Trying to add a computer to a security group at the same time as adding to the domain during deployment in K2000
I have modified the join domain script to also enable UAC and attempt to
add the computer account in AD to a security group, but am failing to
get the group added ok.
The powershell script works when run from a computer on my network, and everything else about the script works fine.
Here is a redacted version of the script, I tried moving the add to security group part around a little, but it just doesn't seem to work during the deployment! I would have expected that adding to the end will mean the account is in AD and ready to be used by this script to add to the group.
#enter user account that will be used to join domain
$domain= "tailspintoys.com"
$password= "5555555555555" | ConvertTo-SecureString -asPlainText -Force
$user= "$domain\JoinPCaccount"
$cred= New-Object System.Management.Automation.PSCredential($user,$password)
#edit for OU path
$oupath = 'OU=standard,OU=computers,DC=tailspintoys,DC=com'
$server= "domaincontroller1.tailspintoys.com"
#add computer to OU
Add-Computer -domainname $domain -oupath $oupath -Credential $cred -ErrorAction silentlycontinue -Server $server
#add computer to domain
Add-Computer -DomainName $domain -Credential $cred
#pull info to add computer to correct local groups
$group= Get-ADGroup "CN=Laptop-Computers,DC=tailspintoys,DC=com" –Server $server;
$hostname= hostname
$computerName= Get-ADComputer $hostname –Server $server;
#add computer to local group
Add-ADGroupMember $group -Member $computerName -Server $server -Credential $cred
The powershell script works when run from a computer on my network, and everything else about the script works fine.
Here is a redacted version of the script, I tried moving the add to security group part around a little, but it just doesn't seem to work during the deployment! I would have expected that adding to the end will mean the account is in AD and ready to be used by this script to add to the group.
#enter user account that will be used to join domain
$domain= "tailspintoys.com"
$password= "5555555555555" | ConvertTo-SecureString -asPlainText -Force
$user= "$domain\JoinPCaccount"
$cred= New-Object System.Management.Automation.PSCredential($user,$password)
#edit for OU path
$oupath = 'OU=standard,OU=computers,DC=tailspintoys,DC=com'
$server= "domaincontroller1.tailspintoys.com"
#add computer to OU
Add-Computer -domainname $domain -oupath $oupath -Credential $cred -ErrorAction silentlycontinue -Server $server
#add computer to domain
Add-Computer -DomainName $domain -Credential $cred
#pull info to add computer to correct local groups
$group= Get-ADGroup "CN=Laptop-Computers,DC=tailspintoys,DC=com" –Server $server;
$hostname= hostname
$computerName= Get-ADComputer $hostname –Server $server;
#add computer to local group
Add-ADGroupMember $group -Member $computerName -Server $server -Credential $cred
2 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
JasonEgg
7 years ago
Tangential, relating to my comments.
Here is the section of our unattend.xml which adds the comp to the domain
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<Identification>
<JoinDomain>DOMAIN_TO_JOIN</JoinDomain>
<MachineObjectOU>OU=YOUR_OU, DC=YOUR_OTHER_VALUES</MachineObjectOU>
<Credentials>
<Domain>YOUR_FQDN</Domain>
<Username>YOUR_USER</Username>
<Password>YOUR_PASS</Password>
</Credentials>
</Identification>
</component>
How are you provisioning the hostname for the machine and the domain join if using unattend file? - Vivalo 7 years ago
What I meant was that the auto unattend file would have to be hard coded with the hostname. I have the hostname provisioned as a kid deployment task. So it would not work to do it. I will edit the script to save the output to a file as I can briefly see on the deploying the powershell flash up on the screen with red text (so it is erroring out). - Vivalo 7 years ago