If you’re serious about adapting new technologies to create a single image architecture, in order to simplify OS deployment and management, you probably are aware Dynamic Image Mode. This is one of the image modes offered by XenClient and allows you to “layer” an image and separate the system, profile / data and applications into easy to manage entities. As a result you got an efficient way to deploy, update and manage the users PC’s without requiring a  huge network pipe.

In the XenDesktop/XenClient world, we don’t use “Sysprep”. While MCS and PVS (Provisioning technologies used in XenDesktop) take care of the Active Directory integration, we’re still working on that piece for XenClient.

That doesn’t mean that automation of computer accounts to the Active Directory isn’t possible today…

That’s the main purpose of this blog.

Maybe you want to learn more generally how XenClient can simplify your OS life cycle management?

We’ll do a series of 3 hour hands on workshops at the upcoming Summit / Synergy event in Barcelona, check the agenda here!

There basically three steps involved; create a “standard” image, create and include the script to join the domain and upload the image to the Synchronizer.

Prepare and upload your golden image

You might have done this before, there’s nothing special in the first place

  • Install your Windows7
  • Run Windows Update
  • Install software you want to have in your standard system image
  • Install the XenClient Tools
  • Upload the VM as Dynamic Image
  • Start the VM and after the installation of the new device (Disk) and reboot

Prepare the PowerShell script

  • Create a temporary directory such as c:\temp
  • Launch PowerShell as administrator

  • Run the following command: “$credential = Get-Credential”

  • Enter credentials which have permission to add computer accounts to your domain
  • Now enter: “$credential.Password | ConvertFrom-SecureString | Set-Content C:\temp\password.txt”
    (This will take the password you entered and save it encrypted in the  C:\temp\password.txt file)
  • And also: “Set-ExecutionPolicy RemoteSigned” and confirm with Y
    (This allows the system to run PowerShell scripts)

  • Now open PowerShell ISE and add the following code:

if ((gwmi win32_computersystem).partofdomain –eq $false) {
 $password = Get-Content C:\temp\password.txt | ConvertTo-SecureString
 $credential = New-Object System.Management.Automation.PsCredential <domain\username>,$password
 Add-Computer –DomainName domain –Credential $credential

  • Once the script is verified working save it e.g. to c:\temp\domjoin.ps1
  • Add the following key to the registry:
    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe “C:\temp\domjoin.ps1”
  • Shutdown the VM

Publish the new golden image

  • Upload a new version of the image to the Synchronizer
  • This will be the image you assign and deploy

Using the XenClient “Self  Service” function (Add VM -> Download from Synchronizer) a user will install the golden image from the Synchronizer. On the first boot the VM will join itself to the Active Directory and reboot. After that the user can login with the domain credential and start to work as a domain member without the need of an administrator task.


This is a workaround and represents a “quick & dirty” way how to automatically join XenClient images after deployment. Going forward you can expect a much more sophisticated solution build into the product which also allows to influence the hostnames being assigned.

The script provided in this blog, is working but can be extended in many ways, to tighten security, change hostnames and delete the scripts and password.txt (Basic security is already achieved, due to the password IS encrypted). You may also consider to use RunOnceEx instead of RunOnce.

Probably worth to say here, that process is designed for Windows 7 hosts, if you want to do that on XP it needs modification.

Citrix Consultancy Services could be an other way to get this properly being customized and setup for you…

ENJOY your work with XenClient and please note: We appreciate your feedback, use the XenClient forums or shot me a message walter.hofstetter[at]