Snap Deploy-Not Joining the Domain

Discussion in 'Other Acronis Products' started by mmadden, Apr 24, 2006.

Thread Status:
Not open for further replies.
  1. mmadden

    mmadden Registered Member

    Joined:
    Apr 13, 2006
    Posts:
    9
    Hopefully this is an easy one-I think I know what the problem may be related to, but I need confirmation. Perhaps its just a bug or maybe I need to do something different. I think this is a really important part of the snap deploy process-being able to rename and join to the domain of deployed images as part of the deployment process. Definately a cool tool :thumb: .

    After successfully deploying an image to a system with Snap Deploy. The first time I boot the imaged system it runs the Acronis Snap Deploy tool that apparently does the computer renaming and domain joining (as I requested)
    The computer is appropriately renamed, but the computer did not join the domain. It remains in the workgroup it was in when imaged.

    I verified on the deployment that I chose to use Domain, I specified the domain and a domain admin as the user. I am properly connected to the network.

    Some items to note: My computer accounts are stored in a subdomain which is different from my User accounts. For example: the domain is 'mydomain.com'. User accounts are stored in 'mydomain.com'. Computer objects are stored in 'comp.mydomain.com'. My domain administrator in the mydomain.com domain is authorized to add computer objects to the comp.mydomain.com sub-domain.

    I can successfully add computers manually (either via the Microsoft Active Directory Users and Computer tool or via the Client from the My Computer Properties area.) When I do this manually I can't just authenticate as 'mmadden', I have to authenticate as 'mydomain\mmadden'. After Snap Deploy does its thing, and it reboots for the final time-I have a working image but satill in the workgroup it was in originally. I manually add it tot he domain and all is well.

    So I set up the deployment template to use 'mydomain\mmadden' to authenticate with in order to add the computer to the domain.

    Now one oddity I noticed is that if I edit the template, the 'domain/username' now only displays the domain (comp). My suspicion is that the template/application Snap Deploy uses does not support the domain/username format, which is why my computer does not join the domain. I guess it assumes the computer object will be in the same domain as the admin user. This looks like the same problem somebody else was having in another thread related to the joining the domain working at his home net, but not on a remote network.

    Can anybody correct me or confirm my suspision?
    Thanks
     
  2. doxenberg

    doxenberg Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    53
    Location:
    South Florida
    Are you creating the computer accounts in AD before attempting to join the clients to the Domain? What happens if you have the computer accounts in the built-in Computers container and try to have SD join the client to the Domain? If that works then it is simply a matter of moving the computer account objects to the appropriate OU in your AD child Domain.
     
  3. mmadden

    mmadden Registered Member

    Joined:
    Apr 13, 2006
    Posts:
    9
    Nope. Right now when I manually join a computer to the child domain, it goes into the default Computer OU in the child domain as expected. I move them to a deeper OU later.

    I can't create any computer objects in the main domain's computer OU that my admin user account is located in if that is what you might be suggesting. All computer accounts/objects must go into the child domain.

    I will try it though but I don't think it will make a difierence. I think it may be related to my user account being in the main AD domain and the computer accounts being in the child domain.
     
  4. doxenberg

    doxenberg Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    53
    Location:
    South Florida
    Ok, it sounds as though you have been delegated control over specific OU(s) in your child Domain.
    I would suggest you try creating the computer accounts in the appropriate OU of your child Domain first, then in the SD template when you want the software to join the client pc to the Domain, use the FQDN comp.mydomain.com or alternately just specify the name "comp" for the Domain name.
    For future reference Snap Deploy does indeed support Domain Authentication. When providing the user credentials for joining a computer to your child Domain you should specify using the format "mydomain\user" The Domain Controller should take of the rest assuming you have the correct password.
     
  5. mmadden

    mmadden Registered Member

    Joined:
    Apr 13, 2006
    Posts:
    9
    Essentially Yes. However I can add and remove computer objects from anywhere in the child domain. From my sites specific OU and the default domain level Computers OU at the root. I can move computer objects anywhere as well.

    When I manually join the domain the object is created in the root level default Computers OU as expected.

    I did not try to create the computer object in advance yet. I will try that and assign my user with the permission to add it.

    When specifying the domain I already tried both the FQDN (comp.mydomain.com) and just the child domain (comp). When joining manually both methods work.

    When specifying my admin account for adding computers, I tried both mydomain\mmadden as well as mmadden. When I join manually only northgrum\mmadden works. MMadden by itself will not (as expected). I wasn't sure if you suggested to use quotes or not aournd the domain\user. I will try it with quotes.

    The oddity is when I edit a template where I already specified my admin credentials as mydomain\mmadden only mydomain is displayed-the \mmadden was truncated. o_O

    Of course I don't have access to the domain controller security logs to see if there are any failed authentications to see what is being attempted when using the Snap Deploy method. Does the Snap Deploy app create its own log on the newly imaged machine??
     
Thread Status:
Not open for further replies.