Solved: Problems joining domain with win 10 1803 using mdt and server 2008 R2 standard.

2018-10-22

Question

_{Monday, October 22, 2018 11:13 AM}

Hi!

Hope anybody out there take the time to look through all this and can see my problem :)

I'm a network administrator from a company in Norway. Our domain, lets say company.no(no nordic letters).

Successful deployment: Creating custom images, that is windows 7 Pro 64 bit with custom programs for our company, with WDS and only WDS on Server 2008 R2 standard. 100% automatic installation including answer file and domain membership. Automatically putting the computers in the right OU (<City>\Computers) and automatically creating computers names, like "xxxxxx%03#", forcing the computer to get xxxxxx0xx if the number after "0" is available in the domain.

This has worked perfectly for three years now, but now it's time to deploy win 10 64 bit.

I hope you can answer me if you're pretty sure what the problem is.

What i've done so far:

Still using server 2008 R2 Standard, but now I've installed MDT with Deployment Workbench to create boot image and inject network- and graphic drivers to the boot image.

Using a win 10 test computer, installed necessary programs the company uses(except antivirus), sysprep'ed the installation(using powershell to remove apps, so it should be 100% success) and captured the installation to create a windows image, using WDS.

So far, so good. Here comes the differences from the win 7 installation:

Using Deployment Workbench to import the win 10 windows image getting drivers to inject to the lite touch boot image, creating a complete task sequence where i've deselected the task which I think(?) is not necessary, updating the answer file and the customsettings.ini file with custom info and updating the deployment share.

I've also delegated control to the Computers OU for our domain admin(the same admin I used for joining the win 7 computers to the domain, with success).

My customsettings.ini file looks like this:

[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Company AS
OSInstall=YES
UserDataLocation=AUTO
TimeZoneName=Central European Time
AdminPassword=
JoinDomain=company.no
DomainAdmin=company\domainadmin>
DomainAdminPassword=<password with small and large letters, numbers and symbols>
MachineObjectOU=OU=city,OU=computers,DC=company,DC=no
DomainErrorRecovery=AUTO
SLShare=\mdt-server\Win10_Deployment$\Logs
ScanStateArgs=/ue:*\ /ui:company\
USMTMigFiles001=MigApp.xml
USMTMigFiles002=MigUser.xml
HideShell=YES
ApplyGPOPack=NO
//WSUSServer=mdt-server.company.no:8530
SkipAppsOnUpgrade=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=YES
OSDComputerName=XXXXXX%03#
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=YES
SkipBitLocker=YES
SkipSummary=YES
SkipCapture=YES
SkipFinalSummary=NO
EventService=http://MDT-SERVER:9800

I have not set up an own task in task sequence for joining the domain(link to ZTIDomainJoin.wsf(local path: cscript.exe "%SCRIPTROOT%\ZTIDomainJoin.wsf" or network path: cscript.exe "\mdt-server\deploymentshare\scripts\ZTIDomainJoin.wsf"? Tried both...)), the info is only here in the customsettings.ini file. I've tried of course but no help. No info about joining domain in the answer file either. I've read about different priorities, for example answer file count less than customsettings.ini, customsettings.ini count less than task sequence, but no matter where I put the dominjoin info, it doesnt help. I've tried setting the task at the end with restart...no help.

Here is the bootstrap.ini file:

[Settings]
Priority=Default

[Default]
DeployRoot=\mdt.server\Win10_Deployment$
UserDomain=company.no
UserID=domainadmin
UserPassword=<thesamepasswordasinthecsinifile>

SkipBDDWelcome=YES

Answer file, unattend.xml. For now, no info about joining domain:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<ImageInstall>
<OSImage>
<WillShowUI>OnError</WillShowUI>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
<InstallFrom>
<Path>.\Operating Systems\OP3050Win10x64\OP3050Win10x64.WIM</Path>
<MetaData>
<Key>/IMAGE/INDEX</Key>
<Value>1</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
<ComplianceCheck>
<DisplayReport>OnError</DisplayReport>
</ComplianceCheck>
<UserData>
<AcceptEula>true</AcceptEula>
<ProductKey>
<Key></Key>
</ProductKey>
</UserData>
</component>
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<Identification>
<Credentials>
<Username></Username>
<Domain></Domain>
<Password></Password>
</Credentials>
<JoinDomain></JoinDomain>
<JoinWorkgroup></JoinWorkgroup>
<MachineObjectOU></MachineObjectOU>
</Identification>
</component>
<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Home_Page>https://company.no</Home_Page>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Description>EnableAdmin</Description>
<Order>1</Order>
<Path>cmd /c net user Administrator /active:yes</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>UnfilterAdministratorToken</Description>
<Order>2</Order>
<Path>cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>disable user account page</Description>
<Order>3</Order>
<Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>disable async RunOnce</Description>
<Order>4</Order>
<Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer /v AsyncRunOnce /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-TapiSetup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TapiConfigured>0</TapiConfigured>
<TapiUnattendLocation>
<AreaCode>""</AreaCode>
<CountryOrRegion>1</CountryOrRegion>
<LongDistanceAccess>9</LongDistanceAccess>
<OutsideAccess>9</OutsideAccess>
<PulseOrToneDialing>1</PulseOrToneDialing>
<DisableCallWaiting>""</DisableCallWaiting>
<InternationalCarrierCode>""</InternationalCarrierCode>
<LongDistanceCarrierCode>""</LongDistanceCarrierCode>
<Name>Default</Name>
</TapiUnattendLocation>
</component>
<component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DisableSR>1</DisableSR>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMName />
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<UserAccounts>
<AdministratorPassword>
<Value>QQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
</UserAccounts>
<AutoLogon>
<Enabled>true</Enabled>
<Username>Administrator</Username>
<Domain>.</Domain>
<Password>
<Value>UABhAHMAcwB3AG8AcgBkAA==</Value>
<PlainText>false</PlainText>
</Password>
<LogonCount>999</LogonCount>
</AutoLogon>
<Display>
<ColorDepth></ColorDepth>
<HorizontalResolution></HorizontalResolution>
<RefreshRate></RefreshRate>
<VerticalResolution></VerticalResolution>
</Display>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>wscript.exe %SystemDrive%\LTIBootstrap.vbs</CommandLine>
<Description>Lite Touch new OS</Description>
<Order>1</Order>
</SynchronousCommand>
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<ProtectYourPC>2</ProtectYourPC>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
</OOBE>
<RegisteredOrganization>Company AS</RegisteredOrganization>
<RegisteredOwner>Optiplex 3050 WIn 10 x64</RegisteredOwner>
<TimeZone></TimeZone>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DriverPaths>
<PathAndCredentials wcm:keyValue="1" wcm:action="add">
<Path>\Drivers</Path>
</PathAndCredentials>
</DriverPaths>
</component>
</settings>
<cpi:offlineImage cpi:source="catalog://mdt-server/win10_deployment$/operating systems/op3050win10x64/op3050win10x64_op3050 win10 x64.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

All replies (6)

_{Monday, October 22, 2018 11:18 AM}

Case continues:

When running this config everything seems to work fine, but at the end I get the following summary in yellow frame:

Success. Operating system deployment completed successfully. The computer is now ready to use.

During the deployment process, 14 errors and 1 warnings were reported.

Details:

14 x The netowrk path was not found.

1 x ZTIDomainJoin has attempted to join domain [company.no] too many times. Count = 4

When i push Finish it goes through auto login to the local administrator's desktop. That's also one of the things, I don't want administrator to auto login, I dont even want it to activate. Activate=NO in answer file?

I already set up a user called admin when I installed the test computer the first time and sysprep'ed it, so I dont want an active administrator in addition.

Besides not joining domain, the computer hasn't even got the custom computer name.

I was also thinking about DNS, because if I try to join domain manually I first have to set the two internal DNS addresses we use here. Then I can join domain manually. If I set up "configure DNS" after post install in the task sequence, it sets up the two DNS addresses, but it still won't join domain.

What am I doing wrong? What is the thing with windows 10 which is not with windows 7?

I'm sure I have retried at least 50 times now without perfect installation...

I appreciate any help ;)

_{Tuesday, October 23, 2018 1:43 PM}

Hi,

According to your description, you can try to change SkipAdminPassword=YES to NO. Then you will not auto log into as an admin.

Best

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

_{Wednesday, October 24, 2018 6:18 AM}

Hi,

Yeah, I changed to that now, but the thing is that I don't want the local administrator to be active and be able to log in at all.

I have already got a user "admin" active with administrator rights, so I don't need the built in one to be active.

When I installed the win 10 image I never activated that user. So I want it to be like that. iIt activeates by itself.

Thank you for your answer though :)

Got any clues about the domain problems?

_{Friday, November 9, 2018 8:49 AM}

Hi,

You can look at %SystemRoot%\Debug\NetSetup.log. This file will tell you why a Domain Join is failing and should point you in the right direction to understand what's wrong.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

_{Tuesday, November 13, 2018 8:59 AM}

I finally solved it by using a Powershell script and run it as a command line in task sequence.

So the domain joining itself is solved, but after joining domain at the end the task sequence and installation doesn't seem to be finished, since I don't get any report. It goes directly to login page for the domain admin. What happens next is if I restart the computer the login for local administrator appears saying that the account is blocked... Why?

Besides, if I try to run a new deployment I first get a message saying that "the previous deployment task didn't seem to finish..." or something like that.

I guess it has something to do with some administrator settings in the answer file:

Maybe this:

...or this...

...or maybe none of those ;)

Any clues?

_{Wednesday, November 21, 2018 7:25 AM}

Hi again!

Thanx for all the answers in here :-P

Well, I found out why it wouldn't finish with a report at the end. I had to move the join domain task one step out in the task sequence hierarchy. At first it was below the "state restore" group at the end, something I didn't notice in the beginning, but I moved it out as an own group, and it finished with a report.

So now I get only one error feedback in the report, telling me the "Network path was not found". Besides, when I click the finish button the computer auto logon into the local admin desktop. I don't want that. I want it to stop at the login page where I can log in to the domain admin.

I guess it still has something to do with the unattend file settings above here. I tried to remove these "RunSynchronous" settings but then the deployment finished with the "new user welcome page".

Anybod who knows?

Share via

Solved: Problems joining domain with win 10 1803 using mdt and server 2008 R2 standard.

Question

All replies (6)

Additional resources