Hi All,

Does anyone have any tips on how to modify the stock join_domain.vbs script on the KBOX 2000 so that I can join a computer to a specific OU in the domain. Or if there a better way of doing this?

This is the script in question.

Const WIN9X_UPGRADE = 16

If WScript.Arguments.Count < 3 or WScript.Arguments.Count > 4 Then
strDomain = WScript.Arguments.Item(0)
strUser = WScript.Arguments.Item(1)
strPassword = WScript.Arguments.Item(2)

'set DNS IP address
If WScript.Arguments.Count = 4 Then
strDNSIP = WScript.Arguments.Item(3)
Set objShell = CreateObject("WScript.shell")
objShell.Run "netsh int ip set dns ""local area connection"" static "& _
strDNSIP &" primary",0,0
End If

End If

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & _
"\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _


0 Comments   [ + ] Show Comments


Please log in to comment

Community Chosen Answer

I am using a PowerShell Script that is working really well for us our environment is Windows 7 Enterprise, here is the Power Shell Script:

Start-Sleep -s 20
$User = $args[0]
$Pass = ConvertTo-SecureString $args[1] -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass

Add-Computer -domainname DOMAIN.COM -OUPath $args[2] -cred $Credentials
Remove-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name DefaultPassword
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name AutoAdminLogon -value 0

I've hardcoded the DOMAIN into the script so you would need to change it to whatever your domain name is.

Then my K2 Command line string is:
start /wait powershell.exe -nologo -executionpolicy bypass -noprofile -file ATCCJoinDomain.ps1 "DOMAIN\USER" "PASSWORD" "OU=W7_LabPCs,DC=DOMAIN,DC=COM"

The only issue I have with this script is if the computer already exists in AD in a different OU it will error out, I haven't explored exactly why.

--If this post helped you, please consider rating this post.
Answered 02/14/2012 by: jrscribner
Purple Belt

Please log in to comment
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


Jrscribner - Thanks for sharing!

I modified your powershell script to suit my domain and it worked perfectly. This absolutely is what I was looking for.

Answered 02/14/2012 by: asanchez
Orange Senior Belt

Please log in to comment
I went with a less creative solution because I still had XP stuck in my head when I started. As part of my Win 7 sysprep.xml on images, post-install task on scripted install, I use the NETDOM JOIN command.

idk I keep things simple.
Answered 02/14/2012 by: Tentacle Master
Fourth Degree Black Belt

Please log in to comment

Glad I could help, we used a vbscript very similar to the one you listed with our XP deployment it can be done but the PowerShell script is so much cleaner.


I am planing on trying that I just need to find some time to experiment with it, I've already built the KBE just need to test it. I've thought about using a protected password file just have never made it back to the script to update it, I threw this one together last summer when we put our K2 in so we could get through our summer deployment cycle and now I'm going back thru and cleaning up my K2 scripts. I'm looking forward to seeing how you implement this.
Answered 02/14/2012 by: jrscribner
Purple Belt

Please log in to comment
ORIGINAL: cserrins

NETDOM is not officially supported in Windows 7.

Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)

True I get a bunch of stuff I don't need but that's ok to me.
Answered 02/15/2012 by: Tentacle Master
Fourth Degree Black Belt

Please log in to comment
I've made this to join PC's in our DK sites

It prompt for the user name to use to join the domain, then ask what sites it should be put in (you can change that part to what you need)
and look if it's a dekstop/laptop to determine what OU it should be in aswell :)
edit: It will aslo add a user/group to local admins right away

Just replace "YourDomain" with your domain name and make sure the OU path is correct for your domain (and ofcause the group/users it needs to add to the PC admin group)

Write-Host "This Script will add the Pc to the domain..."
write-host " "
$initials = Read-Host "Type your admin initials: "

$PCType = "PC"

$system = Get-WMIObject -class Win32_systemenclosure
$type = $system.chassistypes

Switch ($Type)
"1" { #"Chassis type is: $Type - Other"
#"2" {"Chassis type is: $type - Virtual Machine"}
"3" { #"Chassis type is: $type - Desktop"
#"4" {"Chassis type is: $type - Low Profile Desktop"}
#"5" {"Chassis type is: $type - Pizza Box"}
#"6" {"Chassis type is: $type - Mini Tower"}
#"7" {"Chassis type is: $type - Tower"}
"8" { #"Chassis type is: $type - Portable"
"9" { #"Chassis type is: $type - Laptop"
"10" { #"Chassis type is: $type - Notebook"
#"11" {"Chassis type is: $type - Handheld"}
"12" {#"Chassis type is: $type - Docking Station"
#"13" {"Chassis type is: $type - All-in-One"}
#"14" {"Chassis type is: $type - Sub-Notebook"}
#"15" {"Chassis type is: $type - Space Saving"}
#"16" {"Chassis type is: $type - Lunch Box"}
#"17" {"Chassis type is: $type - Main System Chassis"}
#"18" {"Chassis type is: $type - Expansion Chassis"}
#"19" {"Chassis type is: $type - Sub-Chassis"}
#"20" {"Chassis type is: $type - Bus Expansion Chassis"}
#"21" {"Chassis type is: $type - Peripheral Chassis"}
#"22" {"Chassis type is: $type - Storage Chassis"}
"23" {#"Chassis type is: $type - Rack Mount Chassis"
#"24" {"Chassis type is: $type - Sealed-Case PC"}
Default {"Chassis type is: $type - Unknown"}
if ($PCType -eq "LT") {$OUType="Laptops"}
if ($PCType -eq "PC") {$OUType="Desktops"}
if ($PCType -eq "VM") {$OUType="Desktops"}

$Country = "DK"
Write-Host "Select site"
Write-Host "1. Hoersholm"
Write-Host "2. Avedoere"
Write-Host "3. Roskilde"
Write-Host "4. Graasten"
$site = Read-Host "(1-4): "
Switch ($site)
"1" {$OUSite = "Hoersholm"}
"2" {$OUSite = "Avedoere"}
"3" {$OUSite = "Roskilde"}
"4" {$OUSite = "Graasten"}
Default {$OUSite = "Hoersholm"}

$ComputerOU="OU=" + $OUType + ",OU=Computers,OU=" + $OUSite + ",OU=" + $Country + ",OU=CH,DC=YourDomain,DC=FQN"

Add-Computer -domainname YourDomain -Credential "YourDomain\$initials" -OUPath "$ComputerOU"
$objReturn = $?

if ($objReturn) {
write-host "Success ! Autologon will be removed!"
Get-PSDrive | where {$_.name -match "hk"}
cd hklm:
$path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
set-ItemProperty -path $path -name DefaultUserName -value ""
set-ItemProperty -path $path -name AutoAdminLogon -value "0"
set-ItemProperty -path $path -name DefaultPassword -value ""
write-host "Autologon was removed, please reboot!"

if (!$objReturn) {
write-host "Failed to join domain, see error message!"


function AddLocalGroups{
Write-Host " "
Write-Host "If you don't write anything it will be a shared laptop"
$userName = Read-Host 'Initials of the PC owner:'

$computerName = $env:computername
$localGroupName = 'Administrators'
$Group1 = 'GlobalWKSAdmin'
if ($PCType -eq "LT") {$Group2 = 'SharedLaptop'}
if ($PCType -eq "PC") {$Group2 = 'SharedDesktop'}
if ($PCType -eq "VM") {$Group2 = 'SharedDesktop'}

[string]$domainName = ([ADSI]').name

Write-Host "User YourDomain\$Group1 is now member of local group $localGroupName on $computerName."

if ($userName -eq ') {
[string]$domainName = ([ADSI]').name

Write-Host "User YourDomain\$Group2 is now member of local group $localGroupName on $computerName."
if ($userName -ne ')

[string]$domainName = ([ADSI]').name

Write-Host "User YourDomain\$userName is now member of local group $localGroupName on $computerName."


function JoinDOMAIN {
$domain = “YourDomain”
$domainAcc = “YourDomain\$initials”
$Password = Read-Host -assecurestring "Please enter your password"
$DomainJoin = 1
$CreateAccount = 2
$AllowJoinIfAlreadyJoined = 32

$computer = get-wmiobject Win32_ComputerSystem
$ret = $computer.JoinDomainOrWorkGroup($domain,$domainPw,$domainAcc,$ComputerOU,$DomainJoin+$CreateAccount+$AllowJoinIfAlreadyJoined)
$ret = $ret.ReturnValue

Switch ($ret) {
2224 {
$ret = $computer.JoinDomainOrWorkGroup($domain,$domainPw,$domainAcc,$OU,33)
$ret = $ret.ReturnValue

You could also just do it in the XML file
Answered 02/21/2012 by: rmeyer
Second Degree Blue Belt

Please log in to comment

Try editing the Return Value as follows:

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, "OU=My OU,OU=My Other OU,OU=Another OU,DC=local,DC=domain,DC=com", _

Answered 11/08/2012 by: toucan911
Orange Senior Belt

Please log in to comment
Answer this question or Comment on this question for clarity