Sysrep win 7 join samba NT domain

  • Hi all, is here somebody who is able to join win 7 automatically via sysprep (or maybe other way) to samba based NT domain (samba ver. 3.6)? I can do it manually, but am not sure how to automate this. Is it possible using sysprep?

    Or, is FOG client able to join only AD domain or can it join NT domain also?

    I searched this forum and didn’t found others with this issue.


  • Ok, sorry for delay, here is what we use to make win7 join Samba NT4 domain (maybe it helps somebody):

    • after sysprep, fog automatically renames host (it’s done fairly early after sysprep, so there is little or perhaps no chance that computer will join domain with bad name), then it restarts and
    • downloads associated snapin - I named it setup_complete_snapin - which contains 2 scripts:
      ]join_domain.ps1 (powershell script)
      @echo off

    rem delete unattend files
    del /Q /F c:\windows\system32\sysprep\unattend.xml
    del /Q /F c:\windows\panther\unattend.xml

    rem delete dir with additional drivers (those which win didn’t install automatically - needs registry update for win to look here)
    rd /S /Q c:\Drivers

    rem win activation
    cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
    cscript //b C:\windows\system32\slmgr.vbs -ato

    rem office 2010 activation
    cscript “c:\Program Files\Microsoft Office\Office14\ospp.vbs” /act

    rem registry changes
    :: enable self deffense (registry protection) for NOD Endpoint Antivirus 5.0 - disabled before sysprep, because of sysprep crashes with this enabled
    REG ADD “HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000001\Profiles@My profile” /v selfdefense /t REG_DWORD /d 0x1 /f
    :: for win7 to join Samba NT4 domain
    REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DomainCompatibilityMode /t REG_DWORD /d 0x1 /f
    REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DNSNameResolutionRequired /t REG_DWORD /d 0x0 /f
    :: fixes problems with login (source:
    REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters” /v DisablePasswordChange /t REG_DWORD /d 0x1 /f

    rem domain join
    :: didn’t work without cd
    cd \windows\temp\setup_complete_snapin
    powershell set-executionpolicy remotesigned
    powershell .\join_domain.ps1
    powershell set-executionpolicy allsigned

    rem extends partition to whole disk
    diskpart /s .\diskpart.txt

    :: sleep a la MS Windows 🙂
    ::ping -n 10

    rem restart
    shutdown -r -f -t 120

    For domain join, really needed are only sections: domain join, registry changes (for win7 to join Samba NT4 domain) and perhaps restart.


    user and pass - pass has to be in apostrophes, quotation marks didn’t work

    $User = “DOMAIN\USER”
    $Pass = ConvertTo-SecureString ‘PASSWORD’ -AsPlainText -Force

    create credentials

    $Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass

    join domain with loggin to file

    #add-computer -domain DOMAIN -credential $Credentials 2>&1 > join_domain.log

    join domain

    add-computer -domain DOMAIN -credential $Credentials

  • Developer

    snapin tasks are automatically created when you specify a standard download. all snapins assigned to that host will be tasked to run. you can see these snapins to be deployed under the Active Snapin Tasks section of the task management page. the fog client runs the exact same way every time it’s run, the only thing that makes it behave differently is the information it receives from the server when it checks in.
    the way of using fog you describe is exactly what it’s designed to do.

  • Hi, bit delay, but I’m almost in the end (will post howto - maybe it helps somebody), but would like to know how this snapin subsystem works. It seems that when FOG client starts first time (after deploying), it automatically downloads associated snapins and run them (without creating snapin task).

    How does FOG client know it starts first time? And, will this work?: I create master image, upload it, deploy it (with snapins automatically downloaded and applied), then next semester use this same image (with updates and perhaps software changes), upload it, deploy it with snapins (again) correctly applied. If yes, it would be really nice 🙂

    I tried to search here this but didn’t find anything - if this was already discussed, feel free just to post link.


  • Hi X23, I discarded this way (scripts in c:\windows\setup\scripts) - I forgot about renaming before joining, so when I finally made these scripts working I realized this and since I didn’t figure out how to accomplish this renaming using powershell or sysprep, I decided that I make snapin which consists of these scripts and will run after FOG client renames hosts. It seems to work, I just need to test it all together with sysprep.

    And what do you mean by using fog client for joining? Is it possible to join win 7 to NT4 based (samba v 3.6) domain? I initially thought I will try it, but then just took the snapin way.

    Thanks, Rado.

  • Hi,

    do not forget renaming host and joining domain at same time should not work. Does your script rename the host and perform a domain join at same time?

    Why not using fog client for joining domain?

    Regards X23

  • Thanks for reply. I know, but I’m bit afraid of converting to Samba 4 (lot of work and uncertain results?). I know I will have to do it someday, but I just wanted to try it with my current setup since manual joining works (and if nothing works, just convert to AD). Now, I’m almost in the end - not using sysprep, but Power Shell script in c:\windows\setup\scripts\ which is called by setupcomplete.cmd - it works when I’m normally logged in as Administrator, but not during (or after?) sysprep process…

  • Senior Developer

    I haven’t really played too much with samba domain stuff, but I imagine if you can set it up to act in a similar method to Microsoft AD, you’d have no problems. You’d have to do the legwork on the samba AD server, but once that’s good to go everything else should be just as it is normally. You can do it with sysprep and/or use it with the FOG Client theoretically. I’ll see if I can build a samba AD server just to test this with.

Log in to reply