Windows

無法在 Windows 8.1 上使用 WDS 和應答文件執行無人參與的域加入

  • October 17, 2018

我已經查看了與此相關的其他問題,但沒有一個能夠幫助我。我已經在這個該死的無人看管的過程上花了幾天時間,而且奇蹟般地,我昨天能夠讓它工作一次,但是,唉,我犯了一個愚蠢的錯誤,在再次編輯之前沒有備份文件,現在我儘管工作了幾個小時,但無法讓它再次工作。

這是我得到的一些調試輸出:

[DJOIN.EXE] Unattended Join: Begin
[DJOIN.EXE] Unattended Join: Loading input parameters...
[DJOIN.EXE] Unattended Join: AccountData = [NULL]
[DJOIN.EXE] Unattended Join: UnsecureJoin = [True]
[DJOIN.EXE] Unattended Join: MachinePassword = [secret not logged]
[DJOIN.EXE] Unattended Join: JoinDomain = [ad.domain.com]
[DJOIN.EXE] Unattended Join: JoinWorkgroup = [NULL]
[DJOIN.EXE] Unattended Join: Domain = [NULL]
[DJOIN.EXE] Unattended Join: Username = [NULL]
[DJOIN.EXE] Unattended Join: Password = [secret not logged]
[DJOIN.EXE] Unattended Join: MachineObjectOU = [NULL]
[DJOIN.EXE] Unattended Join: DebugJoin = [NULL]
[DJOIN.EXE] Unattended Join: DebugJoinOnlyOnThisError = [NULL]
[DJOIN.EXE] Unattended Join: TimeoutPeriodInMinutes = [NULL]
[DJOIN.EXE] Unattended Join: Checking that auto start services have started.
[DJOIN.EXE] Unattended Join: Calling DsGetDcName for ad.domain.com...
[DJOIN.EXE] Unattended Join: Constructed domain parameter [ad.domain.com\PDC.ad.domain.com]
[DJOIN.EXE] Unattended Join: NetJoinDomain attempt failed: 0x52e, will retry in 10 seconds...

最後一行在退出之前的過程中重複了幾次。

[DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [1326]
[DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x52e

和…

NetUseAdd to \\PDC.ad.domain.com\IPC$ returned 1326
Trying add to \\PDC.ad.domain.com\IPC$ using NULL Session
NetpProvisionComputerAccount:
lpDomain: ad.domain.com
lpHostName: ComputerName
lpMachineAccountOU: (NULL)
lpDcName: PDC.ad.domain.com
lpMachinePassword: (non-null)
lpAccount: ad.domain.com\ComputerName$
lpPassword: (non-null)
dwJoinOptions: 0xe1
dwOptions: 0xc0000003
NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides

最後一行翻譯為“標識資訊無效”或“憑據無效”。

NetpJoinCreatePackagePart: status:0x52e
NetpAddProvisioningPackagePart: status:0x52e
NetpJoinDomainOnDs: Function exits with status of: 0x52e
NetpDoDomainJoin: status: 0x52e

我收到錯誤 1326 是無效憑據,但是,我正在使用帶有 %machinepassword% 變數的不安全連接方法,所以我不知道為什麼……

這是有問題的無人值守文件: 當我達到 30k 字元限制時已編輯,無論如何現在都無關緊要了

任何幫助將不勝感激。我已經嘗試了許多分步指南和技術網說明,它們都相互矛盾或建議使用 MDT 或根本不清楚。如果有無人值守部署領域的專家讀到這篇文章,如果你能指出這可能是一個非常愚蠢的錯誤,我將永遠感激不盡。

謝謝!

編輯:我沒有提到它,因為我沒有判斷資訊是否重要,但 WDS 伺服器和 DC 都執行 2012 R2。

編輯 2:正如下面的評論中提到的,這裡是在將 UnsecureJoin 更改為 False 並在 UnattendJoin 組件下添加 Credentials 資訊後的相關 NetSetup.log 資訊:

11/11/2014 14:22:54:558 -----------------------------------------------------------------
11/11/2014 14:22:54:558 NetpDoDomainJoin
11/11/2014 14:22:54:558 NetpDoDomainJoin: using new computer names
11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/11/2014 14:22:54:558 NetpMachineValidToJoin: 'IMAGE-TEST'
11/11/2014 14:22:54:558     OS Version: 6.3
11/11/2014 14:22:54:558     Build number: 9600 (9600.winblue_r3.140827-1500)
11/11/2014 14:22:54:589     SKU: Windows 8.1 Professionnel
11/11/2014 14:22:54:589     Architecture: 64-bit (AMD64)
11/11/2014 14:22:54:589 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/11/2014 14:22:54:589 NetpGetLsaPrimaryDomain: status: 0x0
11/11/2014 14:22:54:589 NetpMachineValidToJoin: status: 0x0
11/11/2014 14:22:54:589 NetpJoinDomain
11/11/2014 14:22:54:589     HostName: IMAGE-TEST
11/11/2014 14:22:54:589     NetbiosName: IMAGE-TEST
11/11/2014 14:22:54:589     Domain: ad.domain.com\PDC.ad.domain.com
11/11/2014 14:22:54:589     MachineAccountOU: (NULL)
11/11/2014 14:22:54:589     Account: domain\wdsclient
11/11/2014 14:22:54:589     Options: 0x23
11/11/2014 14:22:54:589 NetpLoadParameters: loading registry parameters...
11/11/2014 14:22:54:589 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/11/2014 14:22:54:589 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/11/2014 14:22:54:589 NetpLoadParameters: status: 0x2
11/11/2014 14:22:54:589 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/11/2014 14:22:54:589 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/11/2014 14:22:54:886 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0
11/11/2014 14:22:54:886 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com'
11/11/2014 14:22:54:886 NetpLoadParameters: loading registry parameters...
11/11/2014 14:22:54:886 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1'     0x2
11/11/2014 14:22:54:886 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/11/2014 14:22:54:886 NetpLoadParameters: status: 0x2
11/11/2014 14:22:54:886 NetpDsGetDcName: status of verifying DNS A record name resolution for     'PDC.ad.domain.com': 0x0
11/11/2014 14:22:54:886 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/11/2014 14:22:54:902 NetpProvisionComputerAccount:
11/11/2014 14:22:54:902     lpDomain: ad.domain.com
11/11/2014 14:22:54:902     lpHostName: IMAGE-TEST
11/11/2014 14:22:54:902     lpMachineAccountOU: (NULL)
11/11/2014 14:22:54:902     lpDcName: PDC.ad.domain.com
11/11/2014 14:22:54:902     lpMachinePassword: (null)
11/11/2014 14:22:54:902     lpAccount: domain\wdsclient
11/11/2014 14:22:54:902     lpPassword: (non-null)
11/11/2014 14:22:54:902     dwJoinOptions: 0x23
11/11/2014 14:22:54:902     dwOptions: 0x40000003
11/11/2014 14:22:54:917 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com:     0x0
11/11/2014 14:22:54:917 NetpLdapGetLsaPrimaryDomain: reading domain data
11/11/2014 14:22:54:917 NetpGetNCData: Reading NC data
11/11/2014 14:22:54:917 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:917 NetpGetDomainData: Lookup crossref data for:     CN=Partitions,CN=Configuration,DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:949 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
11/11/2014 14:22:54:949 NetpCheckForDomainSIDCollision: returning 0x0(0).
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking DNS domain name ad.domain.com/ into     Netbios on \\PDC.ad.domain.com
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results:     name = domain\
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking account name domain\IMAGE-TEST$ on     \\PDC.ad.domain.com
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results:     (Account already exists) DN =     CN=IMAGE-TEST,CN=Computers,DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Initial attribute values:
11/11/2014 14:22:54:964         objectClass  =  Computer
11/11/2014 14:22:54:964         SamAccountName  =  IMAGE-TEST$
11/11/2014 14:22:54:964         userAccountControl  =  0x1000
11/11/2014 14:22:54:964         DnsHostName  =  IMAGE-TEST.ad.domain.com
11/11/2014 14:22:54:964         ServicePrincipalName  =  HOST/IMAGE-TEST.ad.domain.com      RestrictedKrbHost/IMAGE-TEST.ad.domain.com  HOST/IMAGE-TEST  RestrictedKrbHost/IMAGE-TEST
11/11/2014 14:22:54:964         unicodePwd  =  <SomePassword>
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
11/11/2014 14:22:54:964         objectClass  =  top  person  organizationalPerson  user  computer
11/11/2014 14:22:54:964         SamAccountName  =  IMAGE-TEST$
11/11/2014 14:22:54:964         userAccountControl  =  0x1000
11/11/2014 14:22:54:964         DnsHostName  =
11/11/2014 14:22:54:964         ServicePrincipalName  =
11/11/2014 14:22:54:964         unicodePwd  =  Account exists, resetting password: <SomePassword>
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Attribute values to set:
11/11/2014 14:22:54:964         DnsHostName  =  IMAGE-TEST.ad.domain.com
11/11/2014 14:22:54:964         ServicePrincipalName  =  HOST/IMAGE-TEST.ad.domain.com      RestrictedKrbHost/IMAGE-TEST.ad.domain.com  HOST/IMAGE-TEST  RestrictedKrbHost/IMAGE-TEST
11/11/2014 14:22:54:964         unicodePwd  =  <SomePassword>
11/11/2014 14:22:54:980 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error     string: 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
11/11/2014 14:22:54:980 NetpModifyComputerObjectInDs: ldap_modify_s failed: 0x32 0x5
11/11/2014 14:22:54:980 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
11/11/2014 14:22:54:980 NetpProvisionComputerAccount: LDAP creation failed: 0x5
11/11/2014 14:22:54:980 NetpProvisionComputerAccount: Retrying downlevel per options
11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: NetUserAdd on 'PDC.ad.domain.com' for     'IMAGE-TEST$' failed: 0x8b0
11/11/2014 14:22:54:995 SamOpenUser on 1639 failed with 0xc0000022
11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: status of attempting to set password on     'PDC.ad.domain.com' for 'IMAGE-TEST$': 0x5
11/11/2014 14:22:54:995 NetpProvisionComputerAccount: retry status of creating account: 0x5
11/11/2014 14:22:54:995 ldap_unbind status: 0x0
11/11/2014 14:22:54:995 NetpJoinCreatePackagePart: status:0x5.
11/11/2014 14:22:54:995 NetpAddProvisioningPackagePart: status:0x5.
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: Function exits with status of: 0x5
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com':     0x0
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/11/2014 14:22:54:995 NetpDoDomainJoin: status: 0x5
11/11/2014 14:23:05:027 -----------------------------------------------------------------

我確實注意到了“INSUFF_ACCESS_RIGHTS”標籤,但使用的帳戶是域管理員帳戶,所以我不確定這裡還有什麼原因。想法?

編輯 3:此外,我正在測試的客戶端電腦是 Hyper-V VM,它在映像之前有一個檢查點。我還原機器,從 AD 中刪除對象,清除已批准設備的 WDS 伺服器,然後在無人值守安裝不起作用時重新啟動整個過程。同樣,我認為這無關緊要,但這是我能提供的所有資訊。

編輯4:我想我開始看到發生了什麼。在無人參與操作之後,我嘗試使用我在無人參與文件中指定的相同帳戶資訊將工作站添加到域中,但收到以下錯誤消息:

"The join operation was not successful. This could be because an existing computer
account having name “IMAGE” was previously created using a different set of
credentials. Use a different computer name, or contact your administrator to remove
any stale conflicting account. The error was:

Access is denied."

我嘗試使用另一個域管理員帳戶,我得到了同樣的錯誤。我的猜測是,不知何故,AD 中的某些內容沒有被正確刪除,並且由於該站點之前已經加入域而導致混亂。我將通過重新創建一個全新的 VM 再試一次,並將返回結果。

編輯 5:使用空白硬碟創建一個全新的虛擬機給了我相同的結果,並使用憑據設置記錄錯誤。我還嘗試為 WDS 伺服器添加複選標記,上面寫著“安裝後不要將客戶端加入域”。認為那里和答案文件可能存在衝突但無濟於事……我嘗試再次將 UnsecureJoin 設置為 True 並使用全新的 VM 刪除 Credentials 設置只是為了查看但我得到了以前的又出錯了……救命?

編輯 6:我懷疑的另一件事是電腦是 UEFI 而不是 BIOS。

編輯 7:使用下面的答案文件,每當WDS 中的“請求管理員批准”複選框未選中時,我都能成功加入域。一旦它被檢查,它就會失敗並用錯誤來迎接我:

"NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides".

最後一部分翻譯為“標識資訊無效”。

答案文件的重要部分,如果您需要其他任何內容,請告訴我:

<settings pass="specialize">
   <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <Identification>
           <UnsecureJoin>true</UnsecureJoin>
       </Identification>
   </component>
   <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <ComputerName>%MACHINENAME%</ComputerName>
       <RegisteredOrganization>Organization</RegisteredOrganization>
       <RegisteredOwner>Utilisateur</RegisteredOwner>
   </component>
   <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <InputLocale>0c0c:00001009</InputLocale>
       <SystemLocale>0c0c:00001009</SystemLocale>
       <UILanguage>fr-CA</UILanguage>
       <UserLocale>en-US</UserLocale>
   </component>
</settings>

編輯 8

專業化部分現在看起來像:

<settings pass="specialize">
   <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <Identification>
           <UnsecureJoin>true</UnsecureJoin>
           <JoinDomain>%MACHINEDOMAIN%</JoinDomain>
       </Identification>
   </component>
   <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <RegisteredOrganization>Organization</RegisteredOrganization>
       <RegisteredOwner>Utilisateur</RegisteredOwner>
   </component>
   <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <InputLocale>1009:00001009</InputLocale>
       <SystemLocale>en-US</SystemLocale>
       <UILanguage>fr-FR</UILanguage>
       <UserLocale>en-US</UserLocale>
   </component>
</settings>

NetSetup 日誌反复給我這個:

11/20/2014 14:22:53:596 NetpDoDomainJoin
11/20/2014 14:22:53:612 NetpDoDomainJoin: using new computer names
11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/20/2014 14:22:53:612 NetpMachineValidToJoin: 'WIN-6PMPRQ5FVI5'
11/20/2014 14:22:53:612     OS Version: 6.3
11/20/2014 14:22:53:612     Build number: 9600 (9600.winblue_r3.140827-1500)
11/20/2014 14:22:53:659     SKU: Windows 8.1 Professionnel
11/20/2014 14:22:53:659     Architecture: 64-bit (AMD64)
11/20/2014 14:22:53:659 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/20/2014 14:22:53:659 NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 14:22:53:659 NetpMachineValidToJoin: status: 0x0
11/20/2014 14:22:53:659 NetpJoinDomain
11/20/2014 14:22:53:659     HostName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:659     NetbiosName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:659     Domain: ad.domain.com\PDC.ad.domain.com
11/20/2014 14:22:53:659     MachineAccountOU: (NULL)
11/20/2014 14:22:53:659     Account: (NULL)
11/20/2014 14:22:53:659     Options: 0x61
11/20/2014 14:22:53:659 NetpLoadParameters: loading registry parameters...
11/20/2014 14:22:53:659 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 14:22:53:659 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 14:22:53:659 NetpLoadParameters: status: 0x2
11/20/2014 14:22:53:659 NetpJoinDomainOnDs: Unsecure join requested.
11/20/2014 14:22:53:659 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/20/2014 14:22:53:659 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/20/2014 14:22:53:799 [000004e4] NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 14:22:53:846 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:846 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com'
11/20/2014 14:22:53:846 NetpLoadParameters: loading registry parameters...
11/20/2014 14:22:53:846 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 14:22:53:846 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 14:22:53:846 NetpLoadParameters: status: 0x2
11/20/2014 14:22:53:846 NetpDsGetDcName: status of verifying DNS A record name resolution for 'PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:846 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/20/2014 14:22:53:862 NetpProvisionComputerAccount:
11/20/2014 14:22:53:862     lpDomain: ad.domain.com
11/20/2014 14:22:53:862     lpHostName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:862     lpMachineAccountOU: (NULL)
11/20/2014 14:22:53:862     lpDcName: PDC.ad.domain.com
11/20/2014 14:22:53:862     lpMachinePassword: (null)
11/20/2014 14:22:53:862     lpAccount: ad.domain.com\WIN-6PMPRQ5FVI5$
11/20/2014 14:22:53:862     lpPassword: (null)
11/20/2014 14:22:53:862     dwJoinOptions: 0x61
11/20/2014 14:22:53:862     dwOptions: 0xc0000007
11/20/2014 14:22:53:877 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com: 0x0
11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: reading domain data
11/20/2014 14:22:53:877 NetpGetNCData: Reading NC data
11/20/2014 14:22:53:877 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/20/2014 14:22:53:877 NetpGetDomainData: Failed to find the domain data: 0x6e
11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x6e
11/20/2014 14:22:53:893 ldap_unbind status: 0x0
11/20/2014 14:22:53:893 NetpJoinCreatePackagePart: status:0x6e.
11/20/2014 14:22:53:893 NetpAddProvisioningPackagePart: status:0x6e.
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: Function exits with status of: 0x6e
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/20/2014 14:22:53:893 NetpDoDomainJoin: status: 0x6e

如您所見,“WIN-6PMPRQ5FVI5”上方的名稱是自動生成的,而我提供的名稱無處可見……更糟糕的是這在 2012 WDS 之前執行良好,所以我不確定他們到底改變了什麼在顯示的界面之外。不過感謝您的幫助!

編輯 9:我再次嘗試同時輸入 %MACHINEDOMAIN% 和 %MACHINENAME% 值。這也不起作用,但我最終得到了來自 NetSetup.log 的以下資訊:

11/20/2014 16:23:32:232 NetpDoDomainJoin
11/20/2014 16:23:32:232 NetpDoDomainJoin: using new computer names
11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/20/2014 16:23:32:232 NetpMachineValidToJoin: 'IMAGE-TEST'
11/20/2014 16:23:32:232     OS Version: 6.3
11/20/2014 16:23:32:232     Build number: 9600 (9600.winblue_r3.140827-1500)
11/20/2014 16:23:32:295     SKU: Windows 8.1 Professionnel
11/20/2014 16:23:32:295     Architecture: 64-bit (AMD64)
11/20/2014 16:23:32:295 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/20/2014 16:23:32:295 NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 16:23:32:295 NetpMachineValidToJoin: status: 0x0
11/20/2014 16:23:32:295 NetpJoinDomain
11/20/2014 16:23:32:295     HostName: IMAGE-TEST
11/20/2014 16:23:32:295     NetbiosName: IMAGE-TEST
11/20/2014 16:23:32:295     Domain: ad.domain.com\dc.ad.domain.com
11/20/2014 16:23:32:295     MachineAccountOU: (NULL)
11/20/2014 16:23:32:295     Account: (NULL)
11/20/2014 16:23:32:295     Options: 0x61
11/20/2014 16:23:32:295 NetpLoadParameters: loading registry parameters...
11/20/2014 16:23:32:295 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 16:23:32:295 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 16:23:32:295 NetpLoadParameters: status: 0x2
11/20/2014 16:23:32:295 NetpJoinDomainOnDs: Unsecure join requested.
11/20/2014 16:23:32:295 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/20/2014 16:23:32:295 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/20/2014 16:23:32:482 [0000051c] NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 16:23:32:498 NetpJoinDomainOnDs: status of connecting to dc '\\dc.ad.domain.com': 0x0
11/20/2014 16:23:32:513 NetpJoinDomainOnDs: Passed DC 'dc.ad.domain.com' verified as DNS name '\\dc.ad.domain.com'
11/20/2014 16:23:32:513 NetpLoadParameters: loading registry parameters...
11/20/2014 16:23:32:513 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 16:23:32:513 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 16:23:32:513 NetpLoadParameters: status: 0x2
11/20/2014 16:23:32:513 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.ad.domain.com': 0x0
11/20/2014 16:23:32:513 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/20/2014 16:23:32:529 NetpProvisionComputerAccount:
11/20/2014 16:23:32:529     lpDomain: ad.domain.com
11/20/2014 16:23:32:529     lpHostName: IMAGE-TEST
11/20/2014 16:23:32:529     lpMachineAccountOU: (NULL)
11/20/2014 16:23:32:529     lpDcName: dc.ad.domain.com
11/20/2014 16:23:32:529     lpMachinePassword: (null)
11/20/2014 16:23:32:529     lpAccount: ad.domain.com\IMAGE-TEST$
11/20/2014 16:23:32:529     lpPassword: (null)
11/20/2014 16:23:32:529     dwJoinOptions: 0x61
11/20/2014 16:23:32:529     dwOptions: 0xc0000007
11/20/2014 16:23:32:545 NetpLdapBind: Verified minimum encryption strength on dc.ad.domain.com: 0x0
11/20/2014 16:23:32:545 NetpLdapGetLsaPrimaryDomain: reading domain data
11/20/2014 16:23:32:545 NetpGetNCData: Reading NC data
11/20/2014 16:23:32:545 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/20/2014 16:23:32:545 NetpGetDomainData: Failed to find the domain data: 0x6e
11/20/2014 16:23:32:545 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x6e
11/20/2014 16:23:32:545 ldap_unbind status: 0x0
11/20/2014 16:23:32:545 NetpJoinCreatePackagePart: status:0x6e.
11/20/2014 16:23:32:545 NetpAddProvisioningPackagePart: status:0x6e.
11/20/2014 16:23:32:545 NetpJoinDomainOnDs: Function exits with status of: 0x6e
11/20/2014 16:23:32:545 NetpJoinDomainOnDs: status of disconnecting from '\\dc.ad.domain.com': 0x0
11/20/2014 16:23:32:545 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/20/2014 16:23:32:545 NetpDoDomainJoin: status: 0x6e

至少現在使用 WDS 中給出的名稱,但現在出現的錯誤是:NetpGetDomainData:找不到域數據:0x6e,我不知道為什麼。我將嘗試對域進行硬編碼而不是放置 %MACHINEDOMAIN% 並將結果發回。

編輯 10:目前與 MS 獲得了一張票。一旦他們找到解決方案,就會回來。到目前為止,這似乎是 WS2012 WDS 中的一個錯誤。一旦可用,將發布更多資訊。

添加資訊,這也發生在帶有 W7 Pro 機器的 2008 Std R2 上。

對於所有可能關心的人,由於此問題僅適用於域管理員組級別,我想嘗試使用一個帳戶通過域根級別的委派控制來授予所有權限,這也可以,因此無需去更改每個 UEFI 電腦對象的安全設置:)。

如何:

  1. 我創建了一個使用者 WDSinstall,其唯一的組成員身份是域使用者。
  2. 然後我簡單地執行了委託控制嚮導(在這種情況下,右鍵點擊您的根域節點並選擇委託控制)。
  3. 添加您新創建的帳戶,然後點擊下一步。
  4. 選擇創建自定義任務以委派,然後點擊下一步。
  5. 保持“此文件夾,此中的現有對象…..”處於選中狀態,點擊“下一步”。
  6. 確保勾選“顯示這些權限”下的所有 3 個選項,意思是:正常、特定屬性和特定子對象的創建/刪除。
  7. 在權限框中,只需勾選完全控制,這也會選擇所有其他權限。點擊下一步。
  8. 點擊完成。

現在您擁有一個本質上是域管理員帳戶的帳戶,因此,您可以將其用於您的所有 WDS 和部署需求。

我希望這對某人有幫助,就像這篇原始文章對我有很大幫助一樣。

引用自:https://serverfault.com/questions/642587