Joining a domain during an OS deployment

  • Article

There are two ways to join a domain as part of an OS Deployment:

  1. Using the Apply Network Settings step in Windows PE
  2. Using the Join Domain or Workgroup step in the new operating system

Apply Network Settings
Apply Network Settings simply writes the required information to the Windows answer file (sysprep.inf, unattend.txt, or unattend.xml) and Windows Setup does the actual domain join in the Setup Windows and ConfigMgr step. 

If Windows Setup fails to join the domain, it does not report an error back to the caller.  However, it logs the attempt to join the domain to:

  •  Vista:
  • c:\windows\panther\unattendGC\setuperr.log (errors only)
  • c:\windows\panther\unattendGC\setupact.log (detailed logging for all unttend generic components)
  •  Pre-Vista:
  • c:\windows\setuperr.log (errors only)
  • c:\windows\debug\netsetup.log (detailed logging of join attempt)

Consequently, if the domain join fails, the Task Sequence is not aware that something went wrong and continues to execute without reporting an error.  This has been the source of some confusion.  If the Apply Network Settings step succeeds, this simply means that the settings were successfully written to the Windows answer file.  It is still possible for the domain join to fail during Windows setup.

Since the domain join is performed by Windows Setup, the machine will be joined prior to resuming the Task Sequence in the new operating system.  If your infrastructure requires domain membership to access network resources, then this is likely the preferred method.

Apply Network Settings is designed to work seamlessly with Capture Network Settings to migrate domain membership from the old operating system to the new operating system.

Join Domain or Workgroup
Since Join Domain or Workgroup runs in the new operating system, after the Setup Windows and ConfigMgr step, the machine is not domain-joined until this step runs.  If your infrastructure requires domain membership to access network resources, then this method is likely not appropriate. 

Join Domain or Workgroup actually attempts to do the join itself.  If the join attempt fails, then the Join Domain or Workgroup step will fail and report status to the Task Sequence Manager.

Join Domain or Workgroup is not designed to work with Capture Network Settings by default, so you'll have to add a custom step if you want to use the two together.  In my next blog post, I'll explain how to customize your task sequence to use Capture Network Settings and Join Domain or Workgroup to migrate domain membership from the old operating system to the new operating system.