Ok, sorry for delay, here is what we use to make win7 join Samba NT4 domain (maybe it helps somebody):
- after sysprep, fog automatically renames host (it’s done fairly early after sysprep, so there is little or perhaps no chance that computer will join domain with bad name), then it restarts and
- downloads associated snapin - I named it setup_complete_snapin - which contains 2 scripts:
[LIST=1]
[]setupcomplete.cmd
[]join_domain.ps1 (powershell script)
[/LIST]
SETUPCOMPLETE.CMD:
[CODE]
@echo off
rem delete unattend files
del /Q /F c:\windows\system32\sysprep\unattend.xml
del /Q /F c:\windows\panther\unattend.xml
rem delete dir with additional drivers (those which win didn’t install automatically - needs registry update for win to look here)
rd /S /Q c:\Drivers
rem win activation
cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
cscript //b C:\windows\system32\slmgr.vbs -ato
rem office 2010 activation
cscript “c:\Program Files\Microsoft Office\Office14\ospp.vbs” /act
rem registry changes
:: enable self deffense (registry protection) for NOD Endpoint Antivirus 5.0 - disabled before sysprep, because of sysprep crashes with this enabled
REG ADD “HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000001\Profiles@My profile” /v selfdefense /t REG_DWORD /d 0x1 /f
:: for win7 to join Samba NT4 domain
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DomainCompatibilityMode /t REG_DWORD /d 0x1 /f
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DNSNameResolutionRequired /t REG_DWORD /d 0x0 /f
:: fixes problems with login (source: https://lists.samba.org/archive/samba/2010-October/158591.html)
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters” /v DisablePasswordChange /t REG_DWORD /d 0x1 /f
rem domain join
:: didn’t work without cd
cd \windows\temp\setup_complete_snapin
powershell set-executionpolicy remotesigned
powershell .\join_domain.ps1
powershell set-executionpolicy allsigned
rem extends partition to whole disk
diskpart /s .\diskpart.txt
:: sleep a la MS Windows
::ping -n 10 1.1.1.1
rem restart
shutdown -r -f -t 120
Exit
[/CODE]
For domain join, really needed are only sections: domain join, registry changes (for win7 to join Samba NT4 domain) and perhaps restart.
JOIN_DOMAIN.PS1:
[CODE]
user and pass - pass has to be in apostrophes, quotation marks didn’t work
$User = “DOMAIN\USER”
$Pass = ConvertTo-SecureString ‘PASSWORD’ -AsPlainText -Force
create credentials
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass
join domain with loggin to file
#add-computer -domain DOMAIN -credential $Credentials 2>&1 > join_domain.log
join domain
add-computer -domain DOMAIN -credential $Credentials
[/CODE]