Netbooting with Active Directory
Cloning devices that are joined to a domain presents a set of obstacles:
- Hostname duplication
- Active Directory security controls
- OS activation
Because clusterducks is not the first platform to manage cloned Windows images, there are a wealth of tools and information on overcoming hostname and AD security concerns:
Device hostnames
- clusterducks has plans for a future integration with PowerDNS to auto-configure DNS records for netbooted devices although their NetBIOS names will still be duplicated
- Citrix PVS has OS "parameter injection" to change hostname on boot without rejoining domain
- Other solutions may exist. Please contact us if you know of a decent one to include here.
Domain security
- AD "Machine Account Password" auto-change can be disabled without horrific consequences
- By default, every 30 days a machine will update its machine account password
- This has no effect on a typical network, but in a cloned environment, all other devices will now display a "trust relationship failure" message before denying login
OS network activation
- KMS can be used by networks with more than 25 systems
- There are different implementations of KMS that will run on Linux servers for those using Samba4 for domain services
- MAK / VAMT may be used by networks with less than 25 systems
- Difficult to find information for users who do not have contacts within Microsoft
- According to Microsoft, as long as there are legal + valid CAL for each device that is connected to the network, running WinLoader or similar KMS emulators to bypass activation is an accepted practice
- CAL is a paper license, not directly associated with OS