NaasMarais
(Fresh Scripter)
2009-12-02 08:16 AM
Script to add member PC to Domain

Hi,

Can anyone help with a script like this? I want to created a automated script which will add the member PC to the domain and then Rename it or just add it for now.

Thanks

Richard H.Administrator
(KiX Supporter)
2009-12-02 09:11 AM
Re: Script to add member PC to Domain

Search for terms "+join +domain" to get some hits.

You can also use the command line "netdom" tool to join or move computer accounts which might be the easier route - you can of course call netdom from within a script.

Sam_B
(Getting the hang of it)
2010-03-21 07:04 PM
Re: Script to add member PC to Domain

this does no longer work for Windows 7 :-(

Glenn BarnasAdministrator
(KiX Supporter)
2010-03-22 12:30 PM
Re: Script to add member PC to Domain

"does not work" in what way?
What version are you using?
What syntax?

I have both the old and new versions of Netdom - the old version (dated 1999) fails with a DLL error, but the newer version (1.8 - dated 2001) seems to work fine on my Windows 7 x64 system.

I used to hang on to the older version because it did something that the newer version didn't, specifically in an NT domain environment - but since I haven't supported NT in many years, that requirement has gone away.

Glenn

NTDOCAdministrator
(KiX Master)
2010-03-23 12:55 AM
Re: Script to add member PC to Domain

Thank you for that update Glenn. I only have 1 Win7 x64 on the Domain right now but I'm sure within a year or so there will be many more.

I did download the Admin Tools for Win7 but have not installed or tested them yet but seeing this post did prompt me to get them.

AllenAdministrator
(KiX Supporter)
2010-03-23 02:24 AM
Re: Script to add member PC to Domain

The keyword for the WMI way is "joindomainorworkgroup". Search on that, and you may find a way to do it without netdom.

Glenn BarnasAdministrator
(KiX Supporter)
2010-03-23 11:29 AM
Re: Script to add member PC to Domain

Just FYI - I have XP, Vista, and Win-7 on similarly configured systems at my desk. The performance of the admin tools on Win-7 blows away XP!

Glenn

Radimus
(KiX Supporter)
2010-03-23 05:49 PM
Re: Script to add member PC to Domain

 Code:
	$objNetwork = CreateObject("WScript.Network")
	$strComputer = $objNetwork.ComputerName
	$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'")
	$ReturnValue = $objComputer.JoinDomainOrWorkGroup("DOMAIN", $password, "domain\"+$user, $OU, 35)
	If $ReturnValue
		? "Failed joining "+@wksta+" to domain"
	Endif
	? "     waiting 15 seconds"
	sleep 15

	$objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
	$colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
	For Each $objComputer in $colComputers
		$err = $objComputer.Rename($Name, $password, "domain\" + $user)
		If $err
			? "Failed Renaming "+@wksta+" to "+$Name
		endif
	Next


AllenAdministrator
(KiX Supporter)
2010-03-23 07:05 PM
Re: Script to add member PC to Domain

@Rad, is the rename part of the code required for the joining of the domain?

Radimus
(KiX Supporter)
2010-03-23 09:03 PM
Re: Script to add member PC to Domain

the rename is not necessary, but I use this after imaging a PC from a syspreped image, as it gets a generic name...

I also have code in this to add specific users/groups to local admin

Krozar
(Fresh Scripter)
2011-01-27 05:17 PM
Re: Script to add member PC to Domain

Radimus, I'm trying to use your code below, but I am getting a return value of 87, which indicates "The parameter is incorrect". I'm puzzled, because if I change the password variable, my return value becomes 1326, which is "Logon failure: unknown username or bad password", as one would expect. This seems to indicate to me that the syntax is correct.

Am I missing something? I'm a NOOB at this, so forgive me if I'm overlooking something simple.

 Code:
$ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com'
$user = MyUser
$password = MyPassword
$objNetwork = CreateObject("WScript.Network")
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'")
$ReturnValue = $objComputer.JoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 35)
If $ReturnValue
	? "Failed joining "+@WKSTA+" to domain"
	? "ReturnValue = " + $ReturnValue
		GoTo END
EndIf


Krozar
(Fresh Scripter)
2011-01-27 05:29 PM
Re: Script to add member PC to Domain

Why is it that one always figures out the solution to his own question after he posts for help?

I changed the 35 in the line...
$ReturnValue = $objComputer.JoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 35)
...to a 1, and this works now.

Glenn BarnasAdministrator
(KiX Supporter)
2011-01-27 07:09 PM
Re: Script to add member PC to Domain

 Originally Posted By: Krozar
Why is it that one always figures out the solution to his own question after he posts for help?

For the same reason you solve your own problems after talking to someone about them..

Left-brain is logical, right-brain is creative.. Problems are often worked on by logical side of brain...

When you write or verbalize - the message is seen by both eyes or heard by both ears, allowing the creative side a chance to use its creative powers! \:\) (usually accompanied by "ooh! ooh! I got it !!!" \:D
Glenn

Mart
(KiX Supporter)
2011-01-28 09:06 AM
Re: Script to add member PC to Domain

Sounds logical.
Doctor Glenn has spoken ;\)

Glenn BarnasAdministrator
(KiX Supporter)
2011-01-28 12:17 PM
Re: Script to add member PC to Domain

Actually, its a bit of wisdom that I learned from a guy that I taught with some 20 years ago by the name of Mark Minasi.

Glenn

Radimus
(KiX Supporter)
2011-02-01 08:19 PM
Re: Script to add member PC to Domain

FJoinOptions [in]
Set of bit flags that define the join options.

Value Meaning
1 (0x1) Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup.

2 (0x2) Creates an account on a domain.

4 (0x4) Deletes an account when a domain exists.

16 (0x10) The join operation is part of an upgrade from Windows 98 or Windows 95 to Windows 2000 or Windows NT.

32 (0x20) Allows a join to a new domain, even if the computer is already joined to a domain.

64 (0x40) Performs an unsecured join.

128 (0x80) The machine, not the user, password passed. This option is only valid for unsecure joins.

256 (0x100) Writing SPN and DnsHostName attributes on the computer object should be deferred until the rename that follows the join.

262144 (0x40000) The APIs were invoked during install.

http://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx

Krozar
(Fresh Scripter)
2011-03-16 05:00 PM
Re: Script to add member PC to Domain

Okay, trying to modify this script to disjoin a workstation from the domain. Thought I could just change the bit flag to 4, but I am getting error 2691, "The machine is already joined to the domain."

 Code:
$ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com'
$user = MyUser
$password = MyPassword
$objNetwork = CreateObject("WScript.Network")
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'")
$ReturnValue = $objComputer.JoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 4)
If $ReturnValue
	? "Failed removing "+@WKSTA+" from domain"
	? "ReturnValue = " + $ReturnValue
		GoTo END
EndIf


I'm obviously missing a step, or something. Any help would be appreciated.
Thx.

BradV
(Seasoned Scripter)
2011-03-17 10:56 AM
Re: Script to add member PC to Domain

I think you want to use UnjoinDomainOrWorkgroup. Flag 4 of the Join method doesn't say it unjoins, just deletes an account.

Krozar
(Fresh Scripter)
2011-03-18 04:13 PM
Re: Script to add member PC to Domain

Still confused about the syntax for this. What I'm trying to do is
* remove the workstation from the domain
* delete the computer account from the domain
* join the workstation to the workgroup "Workgroup"
Here's what I've got:

 Code:
$ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com'
$user = MyUser
$password = MyPassword
$objNetwork = CreateObject("WScript.Network")
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'")
$ReturnValue = $objComputer.UnJoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 2)
If $ReturnValue
	? "Failed removing "+@WKSTA+" from domain"
	? "ReturnValue = " + $ReturnValue
		GoTo END
EndIf
$ReturnValue = $objComputer.JoinDomainOrWorkGroup("Workgroup")
If $ReturnValue
	? "Failed joining "+@WKSTA+" to Workgroup"
	? "ReturnValue = " + $ReturnValue
		GoTo END


When I run this, I get no return value from the UnJoinDomainOrWorkGroup. But I get return value 2691 for the JoinDomainOrWorkGroup, which is still "The machine is already joined to the domain."

Despite the first part not generating a return value, making it look like it was successful, the computer properties still show it being a member of the domain, and the computer account is still in the domain. This obviously is not doing anything.

Has anyone ever done what I'm trying to do, successfully?

Krozar
(Fresh Scripter)
2011-03-18 04:29 PM
Re: Script to add member PC to Domain

Figured it out. Found the correct syntax here: Link
 Code:
$ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com'
$user = MyUser
$password = MyPassword
$objNetwork = CreateObject("WScript.Network")
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'")
$ReturnValue = $objComputer.UnJoinDomainOrWorkGroup("MyDomain\"+$user, $password, 0)
If $ReturnValue
	? "Failed removing "+@WKSTA+" from domain"
	? "ReturnValue = " + $ReturnValue
		GoTo END
EndIf
$ReturnValue = $objComputer.JoinDomainOrWorkGroup("Workgroup")
If $ReturnValue
	? "Failed joining "+@WKSTA+" to Workgroup"
	? "ReturnValue = " + $ReturnValue
		GoTo END


BradV
(Seasoned Scripter)
2011-03-21 10:54 AM
Re: Script to add member PC to Domain

Sorry, that was the link I was looking at. I guess I should have included it in my post. Glad you got it working though. \:\)

Krozar
(Fresh Scripter)
2012-03-08 09:38 PM
Re: Script to add member PC to Domain

Okay... so now I'm trying to figure out if I can use this same script to somehow add the PC to a domain group at the same time.

Anyone know if this is possible, and how?

I may need to start a new thread on this, but thought I'd start here.