/20/2013 14:26:25:983 NetpConvertBlobToJoinState: Selecting version 1
12/20/2013 14:26:25:983 NetpConvertBlobToJoinState: exiting: 0x0
12/20/2013 14:26:25:983 NetpValidateFullJoinState: Validating provisioning data...
12/20/2013 14:26:25:983 NetpValidateFullJoinState: exiting: 0x0
12/20/2013 14:26:25:983 NetpClearFullJoinState: Removing cached state from the registry...
12/20/2013 14:26:25:983 NetpClearFullJoinState: Status of deleting join state key 0x2
12/20/2013 14:26:25:983 NetpSaveFullJoinStateInternal: Injecting provisioning data into image...
12/20/2013 14:26:25:983 NetpSaveFullJoinStateInternal: exiting: 0x0
12/20/2013 14:26:25:983 NetpSetComputerNamesOffline: Checking for pending name changes...
12/20/2013 14:26:25:983 SetHostName: TRUE
12/20/2013 14:26:25:983 SetDnsDomain: TRUE
12/20/2013 14:26:25:983 SetNetBiosName: TRUE
12/20/2013 14:26:25:983 SetCurrentValues: TRUE
12/20/2013 14:26:25:983 NetpSetComputerNamesOffline: Setting Hostname to 243WIN7BASETST
12/20/2013 14:26:25:983 NetpSetComputerNamesOffline: Setting Domain name to jis.state.ct.us
12/20/2013 14:26:25:983 NetpSetComputerNamesOffline: Setting NetBios computer name to 243WIN7BASETST
12/20/2013 14:26:25:983 NetpDoInitiateOfflineDomainJoin: status: 0x0
12/20/2013 14:26:25:983 NetRequestOfflineDomainJoin: Successfully initiated the offline domain join
12/20/2013 14:26:25:983 NetpJoinDomainOnDs: Setting netlogon cache.
12/20/2013 14:26:26:014 NetpJoinDomainOnDs: status of setting netlogon cache: 0x0
12/20/2013 14:26:26:014 NetpJoinDomainOnDs: Function exits with status of: 0x0
12/20/2013 14:26:26:014 NetpJoinDomainOnDs: status of disconnecting from '\\Wabash00-PII.jis.state.ct.us': 0x0
12/20/2013 14:26:26:014 NetpCompleteOfflineDomainJoin
12/20/2013 14:26:26:014 fBootTimeCaller: FALSE
12/20/2013 14:26:26:014 fSetLocalGroups: TRUE
12/20/2013 14:26:26:014 NetpLsaOpenSecret: status: 0xc0000034
12/20/2013 14:26:26:030 NetpGetLsaPrimaryDomain: status: 0x0
12/20/2013 14:26:26:030 NetpJoinDomainLocal: NetpHandleJoinedStateInfo returned: 0x0
12/20/2013 14:26:26:030 NetpLsaOpenSecret: status: 0xc0000034
12/20/2013 14:26:26:326 NetpJoinDomainLocal: NetpManageMachineSecret returned: 0x0.
12/20/2013 14:26:26:326 Calling NetpQueryService to get Netlogon service state.
12/20/2013 14:26:26:326 NetpJoinDomainLocal: NetpQueryService returned: 0x0.
12/20/2013 14:26:26:420 NetpSetLsaPrimaryDomain: for 'JUDICIAL' status: 0x0
12/20/2013 14:26:26:420 NetpJoinDomainLocal: status of setting LSA pri. domain: 0x0
12/20/2013 14:26:26:420 NetpManageLocalGroupsForJoin: Adding groups for new domain, removing groups from old domain, if any.
Windows IP Configuration from machine not joining the domain
Host Name . . . . . . . . . . . . : 243sccmtest5
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jis.state.ct.us
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : jis.state.ct.us
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection #2
Physical Address. . . . . . . . . : B4-B5-2F-C0-D1-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::857e:ee89:64be:e243%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.16.211.236(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, November 12, 2014 11:59:47 AM
Lease Expires . . . . . . . . . . : Wednesday, November 12, 2014 7:59:46 PM
Default Gateway . . . . . . . . . : fe80::21f:6cff:febf:4bf%12
10.16.211.1
DHCP Server . . . . . . . . . . . : 10.16.204.101
DNS Servers . . . . . . . . . . . : 10.16.8.100
10.16.5.100
10.16.6.100
10.16.206.100
10.16.204.100
Primary WINS Server . . . . . . . : 10.16.8.100
Secondary WINS Server . . . . . . : 10.16.5.100
10.16.6.100
10.16.206.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : jis.state.ct.us
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Windows IP Configuration from Domain Joined Machine
Host Name . . . . . . . . . . . . : 2433ZENTEST01PC
Primary Dns Suffix . . . . . . . : jis.state.ct.us
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jis.state.ct.us
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : jis.state.ct.us
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 74-46-A0-90-37-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.16.211.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 15, 2014 7:39:26 AM
Lease Expires . . . . . . . . . . : Wednesday, November 12, 2014 8:40:50 PM
Default Gateway . . . . . . . . . : 10.16.211.1
DHCP Server . . . . . . . . . . . : 10.16.4.101
DNS Servers . . . . . . . . . . . : 10.16.8.100
10.16.5.100
10.16.6.100
10.16.206.100
Primary WINS Server . . . . . . . : 10.16.5.100
Secondary WINS Server . . . . . . : 10.16.8.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Seems like DNS IssueHi,
Have you tried to delete the computer account from AD?
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Advice about choosing Domain Name for AD
Before starting this theard I already read article of Ace Fekay about choosing domain name.
And this theard : Choosing AD domain name (cant post link)
I want to setup server with AD so I can easy deploy programs, settings and use one place
for user accounts.
I already have one domain that I use for FTP server and that domain points to my external IP.
Now I want to use that domain for AD and IIS. I know about pros\cons doing that and I think that isn't problem for me.
Is it possible to do it, will it work and will I have problem joining clients to domain?
If possible I want to make that AD join-able from Internet (because I have clients that is in other cities but want cetralized location). I was thinking about using .local domain (and VPN) and if needed to edit host file but I'm scared that don't make problems
to client. (I want as much as possible to it be easy)
Can I do it with existing domain or I need to buy new (and if need, what actually I need to ask my ISP for) (I would like to work with current domain, that will help me a lot)?
Thanks in advance.You can do with existing domain. You can use directaccess feature to perform domain join & access your domain resources securely without requiring VPN.You can also utilize offline domain join.
http://technet.microsoft.com/en-us/library/jj574150.aspx
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/17/new-features-in-active-directory-domain-services-in-windows-server-2012-part-19-offline-domain-join-improvements.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Hi All,
We are facing a issue with domain joining against RODC
We have a RODC which is separated from RWDC using firewall. The replication is configured using IPSEC and all is working fine.
The servers in RODC site do not have any connectivity to RWDC. We add the Servers in RODC site by following the script mentioned in the below link
https://technet.microsoft.com/en-us/library/dd728035(v=ws.10).aspx
The Servers which are in same subnet as RODC are able to join and login properly into the Domain. But the servers which are in different subnet are not able to join Domain and giving error “ Specified Domain either does not exist or cannot be contacted”
I am able to ping the RODC using IP and FQDN but not using netbios name
Nslookup works for FQDN of RODC and Domain name but fails for netbios names
I have checked the link http://blogs.technet.com/b/networking/archive/2008/07/25/netbios-browsing-across-subnets-may-fail-after-upgrading-to-windows-server-2008.aspx and as per that the browser service is started in PDC as well as in RODC
The subnet of Server is associated to RODC site
I have created a registry entry SiteName in the server and specified the RODC site
Checked at network level and nothing is blocked there
Tried creating the record for in host file but no useHi All,
We are facing a issue with domain joining against RODC
We have a RODC which is separated from RWDC using firewall. The replication is configured using IPSEC and all is working fine.
The servers in RODC site do not have any connectivity to RWDC. We add the Servers in RODC site by following the script mentioned in the below link
Firstly if you have RODC in a site, place a RWDC in that site as well OR enable
Bridge all site links. Also you need to provision the computer accounts in your RWDC, in that case the computer accounts will be replicated to the RODC and you can join. Look at RODC section here:
Offline Domain Join
Reading this link by Jorge is highly recommended:
Domain Join through an RODC instead of an RWDC
Do not forget that if your windows server are 2003 they need to have direct connectivity to the RWDC for tasks like password changing. Also for time synchronization, an RODC is authorized to sync the computers time if and only if the computer password is
cached, otherwise the computer must contact the RWDC directly.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or
to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
MDT 2012 Blue Screen AHCIX64s.sys
Hello All,
I am having a problem after updating my deployment share image for MDT 2012. I am pretty sure the deployment share had not been updated in about 4-5 months and we had recently received some new hardware and added new drivers to MDT. I added the
drivers, and 3 of the 4 models booted just fine, the 4th claimed it didn't have drivers.
SO I went through and updated the boot image and added the new image to WDS. Now when I attempt to netboot any machine, I get a BLUE SCREEN OF DEATH referencing ahcix64s.sys. I went through every driver I could find for the last 6-12 months that
referenced ahci and unchecked "enable this driver". I then went through and updated the deployment share and added the new image to WDS. I am still getting the BLUE SCREEN OF DEATH.
Any suggestions on how to fix this? DO I need to delete all the drivers, as opposed to unchecking the "enable this driver"?
JoeAre you getting the BugCheck on all machines or just one machine? Specifically, what is the error?
I have encountered problems with the Intel ACHI driver, since the *.inf file is identical between x86 and x64 it's difficult to know which driver package is for which OS. Hopefully MDT is doing the right thing here, and filtering out the correct version. How
many achi driver versions are being injected into the WinPE image (check the DISM.log)?
-k
Keith Garner - keithga.wordpress.com -
Problem when joining the domain MDT 2012
Windows 2008 R2, MDT 2012 Update 1
Hi,
CustomSettings.ini is configured to create computers in different OU's depending on their gateway. Works well.<o:p></o:p>
But when the computer exists it won’t move the computer to the right OU. How can I make it move to the right OU?<o:p></o:p>
Thx
BRBDKHi,
existing computers either need to be removed during re-installation, or they need to be moved by a custom script. There is no other way. Once a machine is already present in an OU, it will not change to the new defined OU.
Please see the following links for reference:
Moving Computers in Active Directory during MDT Deployments – Step by Step
http://mdtcustomizations.codeplex.com/
If this post is helpful please click "Mark for answer", thanks! Kind regards -
How to select domain OU for "Apply Network Settings" task sequence step, based on the ip address.
We are finally getting ready to migrate from SCCM 2007 to 2012 R2.
Our current setup has 5 site servers with five OSD setups with boot media and Windows 7 task sequences.
I want to move all that to one site with a single OSD W7 task sequence.
The current, "apply network settings", step adds the workstation to one of five different OUs. The same with the "apply windows settings" step, we have five local admin passwords for five regions around the state.
I thought I might run five versions of each step and add a condition to each one that would only run if the machine was on the right subnet. Or the right Boundary group or maybe the right active directory site.
Currently I'm creating five boundary groups that I hope to detect by running a power script get-CmBoundaryGroup. Then apply the results maybe as a task sequence variable in the task steps options/Add Conditions.
Anybody have a better approach. Or alternate plan.Are you integrated with MDT? If so, you can use customsettings.ini to put machines into specific OUs based on the DefaultGateway.
See these links for ideas:
https://scriptimus.wordpress.com/2011/05/10/mdt-2010-joining-a-domain/
http://deploymentbunny.com/2012/04/21/back-to-basic-customsettings-ini-explained/
Jeff -
DNS working intermittently for non-domain joined machines
I have a small single Server 2012 based network, with about 90% windows clients. DNS is running on the Windows Server 2008 machine, but DHCP is provided via a unix based firewall machine. Within the DNS configuration I have all of my windows
clients (mostly Windows 8.x clients, but there are a few Windows 7 ones as well) and a few *nix ones as well. All of the Windows clients are domain joined, except for one machine which is currently running Windows 10 preview, though it was a Windows
7 machine originally. In the DNS configuration I have a number of statically entered A records, used to give my *nix machines a name on the local network.
When trying to access systems by name (via ping or by other services), there is a very consistent behavior - my domain joined machines are able to resolve all names 100% of the time without any issues. However, the non-domain joined machines, both
Windows and not, are consistently inconsistent. To be more precise, when I try to resolve a name it will randomly work and randomly not. IP setup and configuration looks correct, meaning they have valid IP, DNS is set to my Windows Server,
default gateway, etc. are all correct. Pinging external machines (ie google.com, etc.) works 100% of the time, but trying to ping any internal machine is a total crap shoot. The only exception to this is the Windows Server 2012 machine itself,
which always works.
From past experience I know that the moment I join a machine to the domain all of the DNS issues goes away, which is fine for the Windows boxes but not so much for the rest. I also have visitors occasionally come by, who I cannot expect to join my
domain just to make things work normally.
This network originally started life out as Windows Server 2003 domain, but was upgraded to 2012 about two months ago. I have been seeing this problem for years, but have always assumed it to be a Server 2003 issue and figured it would go away when
I upgraded. Nope...
Any ideas as to the cause of this and what I can do about it?
Thanks,
peterIts really weird - I can ping an address and not have it work, then do a NSLookup of the same address against my DNS server and it resolves just fine. Take a look at this screen copy below:
C:\Users\Peter>ping apollo.bakonet.local
Ping request could not find host apollo.bakonet.local. Please check the name and try again.
C:\Users\Peter>nslookup apollo.bakonet.local 192.168.124.9
Server: orac.bakonet.local
Address: 192.168.124.9
Name: apollo.bakonet.local
Address: 192.168.124.27
C:\Users\Peter>ping apollo.bakonet.local
Ping request could not find host apollo.bakonet.local. Please check the name and try again.
C:\Users\Peter>ipconfig /all |more
Windows IP Configuration
Host Name . . . . . . . . . . . . : Win10
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bakonet.local
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-21-CC-65-1B-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : A0-88-B4-A2-41-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : bakonet.local
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
Physical Address. . . . . . . . . : A0-88-B4-A2-41-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc47:8a91:6b25:bd0e%2(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.124.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 5, 2015 7:34:47 PM
Lease Expires . . . . . . . . . . : Tuesday, February 3, 2015 7:15:20 PM
Default Gateway . . . . . . . . . : 192.168.124.1
DHCP Server . . . . . . . . . . . : 192.168.124.1
DHCPv6 IAID . . . . . . . . . . . : 60852404
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C6-18-82-00-21-CC-65-1B-8F
DNS Servers . . . . . . . . . . . : 192.168.124.9
24.229.54.212
216.144.187.199
Primary WINS Server . . . . . . . : 192.168.124.9
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : EC-55-F9-F5-14-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Does this actually make sense? Obviously the DNS server is online, it works and when a lookup is requested directly it works, and the DNS server is listed as first in the IP configuration. So why would it not work?! -
I want to use SCCM 2012 R2 and OSD, to boot a bare metal machine, install and OS, and bind it to Active Directory. The catch is that I want the deployment process in SCCM to prompt for the following pieces of information, and then use that information to
bind the computer to Active Directory (W/O using MDT) instead of supply the data in the task sequence.
Computer Name
Domain
Domain OU
Domain Join Account
I am approaching this in a similar fashion as stated in this blog.
http://osdblog.com/2013/06/26/add-a-prompt-for-a-computer-name-in-your-sccm-deployment/
I have added the following collection variables to the unknown computers collection:
When I launch the task sequence, I am prompted as I would expect. I input the desired information, the deployment competes, but it does not bind to the domain. Here is what my TS looks like. I intentally disabbled the apply Network Settings step
because it forces you to enter specific information if it enabled. I don't want to that, thus why I am trying to use the variables.
My SMSTS log does not have a whole lot of meaningfull data, but I can post it if someone wants to see it. The only possible thing I could think of would be drivers, their are some driver errors in the log. However, if I turn on the Apply Networking setting
process in the task sequence and turn off the variables, the machines bind fine. With that in mind, I would not think my problem would be driver related. Anyone out there have expertise in using a process like this, that could assist?
--TonyAwesome! Thanks. One more thing, how should I supply the OSDJoinPassword variable? Should I just enter %OSDJoinPassword%
for Password and Confirm Password? I can not tell if it will actually read it as a variable or try to use "%OSDJoinPassword%" for
the actual password.
--Tony -
Autologon fails after MDT domain join.
I have a Post OS Installation Task setup that I've added the
Recover form Domain step to. I use this TS just to join the PC to our domain. When I run the TS the PC does join our domain correctly but after the reboot it tells me that the username or password is incorrect. I'm presented
with a logon prompt and the username is set to ".\Administrator". I simply type in our default local admin password (not changing the username) and the PC logs in and the TS finishes successfully. What has me confused is I've checked the unattend.xml
file and the username and password is correct, although the username is entered as just "Administrator". I'm pretty sure that the ".\" just refers to the local computer instead of a domain so I don't see what the problem is. Any suggestions
on this one?'Define Target Computer
strComputer = "."
'Set object values
Set oArguments = WScript.Arguments.Named
Set oShell = CreateObject("WScript.Shell")
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\CIMV2")
'Define ASCII Characters
chrSpace = Chr(32)
chrSingleQuote = Chr(39)
chrDoubleQuote = Chr(34)
'Show Script Usage
If (oArguments.Exists("?")) And (WScript.Arguments.Count = "1") Then
WScript.Echo(WScript.ScriptName & chrSpace & "Usage:" & _
vbCrLf & vbCrLf & _
"Script Interpreter: [cscript.exe] or [wscript.exe]" & _
vbCrLf & vbCrLf & _
"Script Location:" & chrSpace & chrDoubleQuote & Replace(oShell.CurrentDirectory & "\" & WScript.ScriptName, "\\", "\") & chrDoubleQuote & _
vbCrLf & vbCrLf & _
"Optional Arguments:" & _
vbCrLf & vbCrLf & _
"[/JoinDomain]" & chrSpace & "And" & chrSpace & "[/Domain:" & chrDoubleQuote & "MyDomain.com" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/JoinWorkgroup]" & chrSpace & "And" & chrSpace & "[/WorkGroup:" & chrDoubleQuote & "MyWorkGroup" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/Rename]" & chrSpace & "And" & chrSpace & "[/Name:" & chrDoubleQuote & "MyDeviceName" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/SvcAcctDmn:" & chrDoubleQuote & "MyDomain" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/SvcAcct:" & chrDoubleQuote & "MyDomain\MySvcAcct" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/SvcAcctPw:" & chrDoubleQuote & "MySvcAcctPw" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/UnjoinDomain]" & _
vbCrLf & vbCrLf & _
"[/Restart]")
WScript.Quit
End If
'Define Required Arguments
argDomain = Trim(UCase(oArguments.Item("Domain")))
argWorkGroup = Trim(UCase(oArguments.Item("Workgroup")))
argSvcAcct = Trim(UCase(oArguments.Item("SvcAcct")))
argSvcAcctDmn = Trim(UCase(oArguments.Item("SvcAcctDmn")))
argSvcAcctPw = oArguments.Item("SvcAcctPw")
'Define Optional Arguments
If (oArguments.Exists("Name")) Then
argName = Left(oArguments.Item("Name"), 15)
argName = Trim(UCase(argName))
End If
'Define Variables
'Amount of seconds to wait "Change the first number only as WScript.Sleep method expects the value in milliseconds."
intSeconds = Int(15 * 1000)
'Gather Information From WMI
'Query #1 - Win32_BIOS
Set oBIOS = oWMI.ExecQuery("Select * From Win32_BIOS")
If (oBIOS.Count > 0) Then
For Each oItem In oBIOS
If Not IsNull(oItem.SerialNumber) Then
strSerialNumber = Left(oItem.SerialNumber, 15)
strSerialNumber = Trim(UCase(strSerialNumber))
End If
Next
End If
'Query #2 - Win32_OperatingSystem
Function RestartDevice
Set oWMI = GetObject("winmgmts:{(Shutdown)}//" & strComputer & "/root/cimv2")
Set oOperatingSystem = oWMI.ExecQuery("Select * From Win32_OperatingSystem")
If (oOperatingSystem.Count > 0) Then
For Each oItem In oOperatingSystem
If (oItem.Primary = True) Then
RestartDevice = oItem.Reboot()
End If
Next
End If
End Function
'Query #3 - Win32_ComputerSystem
Set oComputerSystem = oWMI.ExecQuery("Select * From Win32_ComputerSystem")
'Process the collection only if the query has results
If (oComputerSystem.Count > 0) Then
'Begin a for loop on the collection
For Each oItem In oComputerSystem
'Determine the value of the "DNSHostName" property
If Not IsNull(oItem.DNSHostName) And Not IsNull(oItem.Domain) Then
strDNSHostName = Trim(UCase(oItem.DNSHostName & "." & oItem.Domain))
End If
'Determine the value of the "Domain" property
If Not IsNull(oItem.Domain) Then
strDomain = Trim(UCase(oItem.Domain))
End If
'Determine the value of the "PartOfDomain" property
If Not IsNull(oItem.PartOfDomain) Then
strPartOfDomain = Trim(UCase(oItem.PartOfDomain))
End If
'Determine the value of the "Name" property
If Not IsNull(oItem.Name) Then
strComputerName = Trim(UCase(oItem.Name))
End If
'Determine the value of the "Username" property
If Not IsNull(oItem.UserName) Then
strDomainUserName = Trim(oItem.UserName)
If InStr(oItem.UserName, "\") > 0 Then
strUserName = Mid(oItem.UserName, InStr(oItem.UserName, "\") + 1)
strUserName = Trim(strUserName)
End If
End If
'Determine the value of the "Workgroup" property
If Not IsNull(oItem.Workgroup) And (oItem.PartOfDomain = False) Then
strWorkgroup = Trim(UCase(oItem.Workgroup))
End If
'Rename the device using the name specified in ArgName (Specified name will be truncated to 15 characters for computer name limit)
If (oArguments.Exists("Rename")) And (oArguments.Exists("Name")) And Not (ArgName = "") Then
RenameDevice = oItem.Rename(argName, argSvcAcct, argSvcAcctPw)
WScript.Sleep(intSeconds)
If (RenameDevice = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successfully renamed to" & chrSpace & chrDoubleQuote & argName & chrDoubleQuote & "." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was not renamed successfully." & chrSpace & "(" & RenameDevice & ")" & "." & vbCrLf)
WScript.Quit(RenameDevice)
End If
'Rename the device using its serial number truncated to 15 characters for computer name limit
ElseIf (oArguments.Exists("Rename")) And Not (oArguments.Exists("Name")) Then
RenameDevice = oItem.Rename(strSerialNumber, argSvcAcct, argSvcAcctPw)
WScript.Sleep(intSeconds)
If (RenameDevice = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successfully renamed to" & chrSpace & chrDoubleQuote & strSerialNumber & chrDoubleQuote & "." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was not renamed successfully." & chrSpace & "(" & RenameDevice & ")" & "." & vbCrLf)
WScript.Quit(RenameDevice)
End If
End If
'Remove device from the Domain
If (strPartOfDomain = "TRUE") And (oArguments.Exists("UnjoinDomain")) Then
UnjoinDomain = oItem.UnjoinDomainOrWorkgroup(argSvcAcctPw, argSvcAcct)
WScript.Sleep(intSeconds)
If (UnjoinDomain = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successfully removed from the" & chrSpace & chrDoubleQuote & strDomain & chrDoubleQuote & chrSpace & "domain." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was unsuccessful" & chrSpace & "(" & UnjoinDomain & ")" & chrSpace & "in being removed from the" & chrSpace & chrDoubleQuote & strDomain & chrDoubleQuote & chrSpace & "domain." & vbCrLf)
WScript.Quit(UnjoinDomain)
End If
End If
'Join the specified Domain
If (strPartOfDomain = "FALSE") And (oArguments.Exists("JoinDomain")) And (oArguments.Exists("Domain")) And Not (argDomain = "") And Not (oArguments.Exists("JoinWorkGroup")) Then
Const Join_Domain = 1
Const Acct_Create = 2
Const Win9x_Upgrade = 16
Const Domain_Join_If_Joined = 32
Const Join_Unsecure = 64
Const Machine_Password_Passed = 128
Const Deferred_Spn_Set = 256
Const Install_Invocation = 262144
fJoinOptions = Join_Domain + Acct_Create
JoinDomain = oItem.JoinDomainOrWorkgroup(argDomain, argSvcAcctPw, argSvcAcct, Null, fJoinOptions)
WScript.Sleep(intSeconds)
If (JoinDomain = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successful in joining the" & chrSpace & argDomain & chrSpace & "domain." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was unsuccessful" & chrSpace & "(" & JoinDomain & ")" & chrSpace & "in joining the" & chrSpace & chrDoubleQuote & argDomain & chrDoubleQuote & chrSpace & "domain." & vbCrLf)
WScript.Quit(JoinDomain)
End If
End If
'Join the specified Workgroup
If (strPartOfDomain = "FALSE") And (oArguments.Exists("JoinWorkGroup")) And (oArguments.Exists("WorkGroup")) And Not (argWorkGroup = "") And Not (oArguments.Exists("JoinDomain")) Then
JoinWorkGroup = oItem.JoinDomainOrWorkgroup(argWorkgroup, argSvcAcctPw, argSvcAcct, Null, 0)
WScript.Sleep(intSeconds)
If (JoinWorkGroup = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successful in joining the" & chrSpace & argWorkgroup & chrSpace & "workgroup." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was unsuccessful" & chrSpace & "(" & JoinWorkgroup & ")" & chrSpace & "in joining the" & chrSpace & chrDoubleQuote & argWorkgroup & chrDoubleQuote & chrSpace & "workgroup." & vbCrLf)
WScript.Quit(JoinWorkGroup)
End If
End If
Next
End If
'Provide information about the device
If (oArguments.Exists("Info")) Then
If Not (strDNSHostName = "") Then
WScript.Echo("FDQN:" & chrSpace & strDNSHostName & vbCrLf)
End If
If Not (strDomain = "") Then
WScript.Echo("Domain:" & chrSpace & strDomain & vbCrLf)
End If
If Not (strPartOfDomain = "") Then
WScript.Echo("Currently joined to a domain:" & chrSpace & strPartOfDomain & vbCrLf)
End If
If Not (strComputerName = "") Then
WScript.Echo("Computer name:" & chrSpace & strComputerName & vbCrLf)
End If
If Not (strDomainUserName = "") Then
WScript.Echo("Current Username w/ Domain:" & chrSpace & strDOmainUserName & vbCrLf)
End If
If Not (strUserName = "") Then
WScript.Echo("Current Username w/o Domain:" & chrSpace & strUserName & vbCrLf)
End If
If Not (strWorkgroup = "") And (strPartOfDomain = "FALSE") Then
WScript.Echo("Workgroup:" & chrSpace & strWorkgroup & vbCrLf)
End If
End If
'Optionally Restart Device
If (oArguments.Exists("Restart")) Then
Call RestartDevice
End If
If you use this script at the end of your task sequence, it will complete the domain join. Working and tested successfully.
1. You need to remove Domain Information from Unattend.xml files for MDT so that it cannot write the variables to these sections and join the computer to the domain too early.
2. Create a Task Sequence Group
3. Create a "Run Command Line" Task Sequence Step
3a. Name the step as the following
Join "%OSDDomainName%" Domain as "%OSDJoinAccount%"
3b. Run the following command
cscript.exe "%SCRIPTROOT%\Custom-ZTIDomainJoin.vbs" /JoinDomain /Domain:"%OSDDomainName%"
/SvcAcct:"%OSDJoinAccount%" /SvcAcctPw:"%OSDJoinPassword%"
3c. Place the following conditions on it
If All Conditions Are True
Task Sequence Variable HostName equals %SerialNumber%
Task Sequence Variable IsVM equals False
This script can rename, join workgroup, join domain, unjoin domain, and restart the device all based on arguments
@Microsoft Import this into MDT somehow because the post DomainJoin functionality does not appear to work for my environment, but of course, this could be my environment, but hopefully this helps somebody! -
Media based deployment for Refresh and New Computer
Hi ,
I am looking for some pointers for using media based deployment for refresh scenario (xp to Win 7 with USMT) and new computer deployment (without OS).
Setup we have is Configuration manager 2012 R2 integrated with MDT 2013.
I need some pointers on below:
- Since its winxp to win 7 and its boot images that comes with (ADK 8.1) confi. manager 2012 R2 doesn't support it. Article says we need WINPE 3.1 for such scenario. Since its MDT 2013 (again ADK 8.1 boot images only), how do generate WinPE 3.x for
MDT based boot image?
- Since it is going to be 2 deployment scenarios, do i need to have 2 separate TS (one for new computer and 2nd for USMT based deployment for refresh scenaro) or is there anyway to manage both scenarios with 1 TS?
- If we need to have 2 TS, do we need to have 2 media created or 1 media can have both TS (like in MDT we have selectionprofile with multiple TS and then media created including both TS)
Looking for some options to deal such scenario. Thanks
Regards,Check out this blog post also:
http://blogs.technet.com/b/configmgrteam/archive/2013/09/12/how-to-migrate-user-data-from-win-xp-to-win-8-1-with-system-center-2012-r2-configmgr.aspx
Jason | http://blog.configmgrftw.com
Maybe you are looking for
-
How to execute a javascript function in the body onload?
Hi everyone! As you know in the HTML body attribute. You must specify the value of onload What is the correct sintaxis for execute a function since in the onload body? I only want to do some like this, but only I do it in APEX: <body onload ="javascr
-
The Fn down and up keys no longer adjust the screen brightness... the brightness icon and bars appear but it has no effect on the actual brightness of the screen. Setting the power management in the Lenovo energy managment screen also has no effect..
-
How to update position (change job)
Dear All, Please let me know how can we update an existing position which is used by employees. The problem here is that we need to change the job associated with the position. Thanks in advance, Avinash
-
OracleBI Discoverer Version 10.1.2.55.26 hanging
i have the OracleBI Discoverer Version 10.1.2.55.26 and after enteriing the +Connect To , User name, Password and Database and press Go, it displays the next page Account Details: Select Responsibility and after press continue button , the white pag
-
DVD authoring problems since adding external drive-coincidence or problem
I've connected an external drive to home unit to store footage. I feel this external is a little slow compared to my Mac but not sure how to find out. Anyway, I create mpv files for DVD authoring. Same process as always EXCEPT the external housed foo