/build/static/layout/Breadcrumb_cap_w.png

Join Domain Script setup

Usually I have joined our computers to the domain as one of the last post-installation tasks of a scripted install using the 2000. But, I had 30+ iMacs running VMWare Fusion and I wanted to be very specific in the naming of the computers so I left off the Join Domain post-install task. So now I have the VM's all named appropriately and all my software installed. The last step left is joining them to the domain.

I am very new to Kboxes in general and scripting specifically. I think I have the correct file uploaded to the Kbox 1000 but I am unsure of the actual type of script to use - Online KScript or Online Shell Script.

I am trying it as an Online Shell Script now. I dissected the script I use on the 2000 to join the domain. The script consists of :

join_domain.vbs <my domain> <admin user> <admin password> <primary dns IP (optional)>

I uploaded join_domain.vbs as a dependency and I am trying to set up the Tasks appropriately. The admin user is a domain user with rights to join objects to AD.

1. Will this script work as is or do I need something fancier? Do I need to specify a local user?
2. What type of script will this qualify as?

TIA

Dana

0 Comments   [ + ] Show comments

Answers (13)

Posted by: dmillaway 14 years ago
Orange Senior Belt
0
Sorry. I meant to post this specifically to the KBox 1000 forum.
Posted by: airwolf 14 years ago
Red Belt
0
If you setup the .vbs file as a dependency, then you can run the command as you've written it. A domain user (with local authority) will work fine with an online script - assuming the machine can authenticate to a DC.

From the help tooltip in the KBOX Scripting Module:

Online KScripts are built just like Offline KScripts, but will execute at a specific time based on the server clock instead of the client clock. Only machines that are connected at the designated time will be targeted for execution.

Online Shell Scripts will execute at a specific time based on the server clock. Instead of building the script through the task wizard, shell scripts are simple text commands specific to the operating system. Batch files are supported on Windows, along with all manner of shell script formats supported by the specific operating system of the targeted machines.
Posted by: dmillaway 14 years ago
Orange Senior Belt
0
I just tried it as an Online Shell Script and get an Error 193, which I believe indicates a permissions error. I tried it with the computer sitting at the login prompt and after I had logged in as an administrator level local user. I manually joined the machine using the same Domain User name and password. So either there are some other lines necessary or it cannot run as an Online Shell Script.
Posted by: airwolf 14 years ago
Red Belt
0
Can you post the source code for join_domain.vbs? It's hard to troubleshoot without knowing what your script is attempting to do.

Also, I'd suggest removing the second thread you added to the KBOX forum. I'm sure a moderator will simply move this thread to the appropriate forum.
Posted by: dmillaway 14 years ago
Orange Senior Belt
0
Actually, I apparently cannot delete my own posts. Only my replies. I had thought to delete this thread until you replied. I should have realized that enough Kace users were out here that I would have been fine without re-posting.

This is the vbs contents of the file I uploaded as a dependency. This is the same file I uploaded to my 2000 as part of a post-install task that does work and has the command line structure as previously posted.
----------
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144

If WScript.Arguments.Count < 3 or WScript.Arguments.Count > 4 Then
WScript.Quit
Else
strDomain = WScript.Arguments.Item(0)
strUser = WScript.Arguments.Item(1)
strPassword = WScript.Arguments.Item(2)

'set DNS IP address
If WScript.Arguments.Count = 4 Then
strDNSIP = WScript.Arguments.Item(3)
Set objShell = CreateObject("WScript.shell")
objShell.Run "netsh int ip set dns ""local area connection"" static "& _
strDNSIP &" primary",0,0
End If

End If


Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & _
"\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _
NULL, _
JOIN_DOMAIN+ACCT_CREATE)
Posted by: airwolf 14 years ago
Red Belt
0
If you're running it as an Online Shell Script, you'll have to call the .vbs using CScript.exe.

Try changing the script text in the KBOX Script to:


CScript.exe -B "join_domain.vbs <my domain> <admin user> <admin password> <primary dns IP (optional)>"


EDIT: It would be easier to set it up as an Online KScript, because you can perform a KBOX script action to run the vbs with parameters. The reason the Shell Script wasn't running correctly is because you can't run a VBS in the shell, you've got to call it using CScript.exe. Sorry, it slipped my mind earlier and I just remembered.
Posted by: dmillaway 14 years ago
Orange Senior Belt
0
Success! I found this in an updated training toolkit from Kace but it was part of a 2 stage name and join process to be used as a post-install task on a Kbox 2000 scripted install. I had to add the Cscript bit that airwolf [:)] told me about. I have also found that it pays to be very specific where to find the executable, thus, I added the c:\windows\systems32\.

I used it as an offline-kscript and checked the box to allow run when logged off. I loaded the vbs script as a dependency and entered the commands as a batch file.

This is what I ended up using as the batch file. It even rebooted most of them but not all of them. I suspect that there was another process that would not release the machine.

----------------------------------------------------------------------------------------------------------

c:\windows\system32\cscript.exe //B Join_Domain.vbs <my domain> <domain admin user for joining accounts> <admin password> <primary dns IP (optional)>"

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d <NULL> /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d <NULL> /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v V1 /t REG_SZ /d "CMD /C \"rd /s /q C:\source\""

shutdown -r -t 05

---------------------------------------------------------------------------------------------------------------

If any of you gurus see a major issue from using this method that will be waiting to bite us in the b***, please let me know.

Thanks for everyone's help. This is going to be a handy tool in my arsenal. I am trying to minimize hands-on setup as much as possible.
Posted by: airwolf 14 years ago
Red Belt
0
I'm glad you've got it working! If you want to force the reboot (which will kill all processes), then you can use the -f paramater to force it (i.e. shutdown -r -f -t 05)
Posted by: lindsamw 14 years ago
Orange Senior Belt
0
I tried to use that method (I did do something similar) but ran into timing issues, because you use the shutdown command it stops everything else from running. Because its done as a run once, it lead to a lot of issues in my environment (basically the computer stops booting up to join the domain, then the shutdown command basically crashes windows, as windows hasn't loaded a desktop yet, and your forcibly powering it off), as I commented in the other thread, I have a fairly complicated Autoit script I use, and chain a bunch of runonces to do it. Can post it if people would like to see it. Between the naming and what not, I do end up doing it in 2 boots.
Posted by: wesjuhdabomb 14 years ago
Orange Belt
0
ORIGINAL: dmillaway

If any of you gurus see a major issue from using this method that will be waiting to bite us in the b***, please let me know.

Thanks for everyone's help. This is going to be a handy tool in my arsenal. I am trying to minimize hands-on setup as much as possible.


Well..
The join domain part of your script is the part that uses the most time. If someone sees that this computer is being imaged, and he shuts down the pc, he will have autologin access to the admin account. I did it like this:

first a script to change the computername: (we use dell notebooks, and have the servicetag as computername)

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d "" /f

c:\source\zcnclite.exe /wmi"Win32_BIOS,SerialNumber" /sn /q /forcerun

net user administrator password

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v V1 /t REG_SZ /d "CMD /Q /C \"c:\source\quiet.exe c:\source\2_JoinDomain.bat"" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d administrator /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d password /f



shutdown -r -f -t 00

note the shutdown -f option. I noticed that some computers will not reboot because some applications are still running. the -f forces the reboot.
Also note the reg add's before the script changes the computername, and just before it reboots it changes it back (net user command is to make sure every computer has the same password)

then after a reboot he runs the 2_joindomain.bat:

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d "" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v 1 /t REG_SZ /d "cmd /q /c rd /s /q c:\source" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v 2 /t REG_SZ /d "cmd /q /c rd /s /q c:\KACE" /f

net start workstation

netdom join %computername% /Domain:domain.local /UserD:username /PasswordD:password

shutdown -r -f -t 00


the vbs script caused me some problems.. So i just used netdom. add netdom.exe to the system32 folder of the image and you won't have any problem.
note again that i remove the autologon before he joins the domain. I also wait for the workstation service to start because netdom needs that.

In this situation you almost have a failsafe situation and the computer will be at logon screen when it is finished.


*the quiet.exe i use is a tool to run cmd's hidden, so users can't click it away and can't see what is happening.
Posted by: lindsamw 14 years ago
Orange Senior Belt
0
Nice script Wesley, question for you in that. Using Net dom where does the object end up at in the AD? Default computers ou? What if there is a pre-existing object? Will it 'reset' the object and put it in whatever OU it was before? My Join AD is a compiled autoitscript that used com stuff to join the AD. One of the benefits of this for me, if the techs forgot to delete/reset the object, it would just take over the object that was all ready in there.

Mike

PS good call on waiting for the workstation service, had never occurred to me. Probably would of saved me a ton of trouble when I setup all my scripted installs initially :)
Posted by: wesjuhdabomb 14 years ago
Orange Belt
0
Mike,
In my case it is most likely that new computers join the default "computer" ou, computers that already exist stay in the ou they were once placed. But..
Netdom can use another feature, you can set up a OU location with "/ou:" parameter. Since I had no more time to test that, I didn't use it in my script..
Posted by: dmascaro 12 years ago
Senior White Belt
0

Can someone help me with this.  I am trying to do the same as the above posts, but with no luck.  Not sure if anything has changed as these posts are couple years old.  Just can't get the computer to take the domain via Kace.  The VB script works perfectly form the computer itself.  Just running it from the K1000 isn't working.  When i use the Run Now feature it says successful, but not getting any change on client side.  Can someone post how they are doing it currently? 

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ