[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SUPER TRICKY QUESTION - Join domain from command line without NETDOM

Posted on 2006-04-12
21
Medium Priority
?
6,109 Views
Last Modified: 2009-03-02
Hi there,

I'm after a way of joining a box to domain from the command line without using any reskit or thirdparty utilies. The only tools allowed are ssh for getting onto the box and standard windows binaries. No scripts (like vbs using WMI) may be deployed either.

You can use and .inf file if required (like fo sysoc).

Why I think this is possible - well it's something you can script for unattended installation, so calling an .inf file that joins the box must be possible somehow.
0
Comment
Question by:dcx45
  • 8
  • 8
  • 2
  • +1
19 Comments
 
LVL 26

Expert Comment

by:MidnightOne
ID: 16437988
dcx45:

Stipulations:
 * DNS and the other TCP/IP settings are correct.
 * you're logged onto a domain controller with an account operators or higher privilige account

At a command prompt, type
NET COMPUTER \\(name of system) /ADD

0
 

Author Comment

by:dcx45
ID: 16440506
Err no, if it was that easy I wouldn't post here.

You've got no access to the domain controller whatsoever. You only have an account which has the right to add machines to the domain.

All commands must be carried out on the computer being added.
0
 
LVL 27

Expert Comment

by:Exchange_Admin
ID: 16442566
This may be a little picky but you stated:
"You've got no access to the domain controller whatsoever"
If you have no access WHATSOEVER then you will not be able to join the domain.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:dcx45
ID: 16446175

Yeah, hecklers is what we need :)

You know very well what I meant.
0
 

Author Comment

by:dcx45
ID: 16446260
new point value :)
0
 
LVL 27

Expert Comment

by:Exchange_Admin
ID: 16446303
Please don't take offense.
My statement was not meant as a heckle.
0
 
LVL 26

Expert Comment

by:MidnightOne
ID: 16456663
dcx45:

dsadd computer cn=%computername%,ou=computers,dc=domain,dc=local -d DOMAIN -u DOMAIN\administrator -p password

HTH

MidnightOne
0
 

Author Comment

by:dcx45
ID: 16476909
Nice try, but this only creates the account in the AD. It does not make the machine itself a member of the domain.


0
 
LVL 26

Expert Comment

by:MidnightOne
ID: 16501583
dcx45:

It's *closer*.... ;-)

MidnightOne
0
 
LVL 26

Expert Comment

by:MidnightOne
ID: 16509150
dcx45:

Make the support tools from Windows XP part of the base install.

netdom join %computername% /Domain:domain.local /userD:domain\administrator /PasswordD:* /reboot:5

HTH

MidnightOne
0
 

Author Comment

by:dcx45
ID: 16511954
Hi thanks,

that's where it all started. I know about netdom, that's why the questions (see above) says:

"without using any reskit or thirdparty utilies. The only tools allowed are ssh for getting onto the box and standard windows binaries. No scripts (like vbs using WMI) may be deployed either."

netdom is a resource kit utility. Which is the key differentiator. I appreciate the legwork you're putting in, I'm sure it's not easy staying the top EE expert :), but I've been around the block couple of times too. I was more hoping that somebody with indepth knowledge of the sysoc and install procedures might be able to help as you can "script" domain join in your unattended file. (and you can obviously do this change from the GUI). There must be some dll call that let's you do this....
0
 
LVL 26

Expert Comment

by:MidnightOne
ID: 16527474
dcx45:

Actually, it's a support tools utility, and (in theory) not subject to the restrictions you listed. Here's my "street lawyer" take:

 * It's a Microsoft product, and therefore cannot be a third-party utility.
 * Because it's in the support tools, it's not a resource kit utility - you didn't install the RK utilities.
 * It's part of the XP CD, and therefore is a standard windows binary.

If you have the ssh to the domain controller (from the original wording, I'm not sure if ssh is to the client or DC), NETDOM is there by default IIRC.

HTH

MidnightOne
0
 

Author Comment

by:dcx45
ID: 16527904
Hi,

I appriciate your effort on this. The whole point is to take bog standart out-of-the-box installation of Windows, add the  OpenSSH client and use the command line to join the machine to a domain. AFAIK netdom is not present in such scenario. I'm not gonna go into the reasons why this is a no go for us (too lenghty and too many politics). Therefore I was after invocation of the method which is utilised by the unattend text file when you normally join a machine to a domain at a build time. I'm sorry to be such a pain in the ass, but I am and was very well aware of all the methods listed in this thread so far. I didn't call it "super tricky question" for nothing.

Tks,

R.
0
 
LVL 26

Expert Comment

by:MidnightOne
ID: 16547458
dcx45:

They may well have given you the impossible task. Without a script and/or access to NETDOM, I can't see a way to do it.

That said, here's a VB script that will do it.

<--- begin>

'=========================================================================
'Bowdoin College CIS Department
'Created 8-27-2002 by sblanc
'
'Adds Windows 2000/XP computers to the domain and reboots them
'Created specifically for adding student computers to domain
'=========================================================================
Option Explicit

Const JOIN_DOMAIN             = 1
Const ACCT_CREATE             = 2
Const ACCT_DELETE             = 4
Const WIN9X_UPGRADE           = 16
Const DOMAIN_JOIN_IF_JOINED   = 32
Const JOIN_UNSECURE           = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET        = 256
Const INSTALL_INVOCATION      = 262144

Dim strDomain, strPassword, strUser, strComputer, ReturnValue
Dim objComputer, objNetwork, objWMIService, objOperatingSystem
Dim colOperatingSystems

strDomain   = "YOUR_DOMAIN_GOES_HERE"
strPassword = "YOUR_DOMAIN_ADMIN_PW_GOES_HERE"
strUser     = "YOUR_DOMAIN_ADMIN_GOES_HERE"

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
                   strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
                   strComputer & "'")

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
                                                strPassword, _
                                                strDomain & "\" & strUser, _
                                                NULL, _
                                                JOIN_DOMAIN + ACCT_CREATE)

'Display Completion Message to user
Dim objShell, intValue

Set objShell = CreateObject("WScript.Shell")
intValue = objShell.Popup("Your computer has been added to the Domain." _
            & vbCRLF & "Your computer will now reboot.", , , vbExclamation + vbOKOnly)


'perform Reboot
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
    ("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
    ObjOperatingSystem.Reboot()
Next



<!-- end>

HTH

MidnightOne
0
 

Author Comment

by:dcx45
ID: 16632746
Agreed, I was validating what I've learned over the last couple of months. There isn't a widely known or accepted solution to do this.
0
 
LVL 26

Expert Comment

by:MidnightOne
ID: 16800013
dcx45:

Something just sprang to mind... if they're against using anything but basic install, how do they expect to get the same functionality that an unattended.txt file gives when that's part of the support tools on the XP CD?

Just a thought.

MidnightOne
0
 

Author Comment

by:dcx45
ID: 16800185
because we're constructing it on the fly with FreeBSD, hmm I wonder what security would say if we captured the domain logon stuff during the BSD interactive phase and pumped it into the file....
0
 
LVL 26

Accepted Solution

by:
MidnightOne earned 2000 total points
ID: 16832308
dcx45:

Is a RIS install possible, with the WINNT.SIF and other required files on floppy for the rollouts? Granted that RIS has weird requirements (its own partition on a W2K+ server, for one), but that would seem to meet all requirements.

MidnightOne
0
 
LVL 2

Expert Comment

by:jasenwebster
ID: 27627128

I know this is an old post, but I ran into the same scenario as dcx45 and thought I would comment.  

Another option to add a computer to a domain from the command line without netdom is to use wmic.exe. Wmic.exe is included in Windows XP during the install. Nothing needs to be installed or added to the system.

I spent days trying to figure out how to use wmic.exe to join the domain. The biggest key was figuring out the syntax as there are a couple of different ways to do it. Importantly, if you specify the AccountOU, you must use the DN as mentioned above. What it fails to mention is that WMIC uses commas (,) to separate paramaters and will cause WMIC to fail. You must use semicolons (;) in your DN instead.  

Example: "OU=testOU; DC=domain; DC=Domain; DC=com"  

Reveiw the command line code that I have included.  Both options work, but the first one is easier to edit and the parameters can be in a different order.
Note: FJoinOptions should be a "1" if adding a new computer to the domain and the computer account does not exist.  Otherwise, set FJoinOptions to a "3".  

Command Line examples 

wmic.exe /interactive:off ComputerSystem Where "name = '%computername%'" call JoinDomainOrWorkgroup AccountOU="OU=XP Workstations;DC=my;DC=domain;DC=com" FJoinOptions=1 Name="my.domain.com" Password="xyz" UserName="admin@my.domain.com"  

wmic.exe /interactive:off ComputerSystem Where "name = '%computername%'" call JoinDomainOrWorkgroup "OU=XP Workstations;DC=my;DC=domain;DC=com", 1, "my.domain.com", "xyz", "admin@my.domain.com"

Open in new window

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question