PC domain join gets trust relationship



  • I created a UEFI image for a dell 5490. To create the image, i had to temporarily join the system to the domain to get some install files. When I was done, I deleted the computer from SCCM and AD, an unjoined the PC from the domain. (yes 100% sure unjoined from domain)

    After I did that I logged into the local account, downloaded fog service from my server, and did a CMD shutdown -s -t 0 -f.

    Then captured the PC.

    It seems like I was able to get a few computers to join a domain in the beginning, but now each one under “This PC” properties, it will show as if it is connected to my domain. When I look in AD, the PC is not there. Obviously if I log into the PC with a domain user, I get a trust relationship error.

    I also tried adding a snapin that is a powershell script to join a PC to our domain. That also throws out a trust relationship problem.

    What do you think could be the culprit? some computers did work during the beginning and now it is failing.

    When I image and select NO to join domain, it will image just fine and skip the domain join process. Then from there I can join the domain, restart, and be done.


  • Senior Developer

    @vince-villarreal If your image contains the FOG Client, which is sounds like it does, simply disable the service, disjoin the domain, capture the image. In terms of SYSPREP, you would have your setupcomplete.cmd set to enable the fog service as the last thing it does. Then you can start the service or restart the machine.

    So basic steps:

    1. Create your layout of software/OS, etc…
    2. If machine is to be constant master image maker machine, don’t allow it to join the domain (can be setup in the GUI under Hosts->Edit->Active directory->Join Domain)
    3. Install FOG Client.
      # If sysprepping
    4. Disable fog client service.
    5. Sysprep Machine.
    6. Fully shutdown machine.
      # End sysprep steps
    7. Capture image.


  • @tom-elliott So recapture the image? Does this sound like it will work (listing steps below)?

    1. image a 5490 without join domain.
    2. go INTO fog and delete the host first while computer is still on.
    3. open cmd, do a shutdown -s -t 0 -f
    4. Full host registration
    5. capture

    You think those steps above should work?


  • Senior Developer

    It almost sounds as if the fog client joined the machine back to the domain before you were able to do the full shutdown. So, while you may have done the work initially to “… unjoined from the domain”, when you installed the client it likely ran and connected the machine again. Just thinking this is the case. It’s also what seems like the easiest answer as to why this occurred in the first place.


 

407
Online

41.6k
Users

12.1k
Topics

114.4k
Posts