How does AD tie a joining PC with a pre-staged computer account?

On our network, we only want a select group of desktop managers joining PCs
to the domain. In addition to that, we want those managers REQUESTING to
have those machines joined before they actually do so. This is because we
have problems with some desktop managers moving machines around without
telling us, losing track of assets, and so on.

We're planning on having an automated network registration, so we're not
planning on making everyone's life hell, but they will have to jump through
a few hoops to get on a publically routable network and so on.

I have a decent idea of how to create a computer account and granting the
proper manager the ability to join it to the domain. So I can pre-stage
the computer accounts no problem.

But my question is: How does AD map the joining computer - out of, say, the
thirty or so in a lab that one manager is joining - onto the existing,
as-yet-unsed account sitting in AD? Is it done purely via the name the PC
thinks it has (and thus we'll have hundreds of "OEMCOMPUTER"?) Is it some
other ID generated by the client Windows OS, something that can be fetched
or calculated without requiring the manager to dig it up? Via an applet or
some other (remote?) automated process?

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

Hello ,

If you prestage a computer in AD you have to enter the machine GUID/UUID
and that one is unique to the machine. That way the name in AD is tied to
the machine.

See here for more details:
2003:
http://technet.microsoft.com/en-us/l...96(WS.10).aspx

http://technet.microsoft.com/en-us/l...58(WS.10).aspx

2008:
http://technet.microsoft.com/en-us/l...32(WS.10).aspx

http://technet.microsoft.com/en-us/l...0).aspx#BKMK_1

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> On our network, we only want a select group of desktop managers
> joining PCs to the domain. In addition to that, we want those
> managers REQUESTING to have those machines joined before they actually
> do so. This is because we have problems with some desktop managers
> moving machines around without telling us, losing track of assets, and
> so on.
>
> We're planning on having an automated network registration, so we're
> not planning on making everyone's life hell, but they will have to
> jump through a few hoops to get on a publically routable network and
> so on.
>
> I have a decent idea of how to create a computer account and granting
> the proper manager the ability to join it to the domain. So I can
> pre-stage the computer accounts no problem.
>
> But my question is: How does AD map the joining computer - out of,
> say, the thirty or so in a lab that one manager is joining - onto the
> existing, as-yet-unsed account sitting in AD? Is it done purely via
> the name the PC thinks it has (and thus we'll have hundreds of
> "OEMCOMPUTER"?) Is it some other ID generated by the client Windows
> OS, something that can be fetched or calculated without requiring the
> manager to dig it up? Via an applet or some other (remote?) automated
> process?
>