KACE Product Support Question

Trying to add a computer to a security group at the same time as adding to the domain during deployment in K2000

03/27/2017 1429 views
I have modified the join domain script to also enable UAC and attempt to add the computer account in AD to a security group, but am failing to get the group added ok.

The powershell script works when run from a computer on my network, and everything else about the script works fine.

Here is a redacted version of the script, I tried moving the add to security group part around a little, but it just doesn't seem to work during the deployment!  I would have expected that adding to the end will mean the account is in AD and ready to be used by this script to add to the group.

#enter user account that will be used to join domain

  $domain= "tailspintoys.com"
  $password= "5555555555555" | ConvertTo-SecureString -asPlainText -Force
  $user= "$domain\JoinPCaccount"

  $cred= New-Object System.Management.Automation.PSCredential($user,$password)

#edit for OU path

   $oupath = 'OU=standard,OU=computers,DC=tailspintoys,DC=com'
   $server= "domaincontroller1.tailspintoys.com"

#add computer to OU

  Add-Computer -domainname $domain -oupath $oupath -Credential $cred -ErrorAction silentlycontinue -Server $server

#add computer to domain

  Add-Computer -DomainName $domain -Credential $cred

#pull info to add computer to correct local groups

  $group= Get-ADGroup "CN=Laptop-Computers,DC=tailspintoys,DC=com" –Server $server;
  $hostname= hostname
  $computerName= Get-ADComputer $hostname –Server $server;

#add computer to local group

  Add-ADGroupMember $group -Member $computerName -Server $server -Credential $cred
2 Comments   [ + ] Show comments


  • I don't know about the PS script, but I wanted to mention that we do a similar thing through the setup configuration (aka "unattended") XML and it works great for us.
    • Hi JasonEgg

      How are you provisioning the hostname for the machine and the domain join if using unattend file?
      • This content is currently hidden from public view.
        Reason: Removed by member request For more information, visit our FAQ's.
      • It was set up by someone else, so I don't exactly know. There's plenty of documentation online.
  • Hi JasonEgg

    What I meant was that the auto unattend file would have to be hard coded with the hostname. I have the hostname provisioned as a kid deployment task. So it would not work to do it. I will edit the script to save the output to a file as I can briefly see on the deploying the powershell flash up on the screen with red text (so it is erroring out).

All Answers

Tangential, relating to my comments.

Here is the section of our unattend.xml which adds the comp to the domain
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
    <MachineObjectOU>OU=YOUR_OU, DC=YOUR_OTHER_VALUES</MachineObjectOU>
Answered 03/30/2017 by: JasonEgg
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ