MachineObjectOU Setting doesnt work for me

G

Guest

Hi,

we are having a few problems with sysprep. We use PXE-Boot to deploy
prepared Images using Ghost with sysprep to roll out a massive amount of
workstations (>5000). Sysprep is able to join the domain using the
JoinDomain, DomainAdmin and DomainAdminPassword settings under the
Identification Section. But as soon as we use the MachineObjectOU setting,
sysprep is unable to join the computer to the domain, or if a computer
account already exists, to move it to the specified OU.

We created a seperated account to be used as DomainAdmin and delegated Full
Control to the specific OU. An interactive join using this account is
possible.

Anyone able to help? Thanks a lot.

Mike
 
J

Johan Arwidmark

Sysprep cannot move an existing computer account into another OU, you
will have to create an ADSI script (which you should execute after
laying down the image in winpe but before booting into sysprep
minisetup) that moves the computer to the correct OU.

The following permissions should be assigned for the joinaccount (add
via the security tab, advanced button)

Scope: This object and all child objects is selected
Create Computer objects
Delete Computer objects

Scope: Computer objects
Read All Properties
Write All Properties
Read Permissions
Modify Permissions
Change Password
Reset Password
Validated write to DNS host name
Validated write to service principal name


regards

Johan Arwidmark
Microsoft MVP - Setup/Deployment
 
G

Guest

Hi,

thanks for the information. But it doesnt work with new computer accounts
either. I tried a new computername (and SID) which never existed before. I
also tried to use the "administrator" account as DomainAdmin in sysprep.inf.
Did not help either.

The permission should be useful, as we delegated full control on computer
objects to our joinaccount. I we are able to get MachineObjectOU working, we
will use your permission set.

thanks,
Mike
 
J

Johan Arwidmark

Full control on computer object is no enough,,, you need to allow for
creation of new computer objects as welll... and my list I have to
scopes, you need to add them both, and hit ok in between...

Be careful to select the correct scope when adding permissions...

also the C:\windows\debug\netsetup.log file is very helpful when
troubleshootin join domain issues


regards

Johan Arwidmark
Microsoft MVP - Setup/Deployment
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

sysprep ignoring computer name 1
Computer cannot automatically join domain with SYSPREP.INF paramet 3
Using Sysprep to Join Domain 5
Sysprep'ed machine hangs when joining domain 1
Sysprep not working 1
XP Pro - Account Unknown... but not really 2
Sysprep Hangs 2
Sysprep not reading part of sysprep.inf 1

Top