AD Join Issue Using Script and Answer File



  • Server
    • FOG Version: 1.3.0-RC-8
    • OS: CentOS (don’t remember what version)
    Client
    • Service Version: v0.11.5
    • OS: Windows 10
    Description

    So I am using the following script post download for builds for one of my clients:

    #!/bin/bash
    hostadpwd="ADPASSHERE"; #only downside to this method- this is the plain ad password
    unattend="/ntfs/Windows/Panther/unattend.xml";
    [[ ! -f $unattend ]] && return
    dots "Preparing Sysprep File"
    rm -f /ntfs/Windows/System32/sysprep/unattend.xml >/dev/null 2>&1
    if [[ ! $? -eq 0 ]]; then
        echo "Failed"
        debugPause
        handleError "Failed to remove original unattend file"
    fi
    echo "Done"
    debugPause
    dots "Writing Computer Name"
    sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1
    if [[ ! $? -eq 0 ]]; then
        echo "Failed"
        debugPause
        handleError "Failed to update originating unattend file"
    fi
    echo "Done"
    echo "ComputerName set to $hostname"
    debugPause
    [[ -z $addomain ]] && return
    dots "Set PC to join the domain"
    sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1
    if [[ ! $? -eq 0 ]]; then
        echo "Failed"
        debugPause
        handleError "Failed to remove the Workgroup setter"
    fi
    sed -i \
        -e "s|<Password></Password>|<Password>${hostadpwd}</Password>|g" \
        -e "s|<Username></Username>|<Username>${addomain}\\\\${aduser}</Username>|g" \
        -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \
        -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1
    if [[ ! $? -eq 0 ]]; then
        echo "Failed"
        debugPause
        handleError "Failed to update user, pass, ou, and domain setter"
    fi
    echo "Done"
    debugPause
    

    So one question with this: where I have the AD password listed, would that have to be the domain Administrator account’s password or the password for any account that has admin rights (e.g. the main support account that I use).

    I also remember reading as follows from one of the tutorials that my Answer file (unattend.xml) needed to include the following:

    <JoinWorkgroup>Workgroup</JoinWorkgroup>
    <Credentials>
    <Password></Password>
    <Username></Username>
    </Credentials>
    <JoinDomain></JoinDomain>
    <MachineObjectOU></MachineObjectOU>
    

    Silly question, but under what section in the Answer File would I need to put that?

    Thanks!


  • Developer

    @Raj-G under <settings pass=“specialize”>

    <component name=“Microsoft-Windows-UnattendedJoin” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”>
    <Identification>
    <JoinWorkgroup>Workgroup</JoinWorkgroup>
    <Credentials>
    <Password></Password>
    <Username></Username>
    </Credentials>
    <JoinDomain></JoinDomain>
    <MachineObjectOU></MachineObjectOU>
    </Identification>
    </component>

    the above is for 64-bit… if you’re ever unsure use WAIK to generate your unattend file for you if you don’t feel comfortable doing it manually


Log in to reply
 

380
Online

39.3k
Users

11.0k
Topics

104.4k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.