• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Need urgent help on joining a domain automatically after installation

    Scheduled Pinned Locked Moved
    FOG Problems
    3
    9
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • PiplupP
      Piplup
      last edited by

      Hello,

      I need to verify a few things because I need them in a project I need to submit to a comission for a job training.

      I want to sysprep a Win10 Pro Image and distribute it so that it automatically joins a domain. I never managed it to work. It should work like:

      #1 Sysprep a generalised image with software preinstalled
      (With / Without having joined domain?)
      #2 Worker enters his credentials in the FOG Network Boot
      #3 Image gets downloaded and installed with his personal domain credentials

      Can I do that?
      Please, explain it if so, because I wasn’t able to make it work and I really need this feature for my paper to submit.

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Sebastian Roth

        @Piplup What exactly have your tried so far? What errors did you run into? What does your configuration XML look like? Which version of FOG do you use?

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • PiplupP
          Piplup
          last edited by Piplup

          Deleted my post because of missing information.
          Will update later today.

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by

            @Piplup There is no need to delete the post. Just update as much information as you can.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            PiplupP 2 Replies Last reply Reply Quote 0
            • PiplupP
              Piplup @Sebastian Roth
              last edited by Piplup

              @Sebastian-Roth
              Update:

              What my plan was -
              1. I want to distribute prepared / generalized (with Software like Firefox preinstalled) Windows 10 Images that,

              2. depending on the user logging into the FOG PXE Enviroment,
              will be logged into their Windows 10 AD Accounts, after installation, respectively.

              3. (optionally) Possible Administration through the FOG Smart Application, like shutting off PC’s or changing screen resolution, but I’m not that far.

              The existing domain is based on SAMBA 4, so it runs on Windows Server 2008 R2.

              There is an option in FOG to map FOG user accounts with AD domain credentials, so I wanted to use this for comission project.

              What I did / achieved so far:

              I distributed these Images with preinstalled software with no problem, (#1)
              but I wasn’t able to make the domain join work. I put the correct credentials for a Domain User and mapped it to a FOG User account. Then I distributed the generalized image, and the software preinstall worked, however the automatic domain join did not.

              The XML in question is the autoattend XML file, right?
              I left it mostly generic, because I expected FOG to fill the credentials for each Domain user that has been mapped to a FOG User account.

              Used:
              FOG 1.5.7
              Debian 10 LTS / Dnsmasq for DHCP Proxy
              Win 10 Pro

              The main question here is:
              Is what I’m trying to do possible here? If so, what am I missing

              Because “just” image distribution is too thin to pass training with this project, I believe.
              I am new here and barely know anything about the features possible with FOG, but I’m trying my best.

              george1421G 1 Reply Last reply Reply Quote 0
              • PiplupP
                Piplup @Sebastian Roth
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • george1421G
                  george1421 Moderator @Piplup
                  last edited by

                  @Piplup In theory this is possible with the exception of the fog admin setting the default user on the windows side.

                  You will need to be a bit creative with the unattend.xml script, but you can automate quite a bit using a FOG post install script.

                  I have some examples of post install scripts here. https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/15 specifically look at part three in the tutorial.

                  Via the unattend.xml file you can add users to the target computer, connect it to the domain in different OUs (I calculate my target OU at the time the OS is deployed based on the image name and physical location the target computer is at when its deployed). You can also set the keyboard and geographic locations via the unattend.xml file. So you are not limited to what the FOG Client can do, but to what you can preset in the unattend.xml file.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                  1 Reply Last reply Reply Quote 0
                  • PiplupP
                    Piplup
                    last edited by Piplup

                    Thank you, but Christ, that’s a lot.
                    I saw a rough “workaround” that could work instead.
                    (I don’t want to come off as lazy, but I literally started with Linux and this job training this year, I still only understand half the things I read here)

                    I’d create an InstallUser for the AD with limited rights, which will be automatically joined to the Domain via a fixed entry in the “unattend.xml”. (?) Software will already come preinstalled with the image. From there on, the User manually Signs Out and Signs In via his given AD credentials.

                    “(?)” because I never actually saw this option. I just read it’s supposed to be possible. I’ll try testing again tomorrow. But with my limited time right now, that’s all I can do.
                    More importantly, what’s your opinion on this?

                    Edit: I just realized - Doesn’t an Active Directory Domain join require Administrator privileges from the Domain Controller in the first place? Wouldn’t I just create a security vulnerability…? If you have experience in this, please share your advice.

                    george1421G 1 Reply Last reply Reply Quote 0
                    • george1421G
                      george1421 Moderator @Piplup
                      last edited by george1421

                      @Piplup said in Need urgent help on joining a domain automatically after installation:

                      Thank you, but Christ, that’s a lot.

                      Its not bad if you build it up, start with the basics and add on.

                      I’d create an InstallUser for the AD with limited rights, which will be automatically joined to the Domain via a fixed entry in the “unattend.xml”. (?) Software will already come preinstalled with the image. From there on, the User manually Signs Out and Signs In via his given AD credentials.

                      Yes that is how we do it. Here is an example of an sanitized version of our unattend.xml. https://forums.fogproject.org/post/87392 The point of the tutorial link I provided before was to show you if you have text in your unattend.xml file you can “tweak” it at deploy time. Its really NOT that hard. The bit I didn’t show you was the complete working model: https://forums.fogproject.org/topic/11126/using-fog-postinstall-scripts-for-windows-driver-injection-2017-ed This is the full working postinstall script it does more than what you need at the moment. The script you are interested in is fog.updateunattend

                      Doesn’t an Active Directory Domain join require Administrator privileges from the Domain Controller in the first place? Wouldn’t I just create a security vulnerability…? If you have experience in this, please share your advice.

                      Yes and no. Yes you need an elevated account but you can restrict that account to only add computer to ou. Its been a while since I set that up but I know with advanced acls you can restrict that account to only the task at hand. Also if you use the WAIK toolkit you can encrypt the password in the unattend.xml file so it can’t be hacked easily. Lastly in your setupcomplete.cmd batch file, you will have that nuke any unattend.xml file or another other setup files that are used during OOBE/WinSetup.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      180

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project