Is there any way to have a policy or script that checks if a computer has fallen off the domain and re-adds the machine? Is this possible through KACE? I seem to have quite a bit of requests lately for computers that have fallen off the domain and it would be nice to automate the process of re-adding if possible. Any thoughts?

Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
  • This content is currently hidden from public view.
    Reason: Member has been banned from the site
    For more information, visit our FAQ's.
Please log in to comment

Community Chosen Answer

1

You need to solve the problem of why they are falling of the domain, which is most likely a secure channel problem between the DC and workstations.

If you have a k2000 you can get the join_domain.vbs and run that as a script.

Const JOIN_DOMAIN             = 1
Const ACCT_CREATE             = 2
Const ACCT_DELETE             = 4
Const WIN9X_UPGRADE           = 16
Const DOMAIN_JOIN_IF_JOINED   = 32
Const JOIN_UNSECURE           = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET        = 256
Const INSTALL_INVOCATION      = 262144

If WScript.Arguments.Count < 3 or WScript.Arguments.Count > 4 Then
  WScript.Quit
Else
  strDomain   = WScript.Arguments.Item(0)
  strUser = WScript.Arguments.Item(1)
  strPassword = WScript.Arguments.Item(2)

'set DNS IP address
  If WScript.Arguments.Count = 4 Then
    strDNSIP = WScript.Arguments.Item(3)
    Set objShell = CreateObject("WScript.shell")
    objShell.Run "netsh int ip set dns  ""local area connection"" static "& _
                  strDNSIP &" primary",0,0
  End If

End If


Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
                             strComputer & _
                             "\root\cimv2:Win32_ComputerSystem.Name='" _
                             & strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
                                                strPassword, _
                                                strDomain & "\" & strUser, _
                                                NULL, _
                                                JOIN_DOMAIN+ACCT_CREATE)



 

Answered 02/07/2013 by: SMal.tmcc
Red Belt

  • I will take a look at the secure channel. I experience the issue mostly with student laptops that could be an issue with the batteries draining and not being put in use for long periods of time. I was wondering if there was a feature in KACE that would check for computers that are MIA and if they are reachable will automatically run the Join Domain script. For example if a laptop has fallen off of the domain because it has not been in use if the end user were to boot up and plug in a network cable the computer would run the join domain script.

    I may be over estimating KACE at this point, but just looking for a solution.

    Thanks for your feedback.
    • it could run the script I gave you to do this, the only problem is you need some unique identifier. You should be able to create a smart label for the mia and have a script that runs when the condition is meet.
  • Thank you! That may be exactly what I was looking for.
  • If it is the secure channel you can create a batch to readd them using the netdom command and push that
    http://support.microsoft.com/kb/329721
    http://technet.microsoft.com/en-us/library/cc788073%28v=ws.10%29.aspx
    http://support.microsoft.com/kb/175024
Please log in to comment

Answers

0

We had this problem also.  The Reason stems from deepfreeze.  I can recreate this in our lab.  We do not allow users to changetime in our deepfreeze configuation.  When the machine is frozen, pull the plug and go into bios during boot.  Change the date so it is a couple of years behind.  let windows boot.  You will get domain controller not found.  We have noticed this falling off happening when we had power hits.  I noticed the bios was loosing the date and time on some machines, Fix for us was to replace the MB battery so the settings are not lost during power hits.

 

We’ve been setting the secure channel maximum password age to 998 (both on the workstations and the serverswith group policies) to avoid known problems with secure channel password changes via gpo.

Answered 02/07/2013 by: SMal.tmcc
Red Belt

  • We had something very similar happen to us because of the machine password, except they wouldn't "fall off" the domain. They just wouldn't let anyone log in, and we had to unjoin and rejoin them. But our fix was exactly what you did, and that worked well. If it happens again after 998 days, that's a good reminder that they probably need to update their image anyway.
Please log in to comment
Answer this question or Comment on this question for clarity