Cool Solutions

Auto Join Computer to AD Domain


February 22, 2008 9:19 pm





For those of us brave enough to run in a dual environment, we have all run into challenges imaging a computer and making it join the AD domain without having to either explain to an end user how to do it, or going out ourselves and touching every machine. Isn’t the whole point of ZENworks to automate as many processes as are possible?

I have read many articles and tips on how to achieve this, but no one of them seemed to meet my needs. This is my own version of it. This is not to say that any of the other information out there is bad or inaccurate, this is just how I accomplished it. Hope it helps someone else.

Domain membership is achieved by using a script file that joins the computer using the Microsoft netdom command. Netdom.exe can be found on the “NetLogon” share on any domain controller. You will also need “AUTOEXNT”. This utility allows you to run a simple .bat file as a Windows service.

The trick is, knowing how to time the script so that it runs after sysprep (if you are using it) has completed all of its tasks, and after ZEN has restored the image safe data. You do not want this process to run until the workstation name has been restored and the computer has been restarted.

When the mini setup runs it does not start anything but essential windows services, so you don’t have to worry about this step happening here. Once it has installed the drivers, generated the random workstation name, and done anything else it has been told to do it will restart the computer. This is when ZEN will begin restoring the image safe data and where our process begins.

First copy the following files to c:\windows\system32


The application can be downloaded from the Microsoft website, the batch files you will need to create. Install the service by typing without quotes “instexnt install” at a command prompt. It is best to do this as a last step before you run sysprep. That way you don’t have to worry about one of these processes happening before you want it to.

AUTOEXNT will run at system startup, not user login, a batch file called “autoexnt.bat” During the first real boot of the computer the name is restored, so we don’t want to join the domain just yet. I created a three batch files to accomplish this. On the first boot while ZEN is doing its tasks autoexnt.bat calls rename.bat.

“File contents autoexnt.bat”
call rename.bat

“File contents rename.bat”
rename %WINDIR%\system32\autoexnt.bat autoexnt.old
rename %WINDIR%\system32\autoexnt2.bat autoexnt.bat

This replaces the current autoexnt.bat with one that will have the join domain script. This script will run after the computer reboots. The rename.bat file is because the process kept failing. I guessed that it was due to an open file condition and made the first autoexnt.bat call rename.bat. This fixed my problem.

Now that ZEN has completed its job the system will restart and the second file will run

“File contents autoexnt2.bat now renamed to autoexnt.bat”
net use z: /delete
net use z: \\”DC NAME”\netlogon “PASSWORD” /user:”DOMAIN”\”USERNAME”
z:\netdom join %ComputerName% /domain:”DOMAIN” /userd:”USERNAME” /passwordd:”PASSWORD”
cd \
sc config autoexnt start= disabled
shutdown /r /f /t 0

This script will make sure there is no drive Z mapped, map drive Z to the netlogon share of your domain controller, join the domain with the specified credentials, disable the autoexnt service so it does not continue to run on subsequent start ups, and restart the computer. Make sure the username you specify has rights to add and remove computers from your domain, and of course remove all “” from the script.

Once the computer comes back up you should be able to login to your domain. This process will work with or without sysprep, so you don’t have to use it if you don’t want to, this was just how we did it. It has worked both ways.

Download for Windows 2003 Resource Kit tools including AutoExNT service

MS Knowledge base article describing AutoExNT usage

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized


Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.


  1. By:nkrick

    We also use netdom.exe to join computers to the domain. But instead of registering a service to run a batch file to accomplish this, we use an add-on image to call netdom.exe directly that has a high run-order set on it so that it is the last add-on image to run during post-imaging steps.

    Windows XP computers have netdom.exe pre-installed in system32, so there is no need to map a drive to a domain controller.

    • By:anonymous


      How did you manage to do this? The only way to get the Add-On image to run before login is by having the workstation/OU associated with the original app that the add-on image was created from. If I don’t do this then I have to login before it will run the netdom add-on image i’ve created.



  2. By:gdoornenbal

    Great solution with the autoexnt tool! We used something similar with the autologin option, herefore we had to tweak much more, so this is much better!
    One security issue is that a file in c:\windows\system32 exists with a username and password from your domain..
    So we added a fourth batch file which removes the autoexnt.bat file, and which is started in a similar way as rename.bat.

    del C:\Windows\system32\autoexnt.bat
    del C:\Windows\system32\
    del C:\Windows\system32\autoexnt-rename.bat
    shutdown /r /f /t 5

    Unfortunately netdom.exe isn’t pre-installed in our environment, but we just copy the file to the system32 map and do not log in into our domain to start netdom.