Ghost Solution Suite

 View Only

  • 1.  Automatically join domain. - Changes between GSS1 - GSS2 ??

    Posted Apr 04, 2007 02:16 PM
    I have GSS2 cloning my images just fine now thanks to Nigel + others :)  BUT my machines won't automattically join the domain.
     
     
    The Ghost enterprise versions do not require that you remove the source computer from the domain before cloning if Ghost originally added the computer to the domain. This is because Ghost uses the "Add Workstations to Domain" rights. See the Microsoft article number 139365, Capabilities of the "Add Workstations to Domain" Right.

    Here is an example of when it is not necessary to remove the source computer from the domain before cloning:
    • You add the source computer, computer A, to the domain.
    • You remove computer A from the domain.
    • You use Ghost to create an image file of computer A.
    • You used a Ghost enterprise version to roll out that image file to the target computers. That is, you write the contents of the image file to one or more computers, writing over the previous contents of the disks or partitions. Ghost adds these computers to the domain.
    • You use Ghost to create an image file of one of the target computers from step 4. Because Ghost added the computer to the domain in step 4, you do not need to remove the computer from the domain before creating the image file.
    I have tried this several times to no avail. The target machine is added to the AD and the and the domain is listed on the target machines login screen but it will not recognize the domain when login is attempted. I have to first manually remove the machine from the domain and then manually add it again. This used to work fine in GSS1. Is this a change in GSS2 or is there some other issue?
     
    Thanks, in advance, for the help.
     
    - Paul


  • 2.  RE: Automatically join domain. - Changes between GSS1 - GSS2 ??

    Posted Apr 04, 2007 08:19 PM
    Paul,
     
    I'm having a similar problem as you except that my machines won't add to the domain at all.  It sounds like yours at least looks like the domain is present where as mine will only add to the workgroup.  Like you, the machines will add to our OU but will not add to the domain at the end.  I've been troubleshooting this in another post.  We also run GSS 2.0 as well.  A few basic questions for you:
     
    1.  Did you create the Ghost Service account whens setting up your supported domain?
     
    2.  Before creating your image, did you check the box in the task to remove it from the domain?
     
    3.  Did you you check the box to regenerate the SID's when deploying images in your deployment task?
     
    I don't have access to do step 1 but always do steps 2 and 3.  When testing this process on a domain that I have full access to, the process ran fine.  Just figured I would ask you the simple things first.  Good luck!


  • 3.  RE: Automatically join domain. - Changes between GSS1 - GSS2 ??

    Posted Apr 04, 2007 11:58 PM
    > but it will not recognize the domain when login is attempted

    Odd. The thing is, our code don't really do the final domain joining part - having precreated the machine account in the domain on the server side, we let the client machine finish the joining process by calling the NetJoinDomain() API. Since we've precreated the account, we call this without supplying any credentials to it, so the machine picks up the precreated account with a temporary default password and then negotiates itself a new one.

    We did alter the process slightly from GSS1.x to GSS2.0, but mainly by making the server machine probe the domain for a writeable DC and then use that particular DC all the way through, and to force the use of the DNS-format version of the writable DC's name to avoid some problems where some of APIs appeared to sometimes do the wrong thing if you fed them a NetBIOS name for an AD domain controller.

    If you have a machine where this is happening, we should take a look at the C:\Windows\Debug\NetSetup.LOG file. Also, the system event log on the client machine should have some entries if for some reason the domain controller is rejecting the client machine's attempt to connect to a DC at boot time and authenticate its machine account.


  • 4.  RE: Automatically join domain. - Changes between GSS1 - GSS2 ??

    Posted Apr 10, 2007 01:55 PM
    Hamilton77fan:
     
    In response to your questions:
     
    1 - Yes. But I've re-created it a couple of times just to make sure it works.
     
    2 - No, according to the document I quoted in my orginal post, one doesn't need to after the first time. In fact this used to work fine under GSS1.0 When I do remove the machine from the domain, the cloned machines do seem to join properly but for this to work reliable one has to remove all the machines to be cloned from the domain also - a pain the butt!.
     
    3 - Yes.
     
    - Paul