Offline domain join

The Offline domain join step is used to join a computer to an Active Directory (AD) domain. The needed AD computer account will be created by the DeployR service, so the DeployR service account (typically the computer account) needs to be delegated the rights to perform this action. The resulting "offline domain join" blob is sent back to the device and injected to complete the join process.

Specify the naming pattern to use for the computer, the domain name (DNS), and optionally the OU path (e.g. "OU=My Computers"). Note that Windows does not support specifying containers (e.g. "CN=Computers", which is the default if no OU is specified).

For the computer naming pattern, any valid task sequence variable can be specified in the name, using the "%VARIABLENAME%" mechanism. You can also specify substrings from that value. Some examples:

%SERIALNUMBER:10% will select the first 10 characters of the SERIALNUMBER task sequence variable.
%MAKE:-5% will select the last 5 characters of the MAKE task sequence variable.
%RAND:8% will generate a random number eight digits long.

Note that the resulting computer name should be a valid Windows computer name (no spaces, limited special characters). If more complex names are required, these can be generated via a script that sets the COMPUTERNAME task sequence variable. When that value is set, it will override whatever is configured in this step.

If no computer name value is specified, "PC-%RAND:8%" will be used as a default.

To grant the DeployR server rights to join workstations to a domain:

Open Group Policy Management on a system that has it installed.
Double-click the name of the forest, double-click Domains, double-click the name of the domain in which you want to join a computer, right-click Default Domain Policy, and then click Edit.
In the console tree, double-click Computer Configuration, double-click Policies, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click User Rights Assignment.
In the details pane, double-click Add workstations to domain.
Select the Define these policy settings check box, click Add User or Group, and then click on Browse on the Add User or Group window.
On the Select Users, Computers, Service Accounts, or Groups window, click on Object Types, select Computers, and then click OK.
Type the name of the DeployR server, and then click OK twice.

The DeployR server should now have rights to join workstations to the domain.

Note: If the computer name specified already exists in Active Directory, the offline domain join will fail. This is a security precaution today, to ensure that the wrong computer is not disabled.

PreviousInstall updates NextPrepare for capture

Last updated 18 days ago