- Thread Author
- #1
Ok, here is what seems to be the problem. We have a deployment process set up to deploy Windows Vista for the most part unattended. We have an answer file (unattend.xml) that we use to specify all of our settings. In the answer file, we have set up the deployment to automatically join our domain during the install.
Recently, we got four new Dell Optiplex 755 computers for our team. When we try to deploy Vista on any of these boxes, we get an interesting issue. We have tested our deployment on multiple non-dell computers and all of them install fine and connect to the domain successfully. However, when we deploy Vista to one of our new Optiplexes, the install will not connect to the domain. In our deployment process we use WinPE boot disks, and the WinPE boot disk by default does not seem to have network drivers for the Intel 82566DM-2 Gigabit cards in the computers. We managed to put the drivers in the WinPE disk, and because of this issue initially assumed that the Vista install files did not have the drivers either. However, when we logged in to a computer, the network drivers were installed and working fine.
Once seeing this, we decided to try connecting to the domain manually, using the same account that is used in the unattended install, to see if we could connect. When trying to connect, we got an "Access denied" error. We then tried using a domain administrator account (as the deployer account is limited only to adding computers to the domain) and we were successfully able to connect.
After accomplishing this, we decided to deploy Windows XP to one of the computers to see if this same issue was mirrored in the XP deployment. XP deployed and connected to the domain fine without any intervention from us. The same deployer account is used in the XP deployment as is used in the Vista deployment.
Is there a reason why when Vista is installed (just on these Optiplexes) that our deployer account cannot join the computer to the domain (whether during the install or post-install), but a domain administrator can? If there is a reason, is there a way to fix this problem?
A summary of the hardware:
Dell Optiplex 755
Intel Core 2 Duo E6550
4 GB DDR2
80 GB HD 10000 RPM
ATI Radeo HD 2400 Pro
Intel 82566DM-2 Gigabit Ethernet
Recently, we got four new Dell Optiplex 755 computers for our team. When we try to deploy Vista on any of these boxes, we get an interesting issue. We have tested our deployment on multiple non-dell computers and all of them install fine and connect to the domain successfully. However, when we deploy Vista to one of our new Optiplexes, the install will not connect to the domain. In our deployment process we use WinPE boot disks, and the WinPE boot disk by default does not seem to have network drivers for the Intel 82566DM-2 Gigabit cards in the computers. We managed to put the drivers in the WinPE disk, and because of this issue initially assumed that the Vista install files did not have the drivers either. However, when we logged in to a computer, the network drivers were installed and working fine.
Once seeing this, we decided to try connecting to the domain manually, using the same account that is used in the unattended install, to see if we could connect. When trying to connect, we got an "Access denied" error. We then tried using a domain administrator account (as the deployer account is limited only to adding computers to the domain) and we were successfully able to connect.
After accomplishing this, we decided to deploy Windows XP to one of the computers to see if this same issue was mirrored in the XP deployment. XP deployed and connected to the domain fine without any intervention from us. The same deployer account is used in the XP deployment as is used in the Vista deployment.
Is there a reason why when Vista is installed (just on these Optiplexes) that our deployer account cannot join the computer to the domain (whether during the install or post-install), but a domain administrator can? If there is a reason, is there a way to fix this problem?
Dell Optiplex 755
Intel Core 2 Duo E6550
4 GB DDR2
80 GB HD 10000 RPM
ATI Radeo HD 2400 Pro
Intel 82566DM-2 Gigabit Ethernet
Celestra
Former Moderator
- Joined
- Jan 15, 2008
- Messages
- 2,448
- Thread Author
- #3
I figured it all out. It was a serious pebkac error on our part. Essentially what happened is that our deployer specific permissions only have permissions to modify/create a computer object in a specific OU. By trying to manually join to the domain using the deployer account, it was trying to create the computer object in the default Computers OU in AD. Since it didn't have permissions to do so, it wasn't able to create the object, and thus unable to join the domain. We also discovered that our unattend.xml file didn't have the correct OU listing in it for joining the domain, hence why it wasn't joining the domain during the install.
- Joined
- Aug 28, 2007
- Messages
- 36,157