FOG 1.5.7, Win10, Domain join works, but not register SID, OU specification not working
-
Image capture, multicast & direct deployment are smooth, the issue is with PCs get lost on AD after joining AD, also, they are not going into specified OU.
However, the PCs are in the domain and users can login with domain accounts. The strange thing is that PCs are NOT found anywhere on AD; not in the default OU, not in the specified OU, or anyway along the line. When try to remove PCs from AD using Powershell, it fails with error that computer SID not registered with AD. This might explain why it is not found on AD, also, why the domain users can still log on. To remove PCs from AD, have to use “system” GUI interface. Once it is removed from the domain, add PC using Powershell works again & will put the PC into the correct OU on AD.
Please help. Thank you.
-
@snap7B What is the specific OU you want the computer objects to be in. I can imagine this is not something the original fog-client developer tested too much but I am not sure.
Please give us some more details and I will try to replicate the issue and see what I can do.
-
On FOG server, under either group or just a host, you can specify domain and OU. something like this:
domain is “mylocation.mycompany.com”
OU are “OU=level3,OU=level2,OU=top,DC=mylocation,DC=mycompany,DC=com”On the AD: we would have tree looks like this:
mylocation.mycompany.com
->top
–>level2
—>level3
the PCs would all be under OU three.I have tested to use just one OU (top), but still the same, no PCs in OU “top”.
-
@snap7B said:
I have tested to use just one OU (top), but still the same, no PCs in OU “top”.
Well then I am wondering if it has to do with the "DC=mylocation,DC=mycompany,DC=com” structure. Definitely something common in the world of Microsoft Windows but I am not sure how many FOG users we have with this. Should actually have but I can’t say for sure.
-
@Sebastian-Roth I have a real fully qualified domain name, just used “mylocation.mycompany.com” here as example. DNS resolves the domain name.
The set up I used is based on fog wiki:
https://wiki.fogproject.org/wiki/index.php/Active_Directory_-_FOG_Setting -
@Sebastian-Roth I just saw the netdom command at end of wiki, will use that to debug. Thanks.
-
@snap7B Most of the fog-client code was written by another developer and I am not an expert on this Windows domain join stuff. So we might need to work together to figure out why this is not working for you. See here code here: https://github.com/FOGProject/fog-client/blob/master/Modules/HostnameChanger/Windows/WindowsHostName.cs#L156
DomainWrapperdefined in line 48 more or less just calls the externalNetJoinDomain. The interesting thing I find is that in line 156ffDomainWrappermight be called several times depending on the return value. So it might be worth adding some debugging output here to see what it’s doing in your environment.But yes, take a look at
netdomand see if you can figure something out.The set up I used is based on fog wiki …
What I meant is just usually people have only “DC=company,DC=com” while you have “DC=location,DC=company,DC=com”…
-
@snap7B Any news on your test using the
netdomcommand? Unfortunately I don’t have such an AD setup and won’t find the time to set one up any time soon. But I could try adding more debug output and provide that as a new DLL to you so we can figure out what goes wrong.