My top 10 new features of ConfigMgr 2012 SP1 – part 4

sccm2012-logoIn the series about my top 10 of new or renewed features in Configuration Manager 2012 Service Pack 1, I would like to dedicate this blog to a small but nice new feature while creating Task Sequences. While creating a Task Sequence you are able to configure a Domain Join account to be able to automatically join the operating system to the domain. Let’s see what is changed there, it is a small thing but I like it 🙂

In the RTM version of Configuration Manager 2012 you need to configure an account and password for joining the domain like shown below. Without the verify option the possibility of a wrong name and password combination was possible since there was only a check is the password was the same in both fields.

sp1-domjoin-01
The old window without the verify option

Looking at this same option in Configuration Manager 2012 Service Pack 1 you see a verify button that is added to the window.

Verify your domain join account
Verify your domain join account

Selecting this option will give you the option to test the username and password combination. Watch out, getting a result that the connection was successfully verified does not say that you will have the permissions to add the system to the domain.

Username and password combination is correct
Username and password combination is correct

You still need to arrange that your domain join account has the right permissions like shown below:

Do not use an account that is a member of the Domain Admins group, during the deployment the password will be written in plain text into the unattend.xml. Create an account with the following permissions on an OU where your Computer object are located or at the top level of the domain.

Permission Apply to
Create Computer Objects This object and all descendant objects
Delete Computer Objects This object and all descendant objects
Read All Properties Descendant Computer Objects
Write All Properties Descendant Computer Objects
Read Permissions Descendant Computer Objects
Modify Permissions Descendant Computer Objects
Change Password Descendant Computer Objects
Reset Password Descendant Computer Objects
Validated write to DNS host name Descendant Computer Objects
Validated write to service principal name Descendant Computer Objects

Let me know what new or changed ConfigMgr 2012 SP1 feature do you like the most and vote :)  If you miss a feature, please let me know!

Earlier blogs in this series are:

Comments

Total
0
Shares
3 comments
  1. after you Click the Button “Test Connection” retype the Password, if you dont retype the Wizard will save a empty Password in the Unattend.XML and your Domain join will fail 😉

Leave a Reply to Mirko Cancel reply

Your email address will not be published. Required fields are marked *

Previous Post

Good news: ConfigMgr 2012 Service Pack 1 General Available

Next Post

My top 10 new features of ConfigMgr 2012 SP1 – part 5

Related Posts
Total
0
Share