For those of us brave enough to run in a dual environment, we have all run into challenges imaging a computer and making it join the AD domain without having to either explain to an end user how to do it, or going out ourselves and touching every machine. Isn’t the whole point of ZENworks to automate as many processes as are possible?
I have read many articles and tips on how to achieve this, but no one of them seemed to meet my needs. This is my own version of it. This is not to say that any of the other information out there is bad or inaccurate, this is just how I accomplished it. Hope it helps someone else.
Domain membership is achieved by using a script file that joins the computer using the Microsoft netdom command. Netdom.exe can be found on the “NetLogon” share on any domain controller. You will also need “AUTOEXNT”. This utility allows you to run a simple .bat file as a Windows service.
The trick is, knowing how to time the script so that it runs after sysprep (if you are using it) has completed all of its tasks, and after ZEN has restored the image safe data. You do not want this process to run until the workstation name has been restored and the computer has been restarted.
When the mini setup runs it does not start anything but essential windows services, so you don’t have to worry about this step happening here. Once it has installed the drivers, generated the random workstation name, and done anything else it has been told to do it will restart the computer. This is when ZEN will begin restoring the image safe data and where our process begins.
First copy the following files to c:\windows\system32
The application can be downloaded from the Microsoft website, the batch files you will need to create. Install the service by typing without quotes “instexnt install” at a command prompt. It is best to do this as a last step before you run sysprep. That way you don’t have to worry about one of these processes happening before you want it to.
AUTOEXNT will run at system startup, not user login, a batch file called “autoexnt.bat” During the first real boot of the computer the name is restored, so we don’t want to join the domain just yet. I created a three batch files to accomplish this. On the first boot while ZEN is doing its tasks autoexnt.bat calls rename.bat.
“File contents autoexnt.bat”
“File contents rename.bat”
rename %WINDIR%\system32\autoexnt.bat autoexnt.old
rename %WINDIR%\system32\autoexnt2.bat autoexnt.bat
This replaces the current autoexnt.bat with one that will have the join domain script. This script will run after the computer reboots. The rename.bat file is because the process kept failing. I guessed that it was due to an open file condition and made the first autoexnt.bat call rename.bat. This fixed my problem.
Now that ZEN has completed its job the system will restart and the second file will run
“File contents autoexnt2.bat now renamed to autoexnt.bat”
net use z: /delete
net use z: \\”DC NAME”\netlogon “PASSWORD” /user:”DOMAIN”\”USERNAME”
z:\netdom join %ComputerName% /domain:”DOMAIN” /userd:”USERNAME” /passwordd:”PASSWORD”
sc config autoexnt start= disabled
shutdown /r /f /t 0
This script will make sure there is no drive Z mapped, map drive Z to the netlogon share of your domain controller, join the domain with the specified credentials, disable the autoexnt service so it does not continue to run on subsequent start ups, and restart the computer. Make sure the username you specify has rights to add and remove computers from your domain, and of course remove all “” from the script.
Once the computer comes back up you should be able to login to your domain. This process will work with or without sysprep, so you don’t have to use it if you don’t want to, this was just how we did it. It has worked both ways.