Joining Windows 7 sysprep'd Image to Domain Fails Everytime

  • I got my golden windows 7 machine just like I want it - I didn’t change anything special, just added the software I wanted and I’m trying to get it to join our AD domain.

    I used:
    [CODE]sysprep /quiet /generalize /oobe /shutdown /unattend:c:\unattend.xml[/CODE]

    to sysprep it before I imaged it. The current unattend.xml doesn’t have anything in it that would affect the domain join; however, I’m considering just starting up Windows AIK and creating my own unattend.xml to auto-join the domain.

    Does anyone else have these issues?

    I checked the ‘Join Domain after Imaging’ and filled out the info:
    [CODE]Domain name: school.local
    Organizational Unit: OU=HighSchool,DC=school,DC=local
    Domain Username: administrator
    Domain Password: encrypted with FOGCrypt[/CODE]

    Then started the task to deploy. After imaging and windows configuring itself it works fine - it’s just not joined to the domain.

    Question: Can I join the domain before sysprep’ing and imaging the computer?

    FOG is working so great except for this.

    Point me in the right direction if you have an idea what I’m doing wrong. Yes, I’ve even tried just leaving the OU field blank. Thanks!

  • I’m doing this and not getting a domain join. Any suggestions?
    In the pic above that’s:
    DOMAIN.local &

  • It worked! What the crap?


    I guess I was over-complicating the process afterall - as usual.

    Thanks for bearing with me man. I swear I thought I tried it like that (maybe it was with the non-sysprep’d image tho). I appreciate all your help!

  • Moderator

    I would try to get it working to the default computers container first (no OU settings in FOG). Did you try my suggestion above about using domain\username instead of just username?

  • Maybe I’m not entering the correct info in the Organization Unit field in FOG management WebUI

    It should go under HighSchool>Students - bah, I need to learn AD. period.

  • Moderator

    I don’t see anything wrong with your layout. The error 2202 may mean you are using an invalid user name when trying to join the computer to the domain.

    Try setting the user in the form: domain\username, where domain is the netbios name of the domain, which would be “school” if your domain name is “school.local”

  • Still a no-go.
    I created another account and delegated rights to let it join computers to the domain.

    No messages in fog.log this time shrugs

    I’ve only been learning AD for a month now, so my problem could very well be my AD management and how it’s setup.
    About to have to drop playing with FOG for a while before I go insane and since it’s taking up so much time with me trying to figure out how to auto-join our domain.

    Maybe I’ll get a working unattend.xml file to auto-join by next week and just do things like that. Sorry for ranting…

  • Moderator

    that error code is returned from AD. so google it as a domain join error not a fog hostnamechanger error.

    Are you still using “administrator” or did you create a new user and delegate rights?

  • I just several more times even with the non-sysprep’d image.

    In the non-sysprep’d one I get an error in the c:\fog.log
    [CODE]Hostnamechanger Domain Error! (‘Unknown Error’ Code: 2202)[/CODE]

    I’ve tried googling the error code but found nothing. Any idea?

  • Moderator

    Correct. Join but with no OU option set. I join to Windows Server 2008 R2 without issue, but I have only ever joined to the default computers container.

  • [QUOTE]Try joining it to the domain leaving the container empty. Just as a test. That will tell you if the join operation is working and you’re just having a problem with the container syntax.[/QUOTE]

    Just to clarify, I should join like I was but leave the Organizational Unit container empty?

    Using Windows Server 2008 R2 if that makes a difference.

  • Moderator

    Try joining it to the domain leaving the container empty. Just as a test. That will tell you if the join operation is working and you’re just having a problem with the container syntax.

    Also, a recommendation. Don’t use your administrator account. Create a new account, and delegate it the rights to add computer accounts to the default computers container and the parent container of where you move the computer accounts to after they join the domain.

    If you change your administrator password in the future, you’re FOG won’t break. If someone reverse engineers your encrypted password, they won’t have your administrator password for the domain. Since the FOGCrypt uses a known passphrase by default, it’s not that hard to take your encrypted password and get the original.

  • extra information:

    for the Domain Username I’ve also tried: school/administrator & school.local/administrator

    Using FOG 0.32 with latest kernel.