New Question
0

AutoDomain join

asked 2017-09-15 22:25:31 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

Hello, guys! I'm trying to create unattend file, that will make a secure domain join for any Windows VM created with Openstack. Unfortunately, after a week of tries, i still have no result. First of all i tried the simply way - just used Microsoft-Windows-UnattendedJoin component in order to add computer to my domain, but got the interesting bug - my VM joined domain with name like DESKTOP-%RANDOMSYMBOLS%, but it's hostname was set to DESKTOP-%ANOTHERRANDOM_SYMBOLS%. Then i found this article https://ask.cloudbase.it/question/103... where were said, that there is a built-in function, that launches during OOBE part of initial startup, and the only thing i can do is to set hostname at the OOBE stage again to save OpenStack name. So, i figured out, that there is no way to setup autojoin domain, because: - We can use join domain function only at "Specialize" stage - We should use hostname set function (it's a built-in plugin) twice - at the "specialize" stage in order to use proper hostname while joining domain, and at the "OOBE" stage in order not to allow PC hostname changing, but this plugin allows me to launch it only once!

Maybe someone has idea about working around this? Help me, please, it cracked my brain!

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by » oldest newest most voted
0

answered 2017-09-18 13:15:40 +0300

avladu gravatar image

updated 2017-09-18 20:59:04 +0300

Hello,

Here you have the domain join explained: https://ask.cloudbase.it/question/116...

Update #1:
If the hostname change is done by oobe hook after specialize has finished, and in the specialize the order is:

  1. Domain join
  2. Cloudbase-init hostname change,

I suggest configuring Cloudbase-Init to run a local script that can dump the initial hostname somewhere and then exit from that local script with the exit code 1002, then at the next boot cloudbase-init will run that local script again (which at the second run will set the hostname and exit with exit code 1001).

In cloudbase-init-unattend.conf put:
[DEFAULT]
plugins=cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin # plus the ones you already have minus the SetHostnamePlugin

And in cloudbase-init.conf you might want to manually set the exact plugins you require, otherwise all the default plugins will run (inlcuding SetHostnamePlugin and the LocalScriptsPlugin).

How to configure the local scripts plugin:
https://cloudbase-init.readthedocs.io...

And the exit codes you can use:
http://cloudbase-init.readthedocs.io/...

Thank you,
Adrian Vladu

edit flag offensive delete link more

Comments

We think that offline join is not secure, and secure join didn't work due to the reasons explained above. Cloudbase application rename my VM after it joins to the domain :(

arsenii.petrovich gravatar imagearsenii.petrovich ( 2017-09-18 14:06:16 +0300 )edit

This happens only on Windows 10 and I know it is a known bug, reported several times by different people. At the moment, AFAIK, there is no solution that solves your workflow. Please take a look here: https://social.msdn.microsoft.com/Forums/officeapps/en-US/52f0b476-dc3e-43f2-a4c7-68b9cb009d94 .

avladu gravatar imageavladu ( 2017-09-18 15:14:48 +0300 )edit

Please check also the official "answer" by MSFT regarding the special behaviour on Win10: https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-computername

avladu gravatar imageavladu ( 2017-09-18 15:20:35 +0300 )edit

avladu, i think, that there can be a good workaround - change name in OOBE stage again. But how can we do it? Can we run sethostname plugin twice somehow? Or get metadata computer name? Maybe we can also somehow block automatic changing hostname in OOBE or make network adapter work during OOBE?)

arsenii.petrovich gravatar imagearsenii.petrovich ( 2017-09-18 15:39:46 +0300 )edit

I edited the response above. Let me know if you have further questions, as the workaround is not straightforward in this case.

avladu gravatar imageavladu ( 2017-09-19 13:40:02 +0300 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2017-09-15 22:25:31 +0300

Seen: 3,736 times

Last updated: Sep 18 '17

© 2014-2023 Cloudbase Solutions Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2