MDT Move Join Domain To End of Task Sequence

I'm working on setting up MDT to deploy computers from blank to ready-to-go.

I can deploy a computer, but I run into a bunch of issues because of our domain's restrictive policies.

The simplest solution would be to not join to the domain until after everything else is finished.

Is there a way to move joining the domain (variables provided during deployment wizard) to the very end of the task sequence? I moved 'Recover from Domain' to right before 'Apply Local GPO Package', which is essentially at the end of the task sequence. Yet when I run the deployment, it seems to be joined before it even runs windows update and installs applications! I don't see a step to join it anywhere. So how can I change this behavior to not join until the end?

Answers 2

  • I figured it out.

    1. Open task sequence > OS Info > Edit Unattend.xml
    2. From stage 4, remove anything related to joining the domain and save file
    3. Reorder the 'Recover from Domain' step in the task sequence to near the end or wherever you prefer

  • You should only use an user account to connect to MDT Deployment share that has the rights to add computers to domain. This is the most simplest and best way to work with MDT. Just create GPO policy to grant specific user accounts rights to add computers to the domain.

    enter image description here

