Solved

Join Computers to Domain Automatically W95/W98/w2k/wxp

Posted on 2004-04-07
23
323 Views
Last Modified: 2007-12-19
This is a real challenge!!!!

I have over 20,000 machines in a workgroup, they are w95, w98, w2k and wXP. I need to join them to the domain automatically.
They can all see a central server.

I am thinking that it has to go around this area. I run a batch process to run a remote command on the machines to join a domain.

Has anyone done this before? Is there an application o a script out there?

Thank you very much

Chebastian
0
Comment
Question by:chebastian
  • 11
  • 7
  • 3
23 Comments
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
For WinXP or better, you have the JoinDomainOrWorkGroup and the Rename method in

the Win32_ComputerSystem class.

Rename Method in Class Win32_ComputerSystem
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/rename_method_in_class_win32_computersystem.asp

JoinDomainOrWorkGroup Method in Class Win32_ComputerSystem
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/joindomainorworkgroup_method_in_class_win32_computersystem.asp

Technet Script Center > Computer Management:

Join Computer to a Domain
http://www.microsoft.com/technet/scriptcenter/compmgmt/scrcm31.asp

Rename a Computer and Computer Account
http://www.microsoft.com/technet/scriptcenter/compmgmt/scrcm36.asp


For pre-WinXP OS (and WinXP as well):


The JoinDom freeware utility found at tip 5956 at
http://www.jsiinc.com/reghack.htm can be used.


Or you can use the command line utility netdom.exe from MS.

Latest version of netdom.exe can be downloaded from here:

Windows 2000 SP3 Support Tools
http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/supporttools.asp

There came one updated version with SP2 as well, but I would be very surprised
if the SP3 netdom version do not work on pre SP3 computers.


More info can be found here:

http://groups.google.com/groups?selm=3D7CFEC8.556EDB2B%40hydro.com

Hope that helps.


James
0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
My join computer to domain link is wrong.  Here it is...for XP:

http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm31.mspx

0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
Darn it...my JSI link is wrong too.

http://www.jsiinc.com/subl/tip5900/rh5956.htm

That's for all OS's.  It could be a fallback.  Youcould create an account with privelages to simply join computers to a domain, distribute this utility and that account information out to your users with instructions as a fallback.

You main problem here is the legacy OS's...they are not designed to work with 2003
0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
Also...just found this link on how to automate the creation of computer accounts.  Could be useful with Windows 2000 and Windows XP accounts.  Doesn't do anything for you on the 9x operating systems though.
0
 
LVL 9

Accepted Solution

by:
jamesreddy earned 250 total points
Comment Utility
And lastly...netdom.exe utility:

Can be downloaded from http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/supporttools.asp

Netdom.exe

How To Join a Domain From the Command Line
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q150493

How to Use Netdom 2.0 to Create a Windows Computer Account on a Selected Domain
Controller
http://support.microsoft.com/support/kb/articles/Q266/6/51.ASP

Automating the Creation of Computer Accounts
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q222525


That's all I could find for you man.  Good luck.

James
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
Comment Utility
Hey James..

For him, I think Netdom is the best solution.  As far as the 9x clients are concerned, they don't have domain accounts.  It would be helpful to install the Directory Services client on NT4 and lower workstations.

0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
I was thinking the same thing.  I did forget to mention DSCLIENT though.  They will need that in order to see the Active Directory structure correctly.

However, he wants to 9x clients to be logged into the domain, if I understand the question correctly.  I know they don't have computer accounts, but client for Microsoft Networks still need to be configured for the user to log into the domain, rather than the local workstation which is why I posted the other info.
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
That info was correct - thus, no need to mention it!

I wasn't contradicting you - just filling in the blanks and reaffirming your answers.

0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
OH...geez...NETMAN!  I didn't even know it was you.

Ahhh...well, I misread your message.  :)  Sorry...I have the flu, a fever, and thus...I am out of it.  lol.  I originally got the impression you thought I was trying to tell him to create computer accounts in the domain for the 98 machines.

Should have known better if I had looked at the author's name.  I would have reread it three times before responding to the man who saved my butt twice.  :)
0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
But like I said...I did forget to mention DSCLIENT.  So thanks for the backup!  :)
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 51

Expert Comment

by:Netman66
Comment Utility
No problem James!

Hope you get better soon.

0
 

Author Comment

by:chebastian
Comment Utility
Sorry for the bother but here is the problem, I need to perform this remotely and automatically with no user intervention, if it is a possibility.

thanks
0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
All the commands listed can be executed from a simple login script.  Just create a batch file and have the remote systems run it from a login script.  should be nothing to it.
0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
For systems that are NT, 2000, XP, or 2003, you can also use a utiltity called psexec that you can download and read about below:

http://www.sysinternals.com/ntw2k/freeware/psexec.shtml

I do not believe it'll work for 9x based machines though.
0
 

Author Comment

by:chebastian
Comment Utility
How do I run a login script if they are not joined to a domain? I had the idea that you would have to be logged in order to run a script. Psexec needs you to know the password of the local machine in order to run a command. (right?)

thanks
0
 
LVL 9

Expert Comment

by:jamesreddy
Comment Utility
Heh...you have a point.  LOL.  Can't believe I even suggested it.  Must be that fever of mine again.  :)

I guess then, your only alternative  is to make the batch file and put it into a location that the users can access it.  They can run it from a network share or you can email it to the users.  You're really limited in the capacity to use 98...as you pointed out, without a domain, they cannot run login scripts, and since they are 9x, they do not have machine accounts and therefore cannot run machine scripts or other utilities like psexec.exe.

If they were all NT, you'd be in the clear.  And yes, you'd need to know passwords to access the machines.  You have no alternative there.  NT security is designed to require a username and passwords to execute commands.  You have no choice in the matter and there is no way around this.  It is no different than joining a machine to the network the old fashioned way.  You'd have to log in to the local machine and join it, so you need to know the username and password.

If you're looking for a solution that does not require you to gain local access to the machine with a username and password, it does not exist.  If it did, that would contradict the idea of what NT security is all about.

James
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Easy as pie!

Create this folder:  C:\Netlogon
Share it using the default name of Netlogon
Put your script in there - call it logon.cmd.
On the user's account properties add logon.cmd to the script field.

Done.

0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Script field is on the Profile tab on the user account.
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
For the 9x machines - you won't be joining the domain, but instead configuring the Microsoft Client for domain login.

I don't have any 9x boxes to look at, but if you download InCtrl from here: http://www.pcmag.com/article2/0,4149,9882,00.asp

You can monitor what registry keys are modified when you change the client for domain login and create a reg file to run to do it for you.

0
 

Author Comment

by:chebastian
Comment Utility
Question netman66,

when I create the netlogon folder and put the script in there, and in ad i chose logon.cmd in the script field. How are computers not joined to the domain use that script. Remember ther has to be no user intervention?.

Could you further explain what goes on in your solution because it seems very logical, however i think that if machines aren't hoined to the domain why would they go an look for the netlogon folder, or is that a default for workgroup machines?.

Also, could you provide a sample of the script, is it using netdom?

thanks

Sebastian
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
By default NT, 2000 and XP look for a Netlogon share for the script.  I was referring to adding the script to the local user account - but given further consideration, if you have to visit the workstation you might as well join it manually.

Yes, the script uses Netdom.exe, but like I said above if you have to go to the PC to get my first solution running you might as well join the domain while you're there instead.

Since joining the workstation requires you to be logged in as local Admin and you'll be asked for the Domain Admin account to finish there is no easy way to do this remotely.

If each location has a local "admin" then you can make a temporary user account for the domain while they join workstations for you - other than this, it's road trip heaven for you.

If you still want to toy with the script idea let me know.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now