Joining Samba Domains with Symantec Ghost

Because Symantec Ghost expects that everyone is going to use a “real” Active Directory Domain Controller, it fails when trying to automatically join samba domains, and I’ve always had to visit each machine after imaging it to manually join the newly imaged system to our domain. Needless to say, this is annoying when you manage over 300 systems.

Luckily, Alan Baker (who does not have a blog for me to link to) has managed to come up with a solution… For this, he is my hero of the month!
Here is how you do it… The trick is to create a post image command in your Ghost task that calls a little application called netdom.exe. You can add this file to your image and call it locally if you wish, or you can put it on a server and execute it using a UNC.

  • Download netdom.exe by clicking here. It is included in the Windows Support Tools package.
  • Modify your Ghost Distribute Task, click on the “Execute Command” Tab and add the following command, modifying it for your environment:

C:\Path\To\netdom.exe JOIN %computername% /Domain:Your_Domain /UserD:YourDomainAdmin /PasswordD:YourDomainAdminPassword /UserO:LocalMachineAdministrator /PasswordO:LocalMachineAdministratorPassword /REBoot


  • If you will be calling netdom.exe using a UNC, the command will look something like this:

\servername\sharename\netdom.exe JOIN %computername% /Domain:Your_Domain /UserD:YourDomainAdmin /PasswordD:YourDomainAdminPassword /UserO:LocalMachineAdministrator /PasswordO:LocalMachineAdministratorPassword /REBoot

This should save you a lot of time…. I know it has for Alan and I! Again, Thanks to Alan Baker for figuring this out, and sharing the info with me.

29 thoughts on “Joining Samba Domains with Symantec Ghost

  1. it’s not wrapping any better. And to ignore all IE users because they’re on windows and only cater to safari users is not a good idea when you’re looking for traffic ;-)

  2. Well, it looks fine on FireFox, and as far as I can tell, anyone still using IE needs to wake up and smell the coffee. If you are here, and want the info, get a Mac. If you REALLY don’t want a Mac, get firefox, but I’m not too worried about making it look pretty for IE.

  3. Shame on lazy developers who chose to not burn a few extra brain cycles in order to ensure cross-browser compatibility.

    Doesn’t Microsoft get slammed all the time for making software that only runs correctly on Windows? Writing HTML that only renders properly under non-IE browsers is just as poor…

  4. Technical segregationists have no business providing content to others. The open, unrestricted flow of information is the ONLY TRUE POWER of the people.

    You must be a Bush supporter, denying access to information to those unlucky souls who still use IE.

    What’s next – denying content distribution to fans of Howard Dean??

  5. I agree with your statement, Anonymous Coward (Erich) and code all of MY stuff to be cross-browser compatible…but this article is oh-so-funny in that it is directed at windows users yet works for only the *smart* windows users :D All others are left to wallow in their own ignorance of the power that is FireFox.

  6. Shame on all you users who chose to give yourselves early heart attacks and brain aneurysms by using all those frustrating Micro$oft products. You cause my taxes to go up having to pay for all your triple bypasses!

    If all you whiney crybabies with Bill Gates branded pacifiers embedded square in your faces really want the solution, simply download a decent browser or just view the source. I’m not pandering to the masses!

  7. Imagine going to Blockbuster and renting a DVD, only to find out that only half of it will play on your Sony DVD player. Shame on you for not buying Panasonic.

    Imagine buying condoms only designed for ******** men – extra small.

    Actually, that might fit you…

  8. You know cliff, for your job being half windows administration, you sure do have a sucky attitude about it. Your taxes don’t go up for triple heart bypasses caused by microsoft, but your paycheck certainly does come directly from supporting microsoft. As a windows administrator, your answer to all problems can’t be “go buy a mac”, it just doesn’t fly. As much as you may not like it and whether it’s right or not, Windows & IE still rule the roost when it comes to desktops and browsers. Until the Mac and Safari have over 50% market share, put up and shutup.

    As far as firefox is concerned (and before I get started: I don’t deny IE has it’s fair share of flaws), I was the first to deploy it to clusters … but it was more of a hassle and security risk than it was worth. For a while (around 1.1-1.2) it was like knowingly installing a trojan horse on your computer. They’ve since fixed that. The largest problem from an administrator point of view is that a user’s firefox profile is put in a randomly named folder inside the user’s xp profile. Since it’s randomly named, you can’t tell group policy to ignore the cache folder from the profile (which you have to do because the cache fills up the 20mb xp profile in no time flat). If you ignore the entire profiles folder rather than just the cache folder (which resides in the randomly named folder) then the user’s favorites and history don’t move with them, which is no good. An optional automatic update feature to keep the browser up to date on security patches would be nice too. Until these things are fixed, firefox isn’t worth my time.

  9. Your points are all valid Al, but really beside the point. Regardless of how you feel about IE or Firefox, Netscrape or Opera, the fact remains that all these browsers exist and they all have their quirks (yes Cliff, even Safari).

    People who deliver content via the Internet have a responsibility to code content in such a way as to be browser agnostic – it’s the content people care about, not the browser. If you are willing to snub a section of your audience simply because they use technology you despise, then your motives for delivering content should be called into question.

    Oh, and Safari is a piece of junk.

  10. While I can understand all the reasons for making information present properly on all browsers, I think you are all missing a very important point. If everyone continues to expend huge development effort to ensure that pages render properly on IE, users will never have any reason to abandon it in favor of better products. The web will stagnate into a smelly Micro$oft cesspool, as developers waste valuable time that could be spent innovating trying to shoehorn modern code into IE’s half-implemented rendering engine. In shot, by creating pages that only render properly on modern browsers, I am helping users come to the inexorable conclusion that they need to abandon IE in favor of these browsers, and in so doing, making the web a better, more functional source of information.

    Off the top of my head, here are some of the reasons for creating pages that do NOT render properly on Internet Explorer, and getting users to switch browsers:

    1) Developers will have more time to develop new technology, and the national economy will improve
    2) Micro$oft will lose it’s stranglehold on the Internet, and we will have more diversity in technology
    3) People will finally be able to use predictable CSS

    I’m sure there are a billion other reasons, but these are the ones that come to mind.

  11. I think *you* are missing the point. It is extremely easy to build web content that only renders properly in IE – just use MS Word or Frontpage to build your site. Since IE has 90% of the browser market, you have limited your development time significantly.

    Development time INCREASES when you have to code for the quirks of Firefox, Safari, Konqueror, Opera, Galleon, and Netscrape.

    Me thinks you are speaking without knowing.

    If everyone only used IE, your above points #1 and #3 will be valid.

    It’s the diversity in technology which is increasing development time, and frankly, testing time is a lot higher than development time.

  12. Oh YES… There is a solution for you… Use Word or Front Page to code sites That’s just a ducky idea. So what if IE has 90%. That will only change if people like me start to lead by example and code sites that do not render properly under IE.

    I have been VERY clear about my goals. I want to encourage people to move away from IE. Agree with my goals or don’t, but don’t try to get me to pander to the IE masses because I’m simply not going to. If everyone woke up tomorrow and every website did not render under IE, people would have no choice but to move on to better technology. I’m simply leading by example.

  13. Um … I hate to burst your bubble here, but when someone comes to your site with IE and find that it’s broken, they’re not going to download firefox or anything else to read the shit you spew on this site … sorry … it’s just not worth their time, they’re just going to leave. That’s a hell of an example to lead with. BTW, you might want to get a couple of straws to breathe through, cause your bullshit’s getting mighty deep.

  14. “If everyone woke up tomorrow and every website did not render under IE, people would have no choice but to move on to better technology”

    Now THAT made me laugh. If everyone woke up tomorrow and found their website did not render in IE, the following would happen:

    1. Microsoft would get flooded with calls and emails

    2. Microsoft would spend lots of time fixing the problem, and would release a patch via Windows Update

    3. Web developers would spend a lot of time developing and testing workarounds

    Like it or not, IE is not going anywhere, and the only thing you will manage to do with your strategy is reduce the small number of folks who visit your site…

  15. I hate to burst YOUR bubble Al, but it’s not MY site that’s broken. Every other browser renders it properly as it is… I think that means IE is broken. People have the choice. They can wallow in their own ignorance and never come to my site again, or they can invest in decent technology and enjoy all the wonderful, insightfull things I have to say (LOL). It’s up to them… I’m not holding a gun to anyone’s head.

    I do, however, have to add that of this site’s regular readers, you are the only one who is still using IE. Even Wandering Pig Effer (Erich) is using Fire Fox.

  16. Hey, be happy that I don’t still have that java script on my front page that throws up a warning about the evils of IE, then executes an IE exploit that crashes Windows. I ran that one all throughout the browser wars, and I’m sure Micro$oft still has not fixed the bug. They spend all their time taking hand outs from spyware companies and creating exceptions for them in their adware protection package.

  17. Hello all,

    I got to your site via google since i was having the same exact problem you are talking about here: when we install a ghost image, we required the machines to be, manually, added to the domain.

    The “netdom.exe” was *trully a gift from the heavens*.

    Well, now that i got a simple solution, i still had a bigger problem: my institution doesnt have licenses for Ghost [the network version] so…i came up with a *very simple* solution.

    Since i found your site so usefull and would really like to share my solution with the community, i leave you in the following url a simple perl service i coded to remotely add a / (or various) machine(s) to a domain!

    http://lms.ispgaya.pt/goodies/wksadm.rar

    So…this is very simple: this code opens up a UDP socket server on port 43212 and expects some simple commands like:
    JOINDOMAIN
    LOCALMESSAGE the message to send to a logged user
    SHUTDOWN [number of seconds]
    REBOOT [number of seconds]
    GETFILE via wget>

    This is a good solution since we dont have to hardcode the DOMAIN, ADMIN and PASSWORD on a workstation script AND, with the GETFILE capability, we can upgrade the service remotely!

    To send commands to the workstations you simple need a UDP client [ex: netcat or a simple php script].

    Please contact me if anybody is interested in any info/feature/whatever.

    PS: ahmm, off course the domain login/password go thru the network in clear text but if anybody wants to implement SSL support feel free to do so ;o)
    PS2: oh…you need “active perl” [or “any” perl interpreter running on windows]
    PS3: the service can be added via gpedit.msc on windows startup
    PS4: for the LOCALMESSAGE to work you need to have the “messenger” service started! (since i use “net send” to send messages to the logged user!
    PS5: netdom.exe and wget.exe are allready packed on the .rar file!

    Best regards,
    Luís Miguel Silva
    Network Admin
    ISPGaya
    lms@ispgaya.pt or lms@fe.up.pt

  18. Fisrt up, a very useful tip – We have a windoze only environment and had th same issues.

    Just a comment about the whole “IE users should buy a Mac” comment. Whilst I agree up to a point (just use Linux) isn’t it ironic that the posting is about deploying Windows and you are effectively saying “don’t use windows” which is another solution to the problem all together…..!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>