That depends on how well you automate the
sysprep, I’ve had it so all the user had to do is turn the computer on,
wait for it to reboot (about 3 minutes) and log on J
Rich
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Roger Seielstad
Sent: Friday, April 30, 2004 1:56
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
Workstations to our domain
Problem with Sysprep is that its not
ready for the user to use. That would work well, however...
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
From: Rich
Milburn [mailto:[EMAIL PROTECTED]
Sent: Friday, April 30, 2004 2:45
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
Workstations to our domain
If you have them use sysprep with a
script (sysprep.inf) and give them an account and password delegated to join
the domain, then it would do what Roger suggested. It works very nicely,
and it can ask the user for their name when they boot it up if you want, etc
– or it can be totally automated.
Rich
Sample code from sysprep.inf:
[Identification]
JoinDomain=domain.com
DomainAdmin=deploy.windows
DomainAdminPassword=Winq34v8%shn3AFc8$2
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Friday, April 30, 2004 1:09
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
Workstations to our domain
It might make more sense to do something
akin to a script of an application that they add to the runonce at startup - so
when the machine gets booted for the first time, it joins the domain and is
rebooted, then its ready to roll.
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
From: Mike
Hogenauer [mailto:[EMAIL PROTECTED]
Sent: Friday, April 30, 2004 2:03
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
Workstations to our domain
Mark,
I personally
wouldn’t consider doing this but I can see why you might want to. AD can
make your firewalls look like swish cheese. You could create an account for
your vendor and delegate that account to join workstations to the Domain.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
Ports
|
RPC endpoint mapper
|
135/tcp, 135/udp
|
|
Network basic input/output system (NetBIOS) name service
|
137/tcp, 137/udp
|
|
NetBIOS datagram service
|
138/udp
|
|
NetBIOS session service
|
139/tcp
|
|
RPC dynamic assignment
|
1024-65535/tcp
|
|
Server message block (SMB) over IP (Microsoft-DS)
|
445/tcp, 445/udp
|
|
Lightweight Directory Access Protocol (LDAP)
|
389/tcp
|
|
LDAP over SSL
|
636/tcp
|
|
Global catalog LDAP
|
3268/tcp
|
|
Global catalog LDAP over SSL
|
3269/tcp
|
|
Kerberos
|
88/tcp, 88/udp
|
|
Domain Name Service (DNS)
|
53/tcp1,
53/udp
|
|
Windows Internet Naming Service (WINS) resolution (if
required)
|
1512/tcp, 1512/udp
|
|
WINS replication (if required)
|
42/tcp, 42/udp
|
|
|
|
Hope that
helps,
Mike
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Friday, April 30, 2004 5:15
AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Joining
Workstations to our domain
Good
morning, I’d like to see what the group thinks about this. We have a
vendor who prepares PCs for us with our image, and then ships them out to our
field locations pre-configured. They’d like to take that a step further,
and actually pre-join the PC to the domain before it leaves their facility. To
do this, we would have to set up a secure connection between our facility and
the vendor’s. If we do this, I’d obviously like to make this as
limited as possible in terms of what the user at the vendor is allowed to do.
My initial
thoughts are:
- see
if I can determine what ports are needed for a PC to join a domain, and
limit the ports to those
- see
if I can limit the rights of the vendor “user” to be able to
do nothing but join a PC to the domain
Right now,
I have no idea if this is a good idea, common practice, etc., so I’m very
interested in the advice from this list – especially if there might be a
good solution to this problem other than the way we’re considering.
Thanks as always,
Mark Creamer
Systems Engineer
Cintas Corporation
Honesty and
Integrity in Everything We Do
-------APPLEBEE'S
INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL
INFORMATION may be contained in this message or any attachments. This
information is strictly confidential and may be subject to attorney-client
privilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal
law. Applebee's International, Inc. reserves the right to monitor and review
the content of all messages sent to and from this e-mail address. Messages sent
to or from this e-mail address may be stored on the Applebee's International,
Inc. e-mail system.
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.
|
