Netbooting with Active Directory

Cloning devices that are joined to a domain presents a set of obstacles:

  • Hostname duplication
  • Active Directory security controls
  • OS activation

Because clusterducks is not the first platform to manage cloned Windows images, there are a wealth of tools and information on overcoming hostname and AD security concerns:

Device hostnames

  • clusterducks has plans for a future integration with PowerDNS to auto-configure DNS records for netbooted devices although their NetBIOS names will still be duplicated
  • Citrix PVS has OS "parameter injection" to change hostname on boot without rejoining domain
  • Other solutions may exist. Please contact us if you know of a decent one to include here.

Domain security

  • AD "Machine Account Password" auto-change can be disabled without horrific consequences
    • By default, every 30 days a machine will update its machine account password
    • This has no effect on a typical network, but in a cloned environment, all other devices will now display a "trust relationship failure" message before denying login

OS network activation

  • KMS can be used by networks with more than 25 systems
    • There are different implementations of KMS that will run on Linux servers for those using Samba4 for domain services
  • MAK / VAMT may be used by networks with less than 25 systems
    • Difficult to find information for users who do not have contacts within Microsoft
  • According to Microsoft, as long as there are legal + valid CAL for each device that is connected to the network, running WinLoader or similar KMS emulators to bypass activation is an accepted practice
    • CAL is a paper license, not directly associated with OS