/build/static/layout/Breadcrumb_cap_w.png

Adding machine to Correct OU during Auto Join Domain .VBS

This is for WIndows 8.1 I can now get it to run this VBS and it adds the machine to the domain correctly, however if I remove NULL and place strOU, and place the Full AD line it does NOT work at all.... Can anyone help out? Thanks

 

Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "xxxxx"
strPassword = "xxx"
strUser = "xxxx"

strOU = "OU=_General Users,OU=Computers,OU=Off-site,DC=xxx,DC=xxx,DC=xxxx,DC=xxx"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)

 

Again, If I remove NULL above, and place strOU it will not join the domain at all.. If I LEAVE NULL in its place its ignores the OU string and adds the domain correctly, just places it in the default OU in AD... Thank you for any help


7 Comments   [ + ] Show comments
  • I would assume that the user represented by strUser has rights to modify the OU itself? If that's the case, it might help to know what the ReturnValue is when it fails. - BHC-Austin 10 years ago
  • Thanks. Yes the User has the permissions, I don't "see" an error popup, Is the error logged somewhere on the system? TY - jgoucher12 10 years ago
  • I used the cscript command to output.log but the file just gets created and says microsoft script and no further info is displayed regarding success or failure - jgoucher12 10 years ago
  • You need to specifically output the vaule of ReturnValue to screen (usging WScript.Echo, for instance), before anythign will get written to a file. Then you should be able to just Google the error code that it returns. - BHC-Austin 10 years ago
  • If the system is on the network why does it really matter when the updates and antivirus gets applied? Unless your policies are so strict this will work fine. But again he was asking about adding the computer to the OU not about Antivirus or Windows Updates. Thats microsoft path below using a answer file. - mikesharp1 10 years ago
  • I have tried using the answer file multiple times, it never works for me. it was always giving the computer name a "generic name". It was going to the correct OU just as a generic name not the name I needed to give it. Each machine has a unique name we need to assign them... any other thoughts? - jgoucher12 10 years ago
    • See my earlier comment about how to get the result of the JoinDomainOrWorkGroup method. You're already outputting that to a variable, now you just need to see what's in that variable (ReturnValue). I usually use WScript.Echo to output it to screen when I'm debugging - BHC-Austin 10 years ago
  • True, his question IS about adding the machine account to a specific OU, but he's trying to do it via a VBScript, and I'm justg trying to help him fix his script. My apologies if my comment on your answer seemed to discount it in any way, that was certainly not my intentions.

    I know that using the answer file is MS's method, I was just providing some justification for using script vs the answer file for future readers as I'm sure there are many reasons (beyond the examples I provided) why you might want to do this outside of the answer file. - BHC-Austin 10 years ago

Answers (2)

Posted by: mikesharp1 10 years ago
2nd Degree Black Belt
2

Use the answer file using a syspreped image.You can use ADSI edit to find the path of the OU you want.

 

  <Identification>
                <Credentials>
                    <Domain>Oglesby.local</Domain>
                    <Password>DomainPassword</Password>
                    <Username>DomainUserWithRightsToAddComputerAcct</Username>
                </Credentials>
                <JoinDomain>Oglesby.local</JoinDomain>
                <MachineObjectOU>OU=VDI,DC=oglesby,DC=local </MachineObjectOU>
                <UnsecureJoin>False</UnsecureJoin>
            </Identification>
        </component>


Comments:
  • Answer file should work, but there may be a reason the OP is using a script instead. At my company, we like to make sure our antivirus and Windows Updates have been applied before we join a system to the domain. It's also possible if his permissions are not correct that using the answer file would fail as well. - BHC-Austin 10 years ago
Posted by: adam_nerell 10 years ago
Yellow Belt
1

If youre deploying 8.1 then you should really stop using VB-script IMHO, both for computer renaming and domain joining.

Why? VB script is uggly (again IMHO), and hard to use (let the flaming begin :-) ). Also WSName is not supported nor developed any more.

PowerShell is the way to go, super easy, super clean and there’s an abundance of info on google for this.

 

Computer rename (Use K2 3.6 and tick that this requires a reboot in the post install task):

 

Bat file:

powershell.exe -nologo -executionpolicy bypass -noprofile -file ".\ComputerRename.ps1"

 

ComputerRename.ps1(I'm pulling the servicetag and put it in the computername, which I find useful, edit as you like) (Google it and you'll find infinite ideas on this, WMI is your friend):

$serial=Get-WMIObject -Class Win32_Bios | select -expand "SerialNumber"

$NewName="ws-"+ $serial

$ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem

$ComputerInfo.Rename($NewName)

Zip those and run the bat in a post deployment task.

 

Domain Join (Again, use K2 3.6 and tick that this requires a reboot in the post install task)

I use ksleep.exe to let everything settle down after the reboot. Had some issues on sites with no DC locally prior to using that, but it can surley be omitted in ideal conditions.

Bat file:

ksleep.exe 10

powershell.exe -nologo -executionpolicy bypass -noprofile -file ".\jd.ps1"

jd.ps1:

$domain = "domainname"

$password = "pwd for a user account that can add computers to domains" | ConvertTo-SecureString -asPlainText -Force

$username = "$domain\accountname

$credential = New-Object System.Management.Automation.PSCredential($username,$password)

$ouPath="OU=Computers,OU=My OU,DC=my,DC=domain"

 

add-computer -Credential $credential -DomainName $domain -OUPath $ouPath

 

Zip those and run the bat in a post deployment task.


Lastly as someone surely will point out looking at the documentation for "add-computer" actually it seems that it supports renaming and joining in one swoop. I haven't got that working in win 7 after upgrading to the latest version of the management tool, but it might work in 8/8.1 .

 

Also, everything in this post is stolen from others, so any credit is to everyone else... :-)

 

 

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ