Domain Credentials
After a deployment, a computer can be joined to a workgroup or to a new or existing domain.
- Workgroup
- To join a computer to a workgroup, specify the name of the workgroup.
- Specify Domain
- To join a computer to a domain, specify the name of the
domain and credentials with domain-joining privileges. The domain name can contain all
alphanumeric characters, but none of the
following:
Names can contain a periodbackslash (\) slash mark (/) colon (:) asterisk (*) question mark (?) quotation mark (") less than sign (<) greater than sign (>) vertical bar (|)
(.)
, but cannot start with a period. You should not use periods in Active Directory domains. If you are upgrading a domain whose NetBIOS name contains a period, change the name by migrating the domain to a new domain structure and do not use periods in the new domain names. You can also specify the DNS domain name, for example,MyDom
orMyDom.MyCompany.com
. - Existing Domain
- To migrate domain settings from the previous operating system, enter the appropriate domain-joining credentials.
- Specify OU
- To join a computer to an active directory organizational unit, specify the full Active
Directory path name of the OU to join. Specify the user credentials with domain-joining
privileges.For example:
All characters are allowed, including extended characters. As a best practice, use Organizational Unit (OU) names that describe the purpose of the OU and that are short enough to be easily managed.OU=MyOu,DC=MyDom,DC=MyCompany,DC=com
Administrator@server1.mydept.us.myco.com
are not allowed.The values you specify in the wizard are stored in the CustomSettings.ini file and are mapped as follows:
Field in the wizard | Corresponding property in CustomSettings.ini file |
---|---|
Workgroup/Domain Name | JoinDomain |
Organizational Unit to join (OU) | MachineObjectOU |
User name (Domain\user login name) | DomainAdminDomain and DomainAdmin |
Password | DomainAdminPassword |
BigFix performs the Join Domain using the Microsoft Deployment Toolkit (MDT). Lite Touch Installation (LTI) is used for deployments. LTI uses a common set of scripts and configuration files (CustomSettings.ini) to deploy the target computers. BigFix automates the domain-join process by modifying the CustomSettings.ini file used for the MDT deployment process. The settings that you specify and that are stored in the file, are then parsed by the Window Setup program, and the system attempts to join to the domain early in the deployment process.
You can modify the following properties in the CustomSettings.ini file by selecting the Manual tab.
Property in CustomSettings.ini file | Description |
---|---|
DomainAdmin | The user account credentials used to join the target computer to the domain specified in JoinDomain. Specify as domain\user_name or user_name@domain.com |
DomainAdminDomain | The domain in which the user's credentials specified in DomainAdmin are defined. |
DomainAdminPassword | The password of the domain Administrator account specified in the DomainAdmin property and used to join the computer to the domain |
JoinDomain | The domain that the target computer joins after the operating system deployment is complete. This is the domain in which the computer account for the target computer is created. This field can contain alphanumeric characters, hyphens [-], and underscores [_]. Blanks or spaces are not allowed. |
MachineObjectOU | The Organizational Unit (OU) in the target domain in which the account for the target computer is created. |