Windows 7 sysprep answer file auto join domain

After the machine has been reimaged I try loggin on and get the " the security database on the server does not have a computer account for this workstation trust relationship" error come up. I log in locally and notice it says the it is added to the domain. So under - Computer name, domain and workgroup settings. It says the domain name next to domain also. I'm having the same issue. Using an autounattend. Everything seems to work well with the autounattend, it even logs in once as administrator after you enter the computer name value which ideally i'd like to be the only hands on step for image deployment.

On the freshly imaged windows 7 machine I check the system properties and it says it's a member of my domain. A machine that is on our companys network but as a member of a workgroup would normally have to supply domain credentials to browse to other machines C drives, so in this way it acts as if it's truly on the domain. I then log off and attempt to login with a domain administrative account and the get the same error previously posted "the security database on the server does not have a computer account for this workstation trust relationship".

I also notice that the computer name that i enter never gets entered into AD. I can add this computer to the domain manually and it will show up in AD as well as authenticate domain accounts after that. Please let me know if any other information is needed to assist with this. The machine does join the domain, with a WIN- name, but then computer name then gets renamed via sysprep and the security link between the machine and the AD is broken, so giving you the error message.

We figured out that the part of the random name for the computer is being taken from the Registered Owner and Registered Organization names. It will pull letters from first the registered owner then the registered organization until there are 7 characters, with one exception, then it will add a dash then random characters to make a total of If the registered owner name has 7 characters, none will be added from the registered organization.

Example: 1 If the reg. The machine successfully joins the domain and we are able to log on as a domain user when we use this configuration for our answer file. We still have to go in and rename the machine after the fact, but it takes less time than manually joining each machine to the domain, every machine has a unique name, and we have a little control over the naming scheme so we can identify our machines on the domain.

My solution was more complex, but prevents techs from entering the wrong name or using the wrong format. Then I Ghost the sysprepped image. Do any of you clever script people know if its possible to add the above to this script. Thanks to Steve21 from: ihaveaproblem 8th July The script of the import.

Thanks to Davit from: ihaveaproblem 8th July I will give both a in the morning back at work. It is suppose to be unattended I want that to prompt me before joining the domain. Last edited 7th July at PM. Sorry to be a pain. Both those shutdowns dont seem to work either? I've tried both and copied the text to the end of the script an on the second one shutdown. If both exist in an answer file, the value for JoinDomain is used, and JoinWorkgroup is ignored.

For a list of the supported Windows editions and architectures that this component supports, see Microsoft-Windows-UnattendedJoin. Skip to main content. This browser is no longer supported. The process for joining a machine to a domain during an unattended installation is very different in Windows 7 than it used to be with Windows XP. There is a great library article on the TechNet site here that explains the entire process. An example of a working XML file joining the domain can be found on the TechNet forums here as posted by George Khalil and marked as best answer.

Based on your post, it seems you have the Computer Name prompting all worked out. You will need to chose which to include in the unattend, then script out the other to perform after mini-setup. If possible for your environment, you can have unattend. You can post now and register later. If you have an account, sign in now to post with your account.

Paste as plain text instead. Only 75 emoji are allowed.