3 Replies Latest reply on Sep 27, 2011 8:22 AM by EMiranda

    Provisioning - Join Domain Fails

    Rookie

      I don't know what is going on now.  I find the Join Domain function within Provisioning to be very in-consistent.  Although, currently it is consistently failing.

       

      The imaging process works fine.  We have imaged 5-10 servers with this process already but now we are stuck.  No matter what I try I cannot get the Jopin Domain task to complete successfully.

       

      I have tried the following:

      • Service account has full permissions on all computer objects within the top level OU that we have this machine located in.
      • Gave the service account direct permissiosn on the computer object itself in AD
      • Service account was given domain Admin rights
      • Tried with another Domain Admin user account instead of the variables that are stored within LANDesk

       

      I can manually join the machine to the domain on the physical machine itself with any of the accounts above.  Just will not process inside the provisioning script itself.

       

      Is there any more detailed log files that I can find that may show WHY is it failing?  The provisioning task just says FAILED.  On the machine itself, the provisiojing console says FAILED.  but nothing says access denied, or anything like that.  Is there a log file that may show the actual command that is being run and the result?

      Thanks

      Derek

        • 1. Re: Provisioning - Join Domain Fails
          Rookie

          To add to this issue... The machine we are trying to join is Server 2008 R2.


          If I don't pre-create the Computer object in AD before running this task, it completes and joins the domain properly.

          If I pre-create the Compuiter object and put it in the Computers OU (the catch-all in AD), it completes and joins the domain properly.

           

          This leads me to think there are some permission issues on the OU that we want it to go in, howver, we were able to join these machines successfuly about a month ago.  The other thing that makes this conslusion not make sense is that I have placed a Windows 7 machine in the exact same OU that I went this server to live in and it successfully images, joins the domain, all fine and dandy with the very same account as we are using for the server.

           

          Maybe someone knows of an issue with Server 2008 machines joining the domain?

           

          Basically, I cannot get LANDesk to join the server 2008 image to the domain, if the computer object is pre-created in our desired OU.

          • Outside that OU, it is fine. 
          • Manually joining to the domain with the object pre-created in the proper OU is also fine.
          • Workstations running on Win7 are fine as well anywhere in our AD structure.

           

          Somebody has got to know where some log files are that I can see what commands are running as it goes through the provisioing scripts and what errors are being returned.

          • 2. Re: Provisioning - Join Domain Fails
            Apprentice

            Hi FYidoctors

             

            We are using a vbs file to join the domain, we found the landesk option to be absolutly useless! 

             

            Obviously alter

            **DOMAINNAME** with the name of your domain (i.e "Microsoft")

            **PASSWORDTOADD** with the domain users password (user must have add to domain rights)

            **USERTOADD** with the domain username to add machines to the domain

            **OU** with the OU you wish to put the machine into (i.e.Reprographics)

            **DC** with the DC details (I.e. DC=Alberta, DC=Microsoft)

             

            Scropt is:

            ' JoinDomain.vbs
            ' VBScript program to join a computer to a domain.
            ' The computer account is created in Active Directory.
            ' The computer must have XP or above.
            ' The AD must be W2k3 or above.
            ' See c:\Windows\debug\NetSetup.log for details.

            Option Explicit

            Dim strDomain, strUser, strPassword
            Dim objNetwork, strComputer, objComputer, lngReturnValue
            Dim strOU

            Const JOIN_DOMAIN = 1
            Const ACCT_CREATE = 2
            Const ACCT_DELETE = 4
            Const WIN9X_UPGRADE = 16
            Const DOMAIN_JOIN_IF_JOINED = 32
            Const JOIN_UNSECURE = 64
            Const MACHINE_PASSWORD_PASSED = 128
            Const DEFERRED_SPN_SET = 256
            Const INSTALL_INVOCATION = 262144

            strDomain = "**DOMAINNAME**"
            strPassword = "**PASSWORDTOADD**"
            strUser = "**USERTOADD**"
            strOU = "ou=**OU**,dc=**DC**,dc=**DC"

            Set objNetwork = CreateObject("WScript.Network")
            strComputer = objNetwork.ComputerName

            Set objComputer = GetObject("winmgmts:" _
            & "{impersonationLevel=Impersonate,authenticationLevel=Pkt}!\\" & _
            strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
            strComputer & "'")

            lngReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
            strPassword, strDomain & "\" & strUser, strOU, _
            JOIN_DOMAIN + ACCT_CREATE)

             

            We inject the script at the end of the Post OS configuration (Just before we run CTOS).  Then we execute it as one of the first tasks in System Configuration (After we install LANDesk)

             

            Hope this opens up another option for you.


            Dave H

            1 of 1 people found this helpful
            • 3. Re: Provisioning - Join Domain Fails
              EMiranda Expert

              Agree with DavHay, WMI and netdom are far superior ways to join the computer to the domain over the Join Domain action in the template.