Re-adding computers to the Domain Remotely
Is there any way to have a policy or script that checks if a computer has fallen off the domain and re-adds the machine? Is this possible through KACE? I seem to have quite a bit of requests lately for computers that have fallen off the domain and it would be nice to automate the process of re-adding if possible. Any thoughts?
Answers (2)
You need to solve the problem of why they are falling of the domain, which is most likely a secure channel problem between the DC and workstations.
If you have a k2000 you can get the join_domain.vbs and run that as a script.
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
If WScript.Arguments.Count < 3 or WScript.Arguments.Count > 4 Then
WScript.Quit
Else
strDomain = WScript.Arguments.Item(0)
strUser = WScript.Arguments.Item(1)
strPassword = WScript.Arguments.Item(2)
'set DNS IP address
If WScript.Arguments.Count = 4 Then
strDNSIP = WScript.Arguments.Item(3)
Set objShell = CreateObject("WScript.shell")
objShell.Run "netsh int ip set dns ""local area connection"" static "& _
strDNSIP &" primary",0,0
End If
End If
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & _
"\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _
NULL, _
JOIN_DOMAIN+ACCT_CREATE)
Comments:
-
I will take a look at the secure channel. I experience the issue mostly with student laptops that could be an issue with the batteries draining and not being put in use for long periods of time. I was wondering if there was a feature in KACE that would check for computers that are MIA and if they are reachable will automatically run the Join Domain script. For example if a laptop has fallen off of the domain because it has not been in use if the end user were to boot up and plug in a network cable the computer would run the join domain script.
I may be over estimating KACE at this point, but just looking for a solution.
Thanks for your feedback. - IT_youT 11 years ago-
it could run the script I gave you to do this, the only problem is you need some unique identifier. You should be able to create a smart label for the mia and have a script that runs when the condition is meet. - SMal.tmcc 11 years ago
-
Thank you! That may be exactly what I was looking for. - IT_youT 11 years ago
-
If it is the secure channel you can create a batch to readd them using the netdom command and push that
http://support.microsoft.com/kb/329721
http://technet.microsoft.com/en-us/library/cc788073%28v=ws.10%29.aspx
http://support.microsoft.com/kb/175024 - SMal.tmcc 11 years ago
We had this problem also. The Reason stems from deepfreeze. I can recreate this in our lab. We do not allow users to changetime in our deepfreeze configuation. When the machine is frozen, pull the plug and go into bios during boot. Change the date so it is a couple of years behind. let windows boot. You will get domain controller not found. We have noticed this falling off happening when we had power hits. I noticed the bios was loosing the date and time on some machines, Fix for us was to replace the MB battery so the settings are not lost during power hits.
We’ve been setting the secure channel maximum password age to 998 (both on the workstations and the serverswith group policies) to avoid known problems with secure channel password changes via gpo.
Comments:
-
We had something very similar happen to us because of the machine password, except they wouldn't "fall off" the domain. They just wouldn't let anyone log in, and we had to unjoin and rejoin them. But our fix was exactly what you did, and that worked well. If it happens again after 998 days, that's a good reminder that they probably need to update their image anyway. - nheyne 11 years ago