We are working to leverage and change our OS deployment process to utilized LDMS 9.6 provisioning entirely.
Right now I am automating the base OS to gold image setup, but during that process I join the image to the domain.
The reason for doing this, is that I automatically distribute software and patches that we want to bake into the image.
The LANDESK agent accesses these resources using the local system account, which then translates into the Computer Domain account for resources over the network share.
When the Gold image is completed, I am uninstalling the LANDESK agent, then I run Sysprep with Generalize and shutdown.
I capture off that image, then use it to deploy a base production OS. OSD provisioning then joins the domain, installs the agent, run software installs that we do not bake, including any delta patching, along with HII, etc.
So far all is working well, but a co-worker has asked if joining the domain during the initial gold image build might be an issue.
Per our conversation, the steps you are following are in line with what others are doing. The only real caution is kerberos wanting to communicate with the DC within a certain period of time. You could also use provisioning to install the software and patches without joining the domain, but instead mapping a drive using an Admin account to install the software.