Issues joining domain
I've recently been thrown into an imaging function at my institution and I'm trying to work out a process to name the machines and join the domain. You'll have to forgive some basic questions on my part, I previously only did all our macintosh imaging and I'm trying to quickly get up to speed on a Windows process for our institution. I'm using the kace prescribed proceedure at the following link.
http://www.kace.com/support/resources/kb/article/How-to-rename-a-computer-and-join-it-to-a-Windows-domain-Image-Deployment
I've modified the scripts as suggested in this support article and zipped them up in a Post Install Task. I'm using a dat file that WSNAME calls to name the machines.
The machines name correctly, reboot, appear to run the script to join the domain, reboot, and then endup being in a workgroup with the same name as the domain, rather than being bound to AD. The source directory is removed The account being used does work as I can manually bind a machine with the same credentials. I'm sort of at a loss as to where the process is breaking down. Any assistance would be most appeciated. I've toyed around with the idea of breaking the scripts into multiple post install tasks, but I wasn't sure I wanted to deviate from the KACE prescribed method at this point when I'm trying to get this up and running in a real quick fashion, with not a lot of time to play around right now.
Thanks,
-alex-
Answers (2)
I use this Powershell script attached as an application task:
Start-Sleep -s 20
$User = $args[0]
$Pass = ConvertTo-SecureString $args[1] -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass
Add-Computer -domainname DOMAIN.COM -OUPath $args[2] -cred $Credentials
Remove-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name DefaultPassword
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name AutoAdminLogon -value 0
I've hardcoded the DOMAIN into the script so you would need to change it to whatever your domain name is.
Then my K2 Command line string is:
start /wait powershell.exe -nologo -executionpolicy bypass -noprofile -file JoinDomain.ps1 DOMAIN\USER PASSWORD OU=W7_LabPCs,DC=DOMAIN,DC=COM
Top Answer
Not sure if this helps, but here is the script we use to join computers to our domain. Maybe you can compare and verify that the script is actually correct, since you said the credentials have been verified.
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
strDomain = "DOMAIN"
strPassword = "PASSWORD"
strUser = "USER"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = _
GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _
NULL, _
JOIN_DOMAIN + ACCT_CREATE)
Comments:
-
I appreciate all the help, nheyne my script looks pretty much identical to that other than how it populates the variables. I ended up putting a wait period in the join domain script on a hunch that it wasn't picking up the network fast enough. Sure enough, that cured what ailed it. There was no network right away so it was just binding to a workgroup instead of domain.
Thanks again! - macdude22 10 years ago
