|
|
|||||||
Hi, Can anyone help with a script like this? I want to created a automated script which will add the member PC to the domain and then Rename it or just add it for now. Thanks |
||||||||
|
|
|||||||
Search for terms "+join +domain" to get some hits. You can also use the command line "netdom" tool to join or move computer accounts which might be the easier route - you can of course call netdom from within a script. |
||||||||
|
|
|||||||
this does no longer work for Windows 7 :-( |
||||||||
|
|
|||||||
"does not work" in what way? What version are you using? What syntax? I have both the old and new versions of Netdom - the old version (dated 1999) fails with a DLL error, but the newer version (1.8 - dated 2001) seems to work fine on my Windows 7 x64 system. I used to hang on to the older version because it did something that the newer version didn't, specifically in an NT domain environment - but since I haven't supported NT in many years, that requirement has gone away. Glenn |
||||||||
|
|
|||||||
Thank you for that update Glenn. I only have 1 Win7 x64 on the Domain right now but I'm sure within a year or so there will be many more. I did download the Admin Tools for Win7 but have not installed or tested them yet but seeing this post did prompt me to get them. |
||||||||
|
|
|||||||
The keyword for the WMI way is "joindomainorworkgroup". Search on that, and you may find a way to do it without netdom. |
||||||||
|
|
|||||||
Just FYI - I have XP, Vista, and Win-7 on similarly configured systems at my desk. The performance of the admin tools on Win-7 blows away XP! Glenn |
||||||||
|
|
|||||||
Code: $objNetwork = CreateObject("WScript.Network") $strComputer = $objNetwork.ComputerName $objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'") $ReturnValue = $objComputer.JoinDomainOrWorkGroup("DOMAIN", $password, "domain\"+$user, $OU, 35) If $ReturnValue ? "Failed joining "+@wksta+" to domain" Endif ? " waiting 15 seconds" sleep 15 $objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") $colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem") For Each $objComputer in $colComputers $err = $objComputer.Rename($Name, $password, "domain\" + $user) If $err ? "Failed Renaming "+@wksta+" to "+$Name endif Next |
||||||||
|
|
|||||||
@Rad, is the rename part of the code required for the joining of the domain? |
||||||||
|
|
|||||||
the rename is not necessary, but I use this after imaging a PC from a syspreped image, as it gets a generic name... I also have code in this to add specific users/groups to local admin |
||||||||
|
|
|||||||
Radimus, I'm trying to use your code below, but I am getting a return value of 87, which indicates "The parameter is incorrect". I'm puzzled, because if I change the password variable, my return value becomes 1326, which is "Logon failure: unknown username or bad password", as one would expect. This seems to indicate to me that the syntax is correct. Am I missing something? I'm a NOOB at this, so forgive me if I'm overlooking something simple. Code: $ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com' $user = MyUser $password = MyPassword $objNetwork = CreateObject("WScript.Network") $strComputer = $objNetwork.ComputerName $objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'") $ReturnValue = $objComputer.JoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 35) If $ReturnValue ? "Failed joining "+@WKSTA+" to domain" ? "ReturnValue = " + $ReturnValue GoTo END EndIf |
||||||||
|
|
|||||||
Why is it that one always figures out the solution to his own question after he posts for help? I changed the 35 in the line... $ReturnValue = $objComputer.JoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 35) ...to a 1, and this works now. |
||||||||
|
|
|||||||
Originally Posted By: Krozar Why is it that one always figures out the solution to his own question after he posts for help? For the same reason you solve your own problems after talking to someone about them.. Left-brain is logical, right-brain is creative.. Problems are often worked on by logical side of brain... When you write or verbalize - the message is seen by both eyes or heard by both ears, allowing the creative side a chance to use its creative powers! (usually accompanied by "ooh! ooh! I got it !!!" Glenn |
||||||||
|
|
|||||||
Sounds logical. Doctor Glenn has spoken |
||||||||
|
|
|||||||
Actually, its a bit of wisdom that I learned from a guy that I taught with some 20 years ago by the name of Mark Minasi. Glenn |
||||||||
|
|
|||||||
FJoinOptions [in] Set of bit flags that define the join options. Value Meaning 1 (0x1) Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup. 2 (0x2) Creates an account on a domain. 4 (0x4) Deletes an account when a domain exists. 16 (0x10) The join operation is part of an upgrade from Windows 98 or Windows 95 to Windows 2000 or Windows NT. 32 (0x20) Allows a join to a new domain, even if the computer is already joined to a domain. 64 (0x40) Performs an unsecured join. 128 (0x80) The machine, not the user, password passed. This option is only valid for unsecure joins. 256 (0x100) Writing SPN and DnsHostName attributes on the computer object should be deferred until the rename that follows the join. 262144 (0x40000) The APIs were invoked during install. http://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx |
||||||||
|
|
|||||||
Okay, trying to modify this script to disjoin a workstation from the domain. Thought I could just change the bit flag to 4, but I am getting error 2691, "The machine is already joined to the domain." Code: $ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com' $user = MyUser $password = MyPassword $objNetwork = CreateObject("WScript.Network") $strComputer = $objNetwork.ComputerName $objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'") $ReturnValue = $objComputer.JoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 4) If $ReturnValue ? "Failed removing "+@WKSTA+" from domain" ? "ReturnValue = " + $ReturnValue GoTo END EndIf I'm obviously missing a step, or something. Any help would be appreciated. Thx. |
||||||||
|
|
|||||||
I think you want to use UnjoinDomainOrWorkgroup. Flag 4 of the Join method doesn't say it unjoins, just deletes an account. |
||||||||
|
|
|||||||
Still confused about the syntax for this. What I'm trying to do is * remove the workstation from the domain * delete the computer account from the domain * join the workstation to the workgroup "Workgroup" Here's what I've got: Code: $ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com' $user = MyUser $password = MyPassword $objNetwork = CreateObject("WScript.Network") $strComputer = $objNetwork.ComputerName $objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'") $ReturnValue = $objComputer.UnJoinDomainOrWorkGroup("MyDomain.com", $password, "MyDomain\"+$user, $OU, 2) If $ReturnValue ? "Failed removing "+@WKSTA+" from domain" ? "ReturnValue = " + $ReturnValue GoTo END EndIf $ReturnValue = $objComputer.JoinDomainOrWorkGroup("Workgroup") If $ReturnValue ? "Failed joining "+@WKSTA+" to Workgroup" ? "ReturnValue = " + $ReturnValue GoTo END When I run this, I get no return value from the UnJoinDomainOrWorkGroup. But I get return value 2691 for the JoinDomainOrWorkGroup, which is still "The machine is already joined to the domain." Despite the first part not generating a return value, making it look like it was successful, the computer properties still show it being a member of the domain, and the computer account is still in the domain. This obviously is not doing anything. Has anyone ever done what I'm trying to do, successfully? |
||||||||
|
|
|||||||
Figured it out. Found the correct syntax here: Link Code: $ou = 'OU=MySubOu,OU=MyOU,DC=MyDomain,DC=com' $user = MyUser $password = MyPassword $objNetwork = CreateObject("WScript.Network") $strComputer = $objNetwork.ComputerName $objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='"+@wksta+"'") $ReturnValue = $objComputer.UnJoinDomainOrWorkGroup("MyDomain\"+$user, $password, 0) If $ReturnValue ? "Failed removing "+@WKSTA+" from domain" ? "ReturnValue = " + $ReturnValue GoTo END EndIf $ReturnValue = $objComputer.JoinDomainOrWorkGroup("Workgroup") If $ReturnValue ? "Failed joining "+@WKSTA+" to Workgroup" ? "ReturnValue = " + $ReturnValue GoTo END |
||||||||
|
|
|||||||
Sorry, that was the link I was looking at. I guess I should have included it in my post. Glad you got it working though. |
||||||||
|
|
|||||||
Okay... so now I'm trying to figure out if I can use this same script to somehow add the PC to a domain group at the same time. Anyone know if this is possible, and how? I may need to start a new thread on this, but thought I'd start here. |