New Question
0

Automate domain join when we provision a Windows VM on openstack running on KVM

asked 2016-05-10 15:13:47 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

Hi,

We need to create a template in OpenStack that will be able to join the domain whenever an end user provisions a VM from that Image. Can you please let me know if you have the expertise to assist us? The windows version will be W2012 R2 and the Hypervisor we are using in OpenStack is KVM. We are using the Suse OpenStack Cloud in our infra.

Thanks for your assistance

Regards, Nagesh

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2016-05-10 15:44:07 +0300

avladu gravatar image

updated 2016-05-10 15:46:32 +0300

Hello,

This is a recurring scenario, and there are at least two options to automate it: Secure Join ( Unattend.xml based) and offline join.

Secure Join - You need to add to your Unattend.xml this part: https://technet.microsoft.com/en-us/l... If you use cloudbase-init installer, make sure not to check the automated sysprep option, make the changes to the "${env:ProgramFiles}\Cloudbase Solutions\Cloudbase-Init\conf\unattended.xml" and run sysprep with that unattend xml you have changed.

The offline domain joined is explained here: https://technet.microsoft.com/en-us/l... . To have it working with OpenStack, you can use cloudbase-init as a bootstrapper to run a userdata script that will look like this: http://paste.openstack.org/show/384475/

As a side note, you might need to add to the neutron network the AD controller's IP as DNS server, as discussed here: http://ask.cloudbase.it/question/884/...

Thanks,

Adrian.

edit flag offensive delete link more

Comments

Hi Adrian, I was able to do this but the only concern was if we go with secure join we have to embed the credentials in the unattend.xml file on the template which is a very big security risk when we move to Production

Nagesh gravatar imageNagesh ( 2016-05-21 09:35:20 +0300 )edit

Hi, Just want to know if there has been any headway made in this regard. I am currently using the offline domain join but would like to explore the option of using cloud-init if there is one.

Nagesh gravatar imageNagesh ( 2016-10-04 13:31:56 +0300 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Stats

Asked: 2016-05-10 15:13:47 +0300

Seen: 856 times

Last updated: May 10 '16