Recently I’ve had to troubleshoot WHY the Active Directory domain join stopped working for a customer’s Windows 10 SCCM OS deployment task sequence that worked the previous week. In this blog post, I highlight the experience I had getting the Domain Join Failure Error NetpDoDomainJoin Status 0x8bf and what the root cause was in this case. There are many other domain join errors but this is the first time I’ve seen this specific error code in C:\Windows\Debug\NetSetup.LOG.[Read more…] about Domain Join Failure Error NetpDoDomainJoin Status 0x8bf
Windows Server 2019 – Active Directory Installation Beginners Guide
This Windows Server 2019 Active Directory installation beginners guide will provide step-by-step illustrated instructions to create a NEW AD forest, DNS and DHCP services. In addition, I will reference the security recommendations from Microsoft and StigViewer for new Domain Controllers that can be used for server security hardening. Sure you can use a Hydration Kit or other tools to automatically create a domain, DNS, DHCP, and SCCM ConfigMgr server. However, learning from the ground up helps to re-enforce Microsoft concepts and is a great way to learn and troubleshoot using a separate environment. Building a development AD environment is also good to test Windows 10 group policy settings, newer Windows 10 releases, SCCM OSD, Azure cloud services and more.
This blog post can also be used for Server 2016 since the Forest and Domain Functional levels are the same.[Read more…] about Windows Server 2019 – Active Directory Installation Beginners Guide
Intune Hybrid Domain Join Error 80180005
Microsoft has released a new feature in Intune called “Intune Connector for Active Directory” which currently is a preview release feature. This feature is used to join devices to the on-premise Active Directory domain (using ODJ – Offline Domain Join) and the Azure AD tenant within Intune, during Autopilot device enrollment. This creates a Hybrid domain joined scenario for client devices to process local group policy and be managed by Intune. This is particularly useful as many customers have on-premise services such as, group policy, mapped network drives and printers that must authenticate from the local AD domain controllers. While testing this feature in my lab and working with a customer, I have seen “Server Error Code 80180005” or “Error code 80070774” on client devices. It turns out in my experience, this error was occurring because the computer name prefix was incorrectly configured.[Read more…] about Intune Hybrid Domain Join Error 80180005
Correct Domain Join Account Permissions – SCCM / MDT OS Deployment
For IT professionals using SCCM or MDT for Windows 10 / Server OS deployment, you may experience failures during the domain join process of your task sequence. Typically, the computer account fails to join the OU because the OU(s) don’t have the correct join account permissions set. Often, when working with customers I see that their Active Directory domain join service account permissions are incorrectly configured. In some cases, customers are using a DOMAIN ADMIN account which is a bad security best practice.[Read more…] about Correct Domain Join Account Permissions – SCCM / MDT OS Deployment