I am experimenting with VMware's VDI product. Users connect to XP VMs from Wyse terminals. A pool of VMs are created and available. When the VMs are created, they are configured and powered on. During the configuration, they are joined to the domain. I have pre-populated computer accounts in an OU in Active Directory that correspond to the these VM computer names. This allows me to apply group policy to the VMs. This group policy is necessary because certain firewall rules need to be in place for users to be able to connect (remote desktop). For some reason, the computer accounts become disabled sometime after joining the domain. Once I enable the computer account and restart the VM, it works fine and the computer account does not disable anymore. I have tried enabling "Domain member: Disbale machine account password changes" in group policy and this did not fix the problem. Anyone have any ideas?
I've seen something very similar. The workaround was to use "username@domain" as the user in the customization specification.
The first time the join is done, it is done just with the username, if this fails then username@domain is used. It may be that the first failed attempt is locking the account in AD.
I really don't have any ideas but more or less I am curious if this happens if you don't use the pre populated AD computer account and just let the VM create a brand new account when joining the domain?
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Did you get any further with this problem?
We're having the same issue where the guest joins the domain ok but then the account gets disabled when the vm reboots after the guest customisation.
Am also seeing this. The VM joins domain OK, but then after everything has settled after the sysprep reboots, the AD account is disabled. We are pre-creating AD accounts so they go into the correct OUs. The accounts are created using my credentials, but sysprep has different credentials to join the VMs to the domain, if that is relevant.
Anyone have any ideas before I raise this with VMWare?
I've seen this even without precreated computer accounts.
Using a custom .cmd file that calls netdom with domain joining credentials and then self destructs (well, deletes anyway ) as part of the sysprep seems to work OK, so that's what I'm doing instead.
Echo =======================================
Echo Joining computer to mydomain Domain, please standby...
Echo =======================================
netdom join %ComputerName% /domain:yourdomain /userd:yourdomain\youruserwithpermissions /passwordd:yourpassword /ou:OU=XP,OU=VIRTUALDESKTOPS,OU=COMPUTERS,DC=YOURDOMAIN,DC=com /reboot:10
DEL %0
Setup your sysprep for a workstation do not add to domain
Tell custom configuration to use VMname as computername
use netdom as an added command in the custom config process.
You may have to add the sleep command before the netdom command if your AD is slow to replicate the computername.
I've seen something very similar. The workaround was to use "username@domain" as the user in the customization specification.
The first time the join is done, it is done just with the username, if this fails then username@domain is used. It may be that the first failed attempt is locking the account in AD.
I've gone another way, because our deploed Windows XP Pro are going in a dedicated Domain. I've used the redircmp command on a Domain Controller, so all new Computer accounts are directly created in a specific OU.
redircmp ou="Virtual Desktops",ou="Production",DC=domain,DC=local
And we also use the configuration to use the VM Name as the computername.
You hit the nail right on the head. Thanks for solving this
Was your problem ever resolved?