This page is under maintenance.

 

 

How to Specify Parameters to execute a Join Domain

BigFIx Customers, using the OSD application, can decide to join the target machine to a domain. This can be done during the creation of a Bare Metal Profile or during re-imaging.
You can join the target to a domain in two different ways:

• By specifying just  the domain name
  In this case the target system will be placed in the default Organizational  Unit defined
  in  the Active Directory.

• By specifying both the domain name and the target Organizational Unit.

 

The two possibilities are shown below:

 

Admitted all alphanumeric characters except:
Backslash (\) slash mark (/) Colon (:) Asterisk (*) question mark (?) quotation mark (")less than sign (<) greater than sign (>) vertical bar (|) Blank ()

The domain name can be provided as NetBIOS name or as DNS name.
You could use the NetBIOS name or DNS Name based on the Network configuration, depending on how you configure the DNS and DHCP servers in the network and you can  verify if the join is working correctly using the NetBIOS or the DNS name, (If the Active Directory configuration is done correctly.)

The period (.) is allowed when specifying a NetBIOS name BUT it is strongly advised not to use it to avoid confusion with the DNS Name.
examples:
NetBIOS name: MyDom
DNS name: MyDom.MyCompany.com
See also  http://technet.microsoft.com/en-us/library/bb676377.aspx  for differences between NetBIOS and DNS names.
 

To join a computer to a domain, providing an active directory organizational unit, specify the full Active Directory path name of the OU to join and specify the user credentials with domain-joining privileges.

For example:

OU=MyOu,DC=MyDom,DC=MyCompany,DC=com

(DC=domain components, OU=organizational units)

All characters are allowed, including extended characters.
Note that you must provide at least one OU=xxx and one DC=xxx. The Organizational Unit name can contain spaces while domain components cannot include spaces.

 

Domain-joining credentials can be specified as:

Domain\UserLoginName

where domain name (can be different by domain to join) can be specified as NetBIOS name or as DNS name and the user with domain-joining privileges. If the domain is not specified as part of the user name, the name of the domain to which you are joining is used.
All alphanumeric characters permitted except:
\ / : * ? " < > | [ ] ; = , + * ?
Formats such as Administrator@server1.mydept.us.myco.com are not allowed.

 

How Domain Credentials are used by BigFix

The mechanism used to execute the join domain is the mechanism provided by Microsoft called Lite Touch Installation.
This tool, on the target system, uses a common set of scripts and configuration files. To execute the Join Domain a file named CustomSettings.ini, is used. BigFIx prepares this fil  with all the Domain Credentials provided by the user.

The Lite Touch script used to join the target computer is called
ZTIDomainJoin.

This script uses the following fields in the CustomSetting.ini file:
 

• JoinDomain: The domain that the target computer joins.

• MachineObjectOUproperties: The Organizational Unit in the target domain in which the computer account for the target computer is created.

• DomainAdmin: The user account credentials used to join.

• DomainAdminDomain: The domain in which the DomainAdmin resides.

• DomainAdminPassword: The password used for the DomainAdmin user.

 

Below are some examples of where you can find these fields when displaying the actions from the BigFix Console:
 

The first example is the information shown wen selecting an action of Create Bare Metal Profile. The second example is the information shown selecting the Prepare custom settings configuration file action in a Multiple Action Group executed during a Re-Image.

 

Troubleshooting Join Domain errors

Failure in joining a domain is not a fatal failure.
The deployment completes successfully, regardless of how the join domain ends. The only way to understand the reason of the error is to check the Join Domain log file that you can find in:

C:\Windows\Temp\Deployment Logs\ZTIDomainJoin.log

In this file you should look for the "RC =" string with the RC value.
You can also find the fields used to execute the join.

The error explanation is usually provided in the log file. For further information, check the following Microsoft link:

http://msdn.microsoft.com/en-us/library/ms681381%28v=vs.85%29.aspx

 

Frequent errors:

• Case 2 Explanation = "Missing OU"
• Case 5 Explanation = "Access denied"
• Case 53 Explanation = "Network path not found"
• Case 87 Explanation = "Parameter incorrect"
• Case 254 Explanation = "The specified extended attribute name was invalid." Probabily the OU (organizational Unit) parameter is incorrect or the specified OU doesn't exist
• Case 1326 Explanation = "Logon failure, user or pass"
• Case 1355 Explanation = "The specified domain either does not exist or could not be contacted." -> probabily there is a DHCP/DNS configuration error
• Case 1909 Explanation = "User account locked out"
• Case 2224 Explanation = "Computer Account allready exists"
• Case 2691 Explanation = "Allready joined"

Execute the Join Domain on Target system

 

From desktop:

From DOS prompt:

running the command:  cscript  joindomaintool.vbs

where joindomain.vbs is a "sample" visual basic tool that you can use to test the join domain credential parameters.