/build/static/layout/Breadcrumb_cap_w.png

Joining ghosted machines to the domain via SCCM

Hi all,

For our disaster recovery process we have a number of workstations at a service provider which they ghost a stored image to. Before SCCM I used to have an altiris task which would spot these new machines and join them to the domain for me.

Is this possible using SCCM? I've found articles about how to generalize the sccm client before the image is captured, and on my test machine I can see they are being found by SCCM. I have a collection for these devices (based on machine name) and so could advertise something to them. However:

* So far no application or task sequence is picked up by these new machines (only old items in software center from the reference machine)
* If the task/application needs to run in the context of system, then how would one secure the credentials used (powershell Credential files can only be used on the machine they are created on?)

Does anyone else use a similar process for DR scenarios?

0 Comments   [ + ] Show comments

Answers (2)

Posted by: nagendrasingh 6 years ago
Black Belt
0
>>Is this possible using SCCM?

Do you mean joining the domain? Yes, it is possible when the machine is built.

>>* So far no application or task sequence is picked up by these new machines (only old items in software center from the reference machine)
For this to happen, you need to install SCCM client, put the machines in a collection and direct software/Task Sequence to it.

* If the task/application needs to run in the context of system, then how would one secure the credentials used (powershell Credential files can only be used on the machine they are created on?)
SCCM Client runs in system context and launches processes in that too. Altiris, Landesk etc also do it the same way.

Comments:
  • I am not building these machines using SCCM, they are built using ghost, which is done by the company we use to provide DR seats. I do build the original image using SCCM, and need the sccm client on the machine however. - auto_mate 6 years ago
Posted by: nagendrasingh 6 years ago
Black Belt
0
Do you computers have a working SCCM client? If they have then they should get all the deployments targetted to that collection.

If yes then you can add a machine to domain using SCCM. There are many scripts for that on internet. Some examples are below

This step needs an AD account (An AD requirement, not SCCM requirement).

BTW, whatever is possible using Altiris for Windows, is possible using SCCM.

==================================================
https://www.scribd.com/document/44282659/NetDom-Examples

NetDom examples
Sample workstation or member server operations
Adding a workstation or member server to a domain
 Add the workstation
mywksta
to the Windows NT 4.0domain
microsoft
:
NETDOM ADD /d:microsoft mywksta/ud:mydomain\admin /pd:password
 
Add the workstation
mywksta
to the Windows 2000 domain devgroup.microsoft.com in theorganizational unit (OU) Dsys/workstations:
NETDOM ADD /d:devgroup.microsoft.commywksta /OU:OU=Dsys,OU=Workstations,DC=microsoft,DC=com
 
Note
?
If /OU is not specified the account is created in the Computers container.
Joining a workstation or member server to a domain
 Join
mywksta
to the devgroup.microsoft.com domain in the Dsys/workstations organizational unit.
NETDOM JOIN /d:devgroup.microsoft.commywksta /OU:OU=Dsys,OU=Workstations,DC=microsoft,DC=com
 
In addition to adding the computer account to the domain, the workstation is modified to contain the appropriateshared secret to complete the Join operation

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ