KACE Product Support Question

Join Computer to Specific OU?

02/14/2012 7956 views
Hi All,

Does anyone have any tips on how to modify the stock join_domain.vbs script on the KBOX 2000 so that I can join a computer to a specific OU in the domain. Or if there a better way of doing this?

This is the script in question.

Const WIN9X_UPGRADE = 16

If WScript.Arguments.Count < 3 or WScript.Arguments.Count > 4 Then
strDomain = WScript.Arguments.Item(0)
strUser = WScript.Arguments.Item(1)
strPassword = WScript.Arguments.Item(2)

'set DNS IP address
If WScript.Arguments.Count = 4 Then
strDNSIP = WScript.Arguments.Item(3)
Set objShell = CreateObject("WScript.shell")
objShell.Run "netsh int ip set dns ""local area connection"" static "& _
strDNSIP &" primary",0,0
End If

End If

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & _
"\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _


0 Comments   [ + ] Show comments


Community Chosen Answer

I am using a PowerShell Script that is working really well for us our environment is Windows 7 Enterprise, here is the Power Shell Script:

Start-Sleep -s 20
$User = $args[0]
$Pass = ConvertTo-SecureString $args[1] -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass

Add-Computer -domainname DOMAIN.COM -OUPath $args[2] -cred $Credentials
Remove-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name DefaultPassword
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name AutoAdminLogon -value 0

I've hardcoded the DOMAIN into the script so you would need to change it to whatever your domain name is.

Then my K2 Command line string is:
start /wait powershell.exe -nologo -executionpolicy bypass -noprofile -file ATCCJoinDomain.ps1 "DOMAIN\USER" "PASSWORD" "OU=W7_LabPCs,DC=DOMAIN,DC=COM"

The only issue I have with this script is if the computer already exists in AD in a different OU it will error out, I haven't explored exactly why.

--If this post helped you, please consider rating this post.
Answered 02/14/2012 by: jrscribner
Purple Belt

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

All Answers

Jrscribner - Thanks for sharing!

I modified your powershell script to suit my domain and it worked perfectly. This absolutely is what I was looking for.

Answered 02/14/2012 by: asanchez
Orange Senior Belt

This content is currently hidden from public view.
Reason: Hidden by Admin For more information, visit our FAQ's.
This content is currently hidden from public view.
Reason: Hidden by Admin For more information, visit our FAQ's.
I went with a less creative solution because I still had XP stuck in my head when I started. As part of my Win 7 sysprep.xml on images, post-install task on scripted install, I use the NETDOM JOIN command.

idk I keep things simple.
Answered 02/14/2012 by: RandomITPro
4th Degree Black Belt

This content is currently hidden from public view.
Reason: Hidden by Admin For more information, visit our FAQ's.

Glad I could help, we used a vbscript very similar to the one you listed with our XP deployment it can be done but the PowerShell script is so much cleaner.


I am planing on trying that I just need to find some time to experiment with it, I've already built the KBE just need to test it. I've thought about using a protected password file just have never made it back to the script to update it, I threw this one together last summer when we put our K2 in so we could get through our summer deployment cycle and now I'm going back thru and cleaning up my K2 scripts. I'm looking forward to seeing how you implement this.
Answered 02/14/2012 by: jrscribner
Purple Belt

ORIGINAL: cserrins

NETDOM is not officially supported in Windows 7.

Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)

True I get a bunch of stuff I don't need but that's ok to me.
Answered 02/15/2012 by: RandomITPro
4th Degree Black Belt

I've made this to join PC's in our DK sites

It prompt for the user name to use to join the domain, then ask what sites it should be put in (you can change that part to what you need)
and look if it's a dekstop/laptop to determine what OU it should be in aswell :)
edit: It will aslo add a user/group to local admins right away

Just replace "YourDomain" with your domain name and make sure the OU path is correct for your domain (and ofcause the group/users it needs to add to the PC admin group)

Write-Host "This Script will add the Pc to the domain..."
write-host " "
$initials = Read-Host "Type your admin initials: "

$PCType = "PC"

$system = Get-WMIObject -class Win32_systemenclosure
$type = $system.chassistypes

Switch ($Type)
"1" { #"Chassis type is: $Type - Other"
#"2" {"Chassis type is: $type - Virtual Machine"}
"3" { #"Chassis type is: $type - Desktop"
#"4" {"Chassis type is: $type - Low Profile Desktop"}
#"5" {"Chassis type is: $type - Pizza Box"}
#"6" {"Chassis type is: $type - Mini Tower"}
#"7" {"Chassis type is: $type - Tower"}
"8" { #"Chassis type is: $type - Portable"
"9" { #"Chassis type is: $type - Laptop"
"10" { #"Chassis type is: $type - Notebook"
#"11" {"Chassis type is: $type - Handheld"}
"12" {#"Chassis type is: $type - Docking Station"
#"13" {"Chassis type is: $type - All-in-One"}
#"14" {"Chassis type is: $type - Sub-Notebook"}
#"15" {"Chassis type is: $type - Space Saving"}
#"16" {"Chassis type is: $type - Lunch Box"}
#"17" {"Chassis type is: $type - Main System Chassis"}
#"18" {"Chassis type is: $type - Expansion Chassis"}
#"19" {"Chassis type is: $type - Sub-Chassis"}
#"20" {"Chassis type is: $type - Bus Expansion Chassis"}
#"21" {"Chassis type is: $type - Peripheral Chassis"}
#"22" {"Chassis type is: $type - Storage Chassis"}
"23" {#"Chassis type is: $type - Rack Mount Chassis"
#"24" {"Chassis type is: $type - Sealed-Case PC"}
Default {"Chassis type is: $type - Unknown"}
if ($PCType -eq "LT") {$OUType="Laptops"}
if ($PCType -eq "PC") {$OUType="Desktops"}
if ($PCType -eq "VM") {$OUType="Desktops"}

$Country = "DK"
Write-Host "Select site"
Write-Host "1. Hoersholm"
Write-Host "2. Avedoere"
Write-Host "3. Roskilde"
Write-Host "4. Graasten"
$site = Read-Host "(1-4): "
Switch ($site)
"1" {$OUSite = "Hoersholm"}
"2" {$OUSite = "Avedoere"}
"3" {$OUSite = "Roskilde"}
"4" {$OUSite = "Graasten"}
Default {$OUSite = "Hoersholm"}

$ComputerOU="OU=" + $OUType + ",OU=Computers,OU=" + $OUSite + ",OU=" + $Country + ",OU=CH,DC=YourDomain,DC=FQN"

Add-Computer -domainname YourDomain -Credential "YourDomain\$initials" -OUPath "$ComputerOU"
$objReturn = $?

if ($objReturn) {
write-host "Success ! Autologon will be removed!"
Get-PSDrive | where {$_.name -match "hk"}
cd hklm:
$path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
set-ItemProperty -path $path -name DefaultUserName -value ""
set-ItemProperty -path $path -name AutoAdminLogon -value "0"
set-ItemProperty -path $path -name DefaultPassword -value ""
write-host "Autologon was removed, please reboot!"

if (!$objReturn) {
write-host "Failed to join domain, see error message!"


function AddLocalGroups{
Write-Host " "
Write-Host "If you don't write anything it will be a shared laptop"
$userName = Read-Host 'Initials of the PC owner:'

$computerName = $env:computername
$localGroupName = 'Administrators'
$Group1 = 'GlobalWKSAdmin'
if ($PCType -eq "LT") {$Group2 = 'SharedLaptop'}
if ($PCType -eq "PC") {$Group2 = 'SharedDesktop'}
if ($PCType -eq "VM") {$Group2 = 'SharedDesktop'}

[string]$domainName = ([ADSI]').name

Write-Host "User YourDomain\$Group1 is now member of local group $localGroupName on $computerName."

if ($userName -eq ') {
[string]$domainName = ([ADSI]').name

Write-Host "User YourDomain\$Group2 is now member of local group $localGroupName on $computerName."
if ($userName -ne ')

[string]$domainName = ([ADSI]').name

Write-Host "User YourDomain\$userName is now member of local group $localGroupName on $computerName."


function JoinDOMAIN {
$domain = “YourDomain”
$domainAcc = “YourDomain\$initials”
$Password = Read-Host -assecurestring "Please enter your password"
$DomainJoin = 1
$CreateAccount = 2
$AllowJoinIfAlreadyJoined = 32

$computer = get-wmiobject Win32_ComputerSystem
$ret = $computer.JoinDomainOrWorkGroup($domain,$domainPw,$domainAcc,$ComputerOU,$DomainJoin+$CreateAccount+$AllowJoinIfAlreadyJoined)
$ret = $ret.ReturnValue

Switch ($ret) {
2224 {
$ret = $computer.JoinDomainOrWorkGroup($domain,$domainPw,$domainAcc,$OU,33)
$ret = $ret.ReturnValue

You could also just do it in the XML file
Answered 02/21/2012 by: rmeyer
Second Degree Blue Belt


Try editing the Return Value as follows:

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, "OU=My OU,OU=My Other OU,OU=Another OU,DC=local,DC=domain,DC=com", _

Answered 11/08/2012 by: toucan911
Orange Senior Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ