[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Script to bind computer to domain AFTER being named

Posted on 2011-05-05
8
Medium Priority
?
1,058 Views
Last Modified: 2012-05-11
Hi guys--I currently have a sysprepped image that boots up and prompts for a Computer Name before automatically logging into Windows 7 Enterprise as the local administrator.  I'm interesting in creating some kind of firstlogoncommand that will then bind the computer to the domain and prompt for credentials to do so.  I noticed in my searches that a few folks have done this but can't seem to find the proper script or method for adding it to the answer file.  Any ideas?

I'd also like, during this process, to add a Security Group to the local administrators group on the PC.  I know that may be asking a bit too much.

Any help would be fantastic!
0
Comment
Question by:DolorousDave
8 Comments
 
LVL 12

Expert Comment

by:serchlop
ID: 35699190
You can create a bat file with the rigth command for your domain, but the easy way is to create a sysprep.inf file with the sysprep tool.

You can create a bat file withnet computer command.

Using a simple command, you can add or remove a computer to a domain.

You must be a domain administrator to run this command

Open a command prompt:

Type:
net computer \\computername /add
to add a computer to the domain

Type:
net computer \\computername /del
to remove a computer from the domain.

These command are especially valuable if you are using batch files.

Or maybe the next info could help

See following :
Example: “OU=testOU; DC=domain; DC=Domain; DC=com”
Command Line examples
1. wmic.exe /interactive:off ComputerSystem Where “name = ‘%computername%’” call JoinDomainOrWorkgroup AccountOU=”OU=XP Workstations;DC=my;DC=domain;DC=com” FJoinOptions=1 Name=”my.domain.com” Password=”xyz” UserName=”admin@my.domain.com”
2. wmic.exe /interactive:off ComputerSystem Where “name = ‘%computername%’” call JoinDomainOrWorkgroup “OU=XP Workstations;DC=my;DC=domain;DC=com”, 1, “my.domain.com”, “xyz”, “admin@my.domain.com”

To create a bat with netdom, here is some info.
http://support.microsoft.com/kb/150493
0
 
LVL 13

Expert Comment

by:BCipollone
ID: 35699568
The only problem I see is trying to make it use whatever the current computer name is everytime you run it. You would need to create a variable off of the computer name and be able to use a variable in the net computer command.

0
 
LVL 7

Accepted Solution

by:
CitizenRon earned 1000 total points
ID: 35702241
The NETDOM command is built-in to Windows 7 at least and can easily be scripted using the normal %COMPUTERNAME% variable for the Machine that needs to join the domain, including the Organizational Unit to put the Workstation object and prompting for credentials.

Here's the batch file I use for this to prompt for credentials, join the domain and reboot 10 seconds after success:

@Echo Off
Set /P UserD=Enter a "Domain Admin" user name:
Echo.
NETDOM JOIN %COMPUTERNAME% /Domain:Company.com /UserD:%UserD% /PasswordD:* /OU:ou=Workstations,dc=Company,dc=com /REboot:10

Open in new window


You may or may not want to use the /REBoot parameter (seconds to automatically reboot after joining the domain) depending on your preferences.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 7

Expert Comment

by:CitizenRon
ID: 35702412
And if you wan PoSH code, I haven't tried it yet, but this code should work if you put in the right info for the capitalized words

$DomainCredential = Get-Credential

Add-Computer -DomainName "DOMAIN.COM" -Credential $DomainCredential -OUPath "ou=WORKSTATIONS,dc=COMPANY,dc=COM"

$DomainGroup = [ADSI]("WinNT://DOMAIN/SECURITYGROUP")
$LocalGroup = [ADSI]("WinNT://$Env:ComputerName/Administrators")
$LocalGroup.PSBase.Invoke("Add",$DomainGroup.PSBase.Path)

Open in new window


Don't expect a VBScript version from me though.  It's too annoying to work with Local and Domain Security in VBScript that I never did figure it out.  The Batch and PowerShell versions are easy enough to work with and since it's always the IT department doing this function, it never needs to look pretty.
0
 
LVL 7

Expert Comment

by:CitizenRon
ID: 35702434
Looks like I missed the Local Admin group setting in the batch code... here's the full thing:

@Echo Off
Set /P UserD=Enter a "Domain Admin" user name:
Echo.
NetDom Join %COMPUTERNAME% /Domain:COMPANY.COM /UserD:%UserD% /PasswordD:* /OU:ou=WORKSTATIONS,dc=COMPANY,dc=COM
Net LocalGroup Administrators "DOMAIN\SECURITYGROUP" /add
ShutDown -f -r -t 10

Open in new window

0
 

Author Comment

by:DolorousDave
ID: 35706635
This is amazingly helpful Ron!  Thank you SO much.  Now I just need to figure out how to get the script to run using the FirstRunCommands function in the answerfile.
0
 

Author Comment

by:DolorousDave
ID: 35707764
So, I guess maybe I need a little more help here, if you're willing.  When I run this script on a computer already joined to the domain, it correctly says "This computer is already joined to the domain" and exits.  However, when I run it on the new sysprepped computer, it errors out with unrecognized command.

Any ideas why?  I also can't seem to get it to execute using "FirstLogonCommands" in the answer file...
0
 
LVL 7

Expert Comment

by:CitizenRon
ID: 35710369
Is that the whole error message?  "unrecognized command"?  If you do "NETDOM HELP" does it show the "JOIN" command?

As for the FirstLogonCommands, it should be something like this:
<FirstLogonCommands>
	<SynchronousCommand wcm:action="add">
		<CommandLine>CMD /C C:\SCRIPTS\JoinDomain.cmd</CommandLine>
		<Description>JoinDomain</Description>
		<Order>1</Order>
	</SynchronousCommand>
</FirstLogonCommands>

Open in new window

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question