Join Computer to Specific OU?
Hi All,
Does anyone have any tips on how to modify the stock join_domain.vbs script on the KBOX 2000 so that I can join a computer to a specific OU in the domain. Or if there a better way of doing this?
This is the script in question.
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
If WScript.Arguments.Count < 3 or WScript.Arguments.Count > 4 Then
WScript.Quit
Else
strDomain = WScript.Arguments.Item(0)
strUser = WScript.Arguments.Item(1)
strPassword = WScript.Arguments.Item(2)
'set DNS IP address
If WScript.Arguments.Count = 4 Then
strDNSIP = WScript.Arguments.Item(3)
Set objShell = CreateObject("WScript.shell")
objShell.Run "netsh int ip set dns ""local area connection"" static "& _
strDNSIP &" primary",0,0
End If
End If
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & _
"\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _
NULL, _
JOIN_DOMAIN+ACCT_CREATE)
--
Thanks,
André
Does anyone have any tips on how to modify the stock join_domain.vbs script on the KBOX 2000 so that I can join a computer to a specific OU in the domain. Or if there a better way of doing this?
This is the script in question.
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
If WScript.Arguments.Count < 3 or WScript.Arguments.Count > 4 Then
WScript.Quit
Else
strDomain = WScript.Arguments.Item(0)
strUser = WScript.Arguments.Item(1)
strPassword = WScript.Arguments.Item(2)
'set DNS IP address
If WScript.Arguments.Count = 4 Then
strDNSIP = WScript.Arguments.Item(3)
Set objShell = CreateObject("WScript.shell")
objShell.Run "netsh int ip set dns ""local area connection"" static "& _
strDNSIP &" primary",0,0
End If
End If
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & _
"\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _
NULL, _
JOIN_DOMAIN+ACCT_CREATE)
--
Thanks,
André
0 Comments
[ + ] Show comments
Answers (7)
Please log in to answer
Posted by:
jrscribner
12 years ago
I am using a PowerShell Script that is working really well for us our environment is Windows 7 Enterprise, here is the Power Shell Script:
Start-Sleep -s 20
$User = $args[0]
$Pass = ConvertTo-SecureString $args[1] -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass
Add-Computer -domainname DOMAIN.COM -OUPath $args[2] -cred $Credentials
Remove-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name DefaultPassword
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name AutoAdminLogon -value 0
I've hardcoded the DOMAIN into the script so you would need to change it to whatever your domain name is.
Then my K2 Command line string is:
start /wait powershell.exe -nologo -executionpolicy bypass -noprofile -file ATCCJoinDomain.ps1 "DOMAIN\USER" "PASSWORD" "OU=W7_LabPCs,DC=DOMAIN,DC=COM"
The only issue I have with this script is if the computer already exists in AD in a different OU it will error out, I haven't explored exactly why.
--If this post helped you, please consider rating this post.
Start-Sleep -s 20
$User = $args[0]
$Pass = ConvertTo-SecureString $args[1] -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass
Add-Computer -domainname DOMAIN.COM -OUPath $args[2] -cred $Credentials
Remove-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name DefaultPassword
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name AutoAdminLogon -value 0
I've hardcoded the DOMAIN into the script so you would need to change it to whatever your domain name is.
Then my K2 Command line string is:
start /wait powershell.exe -nologo -executionpolicy bypass -noprofile -file ATCCJoinDomain.ps1 "DOMAIN\USER" "PASSWORD" "OU=W7_LabPCs,DC=DOMAIN,DC=COM"
The only issue I have with this script is if the computer already exists in AD in a different OU it will error out, I haven't explored exactly why.
--If this post helped you, please consider rating this post.
Posted by:
toucan911
12 years ago
Try editing the Return Value as follows:
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, "OU=My OU,OU=My Other OU,OU=Another OU,DC=local,DC=domain,DC=com", _
JOIN_DOMAIN + ACCT_CREATE)
Posted by:
asanchez
12 years ago
Jrscribner - Thanks for sharing!
I modified your powershell script to suit my domain and it worked perfectly. This absolutely is what I was looking for.
-André
I modified your powershell script to suit my domain and it worked perfectly. This absolutely is what I was looking for.
-André
Posted by:
RandomITPro
12 years ago
I went with a less creative solution because I still had XP stuck in my head when I started. As part of my Win 7 sysprep.xml on images, post-install task on scripted install, I use the NETDOM JOIN command.
idk I keep things simple.
idk I keep things simple.
Posted by:
jrscribner
12 years ago
@asanchez
Glad I could help, we used a vbscript very similar to the one you listed with our XP deployment it can be done but the PowerShell script is so much cleaner.
@Corey
I am planing on trying that I just need to find some time to experiment with it, I've already built the KBE just need to test it. I've thought about using a protected password file just have never made it back to the script to update it, I threw this one together last summer when we put our K2 in so we could get through our summer deployment cycle and now I'm going back thru and cleaning up my K2 scripts. I'm looking forward to seeing how you implement this.
Glad I could help, we used a vbscript very similar to the one you listed with our XP deployment it can be done but the PowerShell script is so much cleaner.
@Corey
I am planing on trying that I just need to find some time to experiment with it, I've already built the KBE just need to test it. I've thought about using a protected password file just have never made it back to the script to update it, I threw this one together last summer when we put our K2 in so we could get through our summer deployment cycle and now I'm going back thru and cleaning up my K2 scripts. I'm looking forward to seeing how you implement this.
Posted by:
RandomITPro
12 years ago
ORIGINAL: cserrins
NETDOM is not officially supported in Windows 7.
Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7887
True I get a bunch of stuff I don't need but that's ok to me.
Posted by:
rmeyer
12 years ago
I've made this to join PC's in our DK sites
It prompt for the user name to use to join the domain, then ask what sites it should be put in (you can change that part to what you need)
and look if it's a dekstop/laptop to determine what OU it should be in aswell :)
edit: It will aslo add a user/group to local admins right away
Just replace "YourDomain" with your domain name and make sure the OU path is correct for your domain (and ofcause the group/users it needs to add to the PC admin group)
You could also just do it in the XML file
It prompt for the user name to use to join the domain, then ask what sites it should be put in (you can change that part to what you need)
and look if it's a dekstop/laptop to determine what OU it should be in aswell :)
edit: It will aslo add a user/group to local admins right away
Just replace "YourDomain" with your domain name and make sure the OU path is correct for your domain (and ofcause the group/users it needs to add to the PC admin group)
cls
Write-Host "This Script will add the Pc to the domain..."
write-host " "
$initials = Read-Host "Type your admin initials: "
$PCType = "PC"
$system = Get-WMIObject -class Win32_systemenclosure
$type = $system.chassistypes
Switch ($Type)
{
"1" { #"Chassis type is: $Type - Other"
$PCType="VM"}
#"2" {"Chassis type is: $type - Virtual Machine"}
"3" { #"Chassis type is: $type - Desktop"
$PCType="PC"}
#"4" {"Chassis type is: $type - Low Profile Desktop"}
#"5" {"Chassis type is: $type - Pizza Box"}
#"6" {"Chassis type is: $type - Mini Tower"}
#"7" {"Chassis type is: $type - Tower"}
"8" { #"Chassis type is: $type - Portable"
$PCType="LT"}
"9" { #"Chassis type is: $type - Laptop"
$PCType="LT"}
"10" { #"Chassis type is: $type - Notebook"
$PCType="LT"}
#"11" {"Chassis type is: $type - Handheld"}
"12" {#"Chassis type is: $type - Docking Station"
$PCType="LT"}
#"13" {"Chassis type is: $type - All-in-One"}
#"14" {"Chassis type is: $type - Sub-Notebook"}
#"15" {"Chassis type is: $type - Space Saving"}
#"16" {"Chassis type is: $type - Lunch Box"}
#"17" {"Chassis type is: $type - Main System Chassis"}
#"18" {"Chassis type is: $type - Expansion Chassis"}
#"19" {"Chassis type is: $type - Sub-Chassis"}
#"20" {"Chassis type is: $type - Bus Expansion Chassis"}
#"21" {"Chassis type is: $type - Peripheral Chassis"}
#"22" {"Chassis type is: $type - Storage Chassis"}
"23" {#"Chassis type is: $type - Rack Mount Chassis"
$PCType="VM"}
#"24" {"Chassis type is: $type - Sealed-Case PC"}
Default {"Chassis type is: $type - Unknown"}
}
if ($PCType -eq "LT") {$OUType="Laptops"}
if ($PCType -eq "PC") {$OUType="Desktops"}
if ($PCType -eq "VM") {$OUType="Desktops"}
$Country = "DK"
Write-Host "Select site"
Write-Host "1. Hoersholm"
Write-Host "2. Avedoere"
Write-Host "3. Roskilde"
Write-Host "4. Graasten"
$site = Read-Host "(1-4): "
Switch ($site)
{
"1" {$OUSite = "Hoersholm"}
"2" {$OUSite = "Avedoere"}
"3" {$OUSite = "Roskilde"}
"4" {$OUSite = "Graasten"}
Default {$OUSite = "Hoersholm"}
}
$ComputerOU="OU=" + $OUType + ",OU=Computers,OU=" + $OUSite + ",OU=" + $Country + ",OU=CH,DC=YourDomain,DC=FQN"
$ComputerOU
Add-Computer -domainname YourDomain -Credential "YourDomain\$initials" -OUPath "$ComputerOU"
$objReturn = $?
if ($objReturn) {
write-host "Success ! Autologon will be removed!"
Get-PSDrive | where {$_.name -match "hk"}
cd hklm:
$path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
set-ItemProperty -path $path -name DefaultUserName -value ""
set-ItemProperty -path $path -name AutoAdminLogon -value "0"
set-ItemProperty -path $path -name DefaultPassword -value ""
write-host "Autologon was removed, please reboot!"
}
if (!$objReturn) {
write-host "Failed to join domain, see error message!"
JoinDOMAIN($ComputerOU)
AddLocalGroups
}
function AddLocalGroups{
Write-Host " "
Write-Host "If you don't write anything it will be a shared laptop"
$userName = Read-Host 'Initials of the PC owner:'
$computerName = $env:computername
$localGroupName = 'Administrators'
$Group1 = 'GlobalWKSAdmin'
if ($PCType -eq "LT") {$Group2 = 'SharedLaptop'}
if ($PCType -eq "PC") {$Group2 = 'SharedDesktop'}
if ($PCType -eq "VM") {$Group2 = 'SharedDesktop'}
[string]$domainName = ([ADSI]').name
([ADSI]"WinNT://$computerName/$localGroupName,group").Add("WinNT://YourDomain/$Group1")
Write-Host "User YourDomain\$Group1 is now member of local group $localGroupName on $computerName."
if ($userName -eq ') {
[string]$domainName = ([ADSI]').name
([ADSI]"WinNT://$computerName/$localGroupName,group").Add("WinNT://YourDomain/$Group2")
Write-Host "User YourDomain\$Group2 is now member of local group $localGroupName on $computerName."
}
if ($userName -ne ')
{
[string]$domainName = ([ADSI]').name
([ADSI]"WinNT://$computerName/$localGroupName,group").Add("WinNT://YourDomain/$userName")
Write-Host "User YourDomain\$userName is now member of local group $localGroupName on $computerName."
}
}
function JoinDOMAIN {
param(
$ParameterA,
$ParameterB
)
$domain = “YourDomainâ€Â
$domainAcc = “YourDomain\$initialsâ€Â
$Password = Read-Host -assecurestring "Please enter your password"
$DomainJoin = 1
$CreateAccount = 2
$AllowJoinIfAlreadyJoined = 32
$computer = get-wmiobject Win32_ComputerSystem
$ret = $computer.JoinDomainOrWorkGroup($domain,$domainPw,$domainAcc,$ComputerOU,$DomainJoin+$CreateAccount+$AllowJoinIfAlreadyJoined)
$ret = $ret.ReturnValue
Switch ($ret) {
2224 {
$ret = $computer.JoinDomainOrWorkGroup($domain,$domainPw,$domainAcc,$OU,33)
$ret = $ret.ReturnValue
}
}
}
You could also just do it in the XML file
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.