We help IT Professionals succeed at work.

Join a domain over vpn...

Hi!
I'm deploying a domain in a company, 30 users, many of them are connected through VPN.
I need them to join the domain, remotely.
I'm using a script to join the domain, after the vpn connection is established. I also have a gpo that will make "power User" every member of the domain.
The problem comes when they reboot, since the VPN Connection is lost, it's impossible to log in. The VPN is based on a Sonic Wall, the only way to establish the connection is to connect with a web browser.
So I wonder if there is a way, using another script or completing the one I use, to add directly the concerned user, who could log in even if the domain is unavalible.

Sorry for my poor english... I'm practicing as much as possible...
Antoine

the script beeing used:

the script beeing used:
Const JOIN_DOMAIN             = 1
Const ACCT_CREATE             = 2
Const ACCT_DELETE             = 4
Const WIN9X_UPGRADE           = 16
Const DOMAIN_JOIN_IF_JOINED   = 32
Const JOIN_UNSECURE           = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET        = 256
Const INSTALL_INVOCATION      = 262144
 
strDomain   = "domain.local"
strPassword = "password"
strUser     = "administrateur"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = _
    GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" _
    & strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, _
    strDomain & "\" & strUser, _
    NULL, _
    JOIN_DOMAIN + ACCT_CREATE)

Open in new window

Comment
Watch Question

Top Expert 2013
Commented:
It is usually best to do this with a VPN that is created as a site-to-site VPN, using 2 VPN routers, so that the connection to the domain is always available.

It sounds like you are doing this with a VPN client? If so it is necessary to use the Windows built-in VPN so that the VPN can be established before logon (after joining the domain). There are a few VPN clients that can do this, I believe Cisco but most cannot. Therefore the best bet is to set up the Windows RRAS VPN at least for this purpose, if you have not done so already. With that available it is possible to join the domain remotely. The following outlines the process. Though it specifies for Small Business Server, but I have used it for Server 2003 as well.
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/83/Connecting-a-remote-workstation-to-a-domain.aspx

Sorry I cannot help you with the scripting, but if you know the necessary steps that must be taken, it may help.
I don't think you will be able to script the whole process without user intervention, but I am not a programmer.

Author

Commented:
i had thought about this way... but thank you for your answer!
Top Expert 2013

Commented:
Thanks psionnist.
Cheers !
--Rob