Domain Credentials
After a deployment, a computer can be joined to a workgroup or to a new or existing domain.
- Workgroup
- To join a computer to a workgroup, specify the name of the workgroup.
- Specify Domain
- To join a computer to a domain,
specify the name of the domain and credentials with domain-joining
privileges. The domain name can contain all alphanumeric characters,
but none of the following:
Names can contain a periodbackslash (\) slash mark (/) colon (:) asterisk (*) question mark (?) quotation mark (") less than sign (<) greater than sign (>) vertical bar (|)(.), but cannot start with a period. You should not use periods in Active Directory domains. If you are upgrading a domain whose NetBIOS name contains a period, change the name by migrating the domain to a new domain structure and do not use periods in the new domain names. You can also specify the DNS domain name, for example,MyDomorMyDom.MyCompany.com. - Existing Domain
- To migrate domain settings from the previous operating system, enter the appropriate domain-joining credentials.
- Specify OU
- To join a computer to an active directory organizational unit,
specify the full Active Directory path name of the OU to join. Specify
the user credentials with domain-joining privileges.For example:
All characters are allowed, including extended characters. As a best practice, use Organizational Unit (OU) names that describe the purpose of the OU and that are short enough to be easily managed.OU=MyOu,DC=MyDom,DC=MyCompany,DC=com
Administrator@server1.mydept.us.myco.com are not
allowed.The values you specify in the wizard are stored in the CustomSettings.ini file and are mapped as follows:
| Field in the wizard | Corresponding property in CustomSettings.ini file |
|---|---|
| Workgroup/Domain Name | JoinDomain |
| Organizational Unit to join (OU) | MachineObjectOU |
| User name (Domain\user login name) | DomainAdminDomain and DomainAdmin |
| Password | DomainAdminPassword |
IBM BigFix performs the Join Domain using the Microsoft Deployment Toolkit (MDT). Lite Touch Installation (LTI) is used for deployments. LTI uses a common set of scripts and configuration files (CustomSettings.ini) to deploy the target computers. IBM BigFix automates the domain-join process by modifying the CustomSettings.ini file used for the MDT deployment process. The settings that you specify and that are stored in the file, are then parsed by the Window Setup program, and the system attempts to join to the domain early in the deployment process.
You can modify the following properties in the CustomSettings.ini file by selecting the Manual tab.
| Property in CustomSettings.ini file | Description |
|---|---|
| DomainAdmin | The user account credentials used to join the target computer to the domain specified in JoinDomain. Specify as domain\user_name or user_name@domain.com |
| DomainAdminDomain | The domain in which the user's credentials specified in DomainAdmin are defined. |
| DomainAdminPassword | The password of the domain Administrator account specified in the DomainAdmin property and used to join the computer to the domain |
| JoinDomain | The domain that the target computer joins after the operating system deployment is complete. This is the domain in which the computer account for the target computer is created. This field can contain alphanumeric characters, hyphens [-], and underscores [_]. Blanks or spaces are not allowed. |
| MachineObjectOU | The Organizational Unit (OU) in the target domain in which the account for the target computer is created. |
To enable an SSL encryption of domain credentials, select Enable SSL Encryption and check computers in the dialog. The dialog is filtered by computers that have had encryption enabled on them with the Enable Encryption for Clients Fixlet in BES Support. Click Reimage. The Take Action dialog is pre-populated with the computers that you selected on the previous dialog. You must run the action on all the selected computers.
