?
Solved

Script to join server to domain when object already exists in active directory

Posted on 2011-10-24
10
Medium Priority
?
1,357 Views
Last Modified: 2012-05-12
We use SCCM OSD for server deployment.  One of our pre-build steps is for the builder to manually create the computer object in AD and in the appropriate OU.

During the build process using SCCM OSD, I can run scripts to do things.  I want one of those scripts to join the computer to the domain and ignore the fact that the object already exists in AD.  

If the computer object exists in AD and I manually join the computer to the domain, everything works fine.  However when I try and script this using powershell or vbscript, it bombs out because the object is already there.  I don't know why this is the case and I haven't found a workaround for it.

Just to answer the inevitable questions that will arise, we have a very complex OU structure so we can't script adding the servers to one OU because a server could go into one of any of the 30 or so OUs we have.  We deploy a high volume of servers for different business units within the company.  Also, it is far more preferable to have the builders create the objects first rather than letting a script add the servers to the generic Computers OU or some other OU and risk having them forget to move the objects, resulting in issues later on.

I would think there would be a simple piece to add to a script to have it ignore the objects exists and simply join the domain rather than join and create the object.  How can I get around this.  Please provide a full script if you can as I am new to scripting.  I don't care if its vbscript or powershell.    
0
Comment
Question by:CMST_user
  • 5
  • 3
  • 2
10 Comments
 
LVL 8

Expert Comment

by:brittonv
ID: 37020585
This is due to the script using a different set of credientials than were used to create CO.  

Can you use the same creds for both purposes?  IOW Run script as the same usere used to create the CO?
0
 

Author Comment

by:CMST_user
ID: 37020622
I don't think it has anything to do with the script.  We have a service account setup in the script, but to test I also used my credentials which are domain admin and it bombed out.  The bombing out is 100% due to the object already being in AD.  I don't know how to get a script to ignore that.  I've tried disabling the account but that does nothing.  
0
 

Author Comment

by:CMST_user
ID: 37020635
Correction - that should say I don't think it has anything to do with the credentials.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 8

Expert Comment

by:brittonv
ID: 37021005
Try creating the Computer Object with the "Service Account" credentials
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 37021183
This code uses NetDom.exe to join the computer to the domain, and shouldn't bomb the script out if the object already exists.

Rob.
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("WScript.Shell")
strComputerName = objNetwork.ComputerName
strDomain = "YourDomain"
strAdminUser = "AdminUser"
strAdminPass = "AdminPass"
strCommand = "cmd /c NETDOM JOIN " & strComputerName & " /Domain:" & strDomain & " /userD:" & strDomain & "\" & strAdminUser & " /passwordD:" & strAdminPass & " /REBOOT 10"
objShell.Run strCommand, 0, True

Open in new window

0
 

Author Comment

by:CMST_user
ID: 37024265
I ran that script using cscript scriptname.vbs where I pasted that code into a vbs script.  The script did not return any errors, but it did not join the computer to the domain.  It also didn't reboot as the script says so I'm not sure where it got held up.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 37027849
OK, above this:
objShell.Run strCommand, 0, True

put this:
strCommand = InputBox("About to run", "Command", strCommand)

and then when you see that prompt, you can copy and paste that text directly into a command prompt to see what it does.

When you paste it at the command prompt, remove the cmd /c from the front.

Regards,

Rob.
0
 

Accepted Solution

by:
CMST_user earned 0 total points
ID: 37046834
I actually found a script that works perfectly.

Const JOIN_DOMAIN             = 1
Const ACCT_CREATE             = 2
Const ACCT_DELETE             = 4
Const WIN9X_UPGRADE           = 16
Const DOMAIN_JOIN_IF_JOINED   = 32
Const JOIN_UNSECURE           = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET        = 256
Const INSTALL_INVOCATION      = 262144

strDomain   = "DOMAIN"
strPassword = "PASSWORD!"
strUser     = "ACCOUNT"

Set objNetwork = CreateObject("WScript.Network")

strComputer = objNetwork.ComputerName

Set objComputer = _
    GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" _
    & strComputer & "'")

ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, _
    strDomain & "\" & strUser, _
    NULL, _
    JOIN_DOMAIN)
0
 

Author Closing Comment

by:CMST_user
ID: 37068331
After further research, found a script to do what I need.
0
 
LVL 8

Expert Comment

by:brittonv
ID: 37047185
What credential do you use in your script?
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Screencast - Getting to Know the Pipeline

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question