No... straight GHOST image. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Tuesday, June 07, 2005 7:29 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Cloned machine domain membership
Dan, are you using a ghost boot partition in your images? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme Sent: Monday, June 06, 2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Cloned machine domain membership If you have already figured out a way to come up with a unique computer name, you're in great shape. To join the domain, you can do one of the following: OPTION #1: SYSPREP SCRIPT In your SYSPREP.INF file (if you're not familiar with what this file is, ask and I'll elaborate), include the following section: [Identification] DomainAdmin = PatC DomainAdminPassword = "abcdef123" JoinDomain = MYDOMAIN JoinWorkgroup = MYUSERGROUP MachineObjectOU = "OU = myou,OU = myparentou,DC = mydom,DC = mycompany,DC = com" If you do this, there are issues with the password, obviously. The script should be placed in the C:\SYSPREP folder (PRIOR to imaging) and that folder is deleted during mini-setup. But there is still a possible exposure. Suggestions to overcome this: 1) Have a domain account that ONLY can add computers to the OU where you want these machines, and has no other access to resources in the domain 2) (Best): PRESTAGE the computer accounts: create the computer accounts IN ADVANCE in AD, and set DOMAIN USERS as the account that can join the workstation to that account. Then there's far less of an issue. There are scripts that will let you do this: http://support.microsoft.com/default.aspx?scid=kb;en-us;q315273 for starters OPTION #2: POST-IMAGE (FIRST LOGON) SCRIPT Depending on your imaging procedure, if a LOCAL administrator will log on to the computer for the first time post-imaging, you can have a script that runs at that time, either pointed to in the [RunOnce] key of the registry or in the Startup program group or a Startup/Logon script in Group Policy. The URL above shows the syntax for NETDOM which is one script you can use. http://www.microsoft.com/technet/scriptcenter/scripts/ad/computer/cptrvb 06.mspx shows another example that works well on XP. Again, consider the security implications of the domain accounts that are used and any possible password exposure. LMK if you need more detail, but this should get you going. Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Monday, June 06, 2005 8:32 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Cloned machine domain membership I am trying to figure out the best way to re-image our labs (XP only) without any interaction. Currently we are using Ghost 7.5, and it will add the machine account to the domain, but doesn't actually join the machine to the domain. This would be fine if the machines only needed re-imaged twice a year, but at times they need re-imaged weekly. Any suggestions on a way to do this with what we have? Other suggestions? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/