Share via

MDT failed to join domain

Scott Craig 41 Reputation points
2022-07-12T19:25:48.707+00:00

I have looked for this specific error, but cannot find an answer.
MDT, I have updated the Custom Settings rules with

DomainAdmin=<user with domain join privilege>
DomainAdminDomain=<domain name>
DomainAdminPassword=<the password for the DomainAdmin user>
JoinDomain=<domain name>
MachineObjectOU=<OU path that the device would join to>

I get an error in the NetSetup.log
07/12/2022 09:11:06:731 SamOpenUser on 31892 failed with 0xc0000022

But there is no error in ZTIDomainJoin.log.

Microsoft Deployment Toolkit version: 6.3.8330.1000 ZTIDomainJoin 07/12/2022 12:43:41 PM 0 (0x0000)
The task sequencer log is located at C:\Users\ADMINI~1\AppData\Local\Temp\SMSTSLog\SMSTS.LOG. For task sequence failures, please consult this log. ZTIDomainJoin 07/12/2022 12:43:41 PM 0 (0x0000)
Property DomainJoinAttempts is now = 1 ZTIDomainJoin 07/12/2022 12:43:41 PM 0 (0x0000)
Neither JoinDomain or JoinWorkgroup is defined. ZTIDomainJoin 07/12/2022 12:43:41 PM 0 (0x0000)
ZTIDomainJoin processing completed successfully. ZTIDomainJoin 07/12/2022 12:43:41 PM 0 (0x0000)
Event 41001 sent: ZTIDomainJoin processing completed successfully. ZTIDomainJoin 07/12/2022 12:43:41 PM 0 (0x0000)

I am not sure if "Neither JoinDomain or JoinWorkgroup is defined" is an issue or not.
Is there another log I can look into or is there a reason why it is failing to join the domain?

I also validated that the OU the laptop is joining has a computer object and that the user I am using to join the laptop has permission to the object and OU.

Windows for business | Windows Client for IT Pros | Devices and deployment | Set up, install, or upgrade
0 comments
Answer accepted by question author
  1. Rita Hu -MSFT 9,666 Reputation points
    2022-07-13T05:37:51.943+00:00

    @Scott Craig
    Thanks for your posting on Q&A.

    It seems that the Custom Settings rules not configured correctly. The below setting is your environment. 

    DomainAdmin=<user with domain join privilege>  
DomainAdminDomain=<domain name>  
DomainAdminPassword=<the password for the DomainAdmin user>  
JoinDomain=<domain name>  
MachineObjectOU=<OU path that the device would join to>

    I double confirm the Official Document of the MDT, the reference is below: 

    JoinDomain=contoso.com  
DomainAdmin=CONTOSO\MDT_JD  
DomainAdminPassword=pass@word1  
MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com

    It seems that there is no such DomainAdminDomain attribute. Please edit the Custom Settings rule as the Official Document and reimage the devices. Then we could confirm whether it is helpful.

    In addition, please provide the NetSetup.log for me to research further if the above isn't helpful.

    Best regards,
    Rita

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Christian 36 Reputation points MVP
    2026-03-12T18:30:02.54+00:00

    You may want to see this article on "how to fix Domain Join Error during Windows Deployment". The reason for this error is simple. It is because an account with the same name already exists in Active Directory. Therefore, re-using the account was blocked by a security policy.

    These protections intentionally prevent domain join operations from reusing an existing computer account in the target domain with these exemptions.

    • Account reuse attempts will be permitted if the user attempting the operation is the creator of the existing account.
    • Account reuse attempts will be permitted if the account was created by a member of domain administrators.

    0 comments
  2. Scott Craig 41 Reputation points
    2022-07-13T17:06:17.3+00:00

    I found the answer to my issue, but many examples on the internet has the setting DomainAdminDomain. Maybe this is a deprecated task sequence variable.

    I come from and SCCM world and not used to the nuances of MDT.

    Even after looking for over a week, I just stumbled on this article.
    https://www.deployvista.com/2010/05/24/settings-per-task-sequence-using-mdt-2010/

    I have a gather local only, but left it default of "Gather only local data". I had to choose the second option of "Gather local data and process rules" then point it to Customsettings.ini.

    This seamed to work and I am including my solution in my response in case anybody else if having issues and need a fix.

    Regards,
    Scott

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.