Solved

Join and rejoin a computer / Move a Computer from OUs within a domain in a command line

Posted on 2014-03-11
15
89 Views
Last Modified: 2015-06-24
Dear all,

I need to do two action in command line :

1-Join a computer (Windows XP or 7) to a Domain or specific domain controller  with an account that has Admin right

2-Re-join a computer  (Windows XP or 7) to the Domain or specific domain controller in case the computer crashed and the same computer name is kept after masterization...

3- Move a computer from one OU within another OU.

It looks like the second one is tricky because there is actually a deletion of the computer object and a recreation of the object in the new OU ????

I no i can use Netdom and Powershell but i'm new to the business and i need example i can rely on by just replacing what needs to be replace in the syntax.

Thank Guys
0
Comment
Question by:AMATERASOU
15 Comments
 
LVL 13

Expert Comment

by:Andy M
ID: 39921468
I'm not sure of the exact syntax but I believe these can be done through using the DS.. commands in a command prompt. The following is the Technet article about it with the commands listed:

http://technet.microsoft.com/en-us/library/cc778414%28v=ws.10%29.aspx

For the second option I guess you would just remove/delete the AD object first then re-add it in the same method you would use for a new computer.
0
 
LVL 4

Accepted Solution

by:
Jason Ryberg earned 500 total points
ID: 39926389
Are you looking to perform these actions remotely or from a DC?

If from a DC, here's some PowerShell giving you what you're looking for:

Import-Module ActiveDirectory

#ask for credentials to perform tasks
$cred = Get-Credential

#Join a computer to the domain 
New-ADComputer thisisatestcomputer -Credential $cred
#optionally, place the computer in a target OU
New-ADComputer thisisatestcomputer -path "OU=SERVERBUILDS,DC=contoso,DC=com" -Credential $cred

#Check computer membership, delete if necessary, and rejoin
Get-ADComputer thisisatestcomputer | Remove-ADComputer -Confirm:$false -Credential $cred

#Move computer object's OU
Get-ADComputer thisisatestcomputer | Move-ADObject -targetpath "CN=Computers,DC=contoso,DC=com" -Credential $cred

Open in new window

0
 

Author Comment

by:AMATERASOU
ID: 39926449
Hello,

Thank you so much but i need to perform this action remotely.

What should i do if i need to perform this action remotely ?

Thanks for your help.
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39926478
You'll need to run Enable-PSRemoting on your DC initially.  In other words, remote to your DC, open an elevated PowerShell prompt, and type Enable-PSRemoting

You might also need to set your Execution Policy to a lower level on the box you'll be running the script from:
Set-ExecutionPolicy Unrestricted

Open in new window


Next, establish a remote connection to your DC:
$RemoteServer = "dc01"
$s = new-pssession -computer $RemoteServer
Invoke-Command -session $s -script { Import-Module ActiveDirectory }
Import-PSSession -session $s -module ActiveDirectory

Open in new window


Then, you'll be able to run the commands above from your remote PowerShell prompt.
0
 

Author Comment

by:AMATERASOU
ID: 39926665
Thank you

But then last question how do i put all that together ?
Lets assume  i need to run the script from a 7 workstation or 2008 R2 server
in order to add machines to the domain ?
I'm not good at scripting :-(
Thank you
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39926719
Are you going to interact with the script (i.e. sitting in front of the screen typing), or will this be part of some kind of automated function?
0
 

Author Comment

by:AMATERASOU
ID: 39926769
I will be interacting with the script.
i will enter the name of the workstation remotely from a server or workstation and from there the folowing task are automated:

1- Join the computer to the domain and the right OU

2- Rejoin computer to the domain

3- Move the computer from one OU to another OU (I think this can be another script)

NB: I don't know if i'm in the right place for this post though.

Thanks a lot for your help and guidance.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39927065
See the attached script.  You will need to rename the extension to ps1.  You will need to ensure you have set your execution policy to unrestricted to get it to run on your workstation.
Computer-Tasks.txt
0
 

Author Comment

by:AMATERASOU
ID: 39927163
Thank you so much!

But i have an error message stating that connexion couldn't be made to the server.
i've set the Execution policy to Unrestricted on my workstation.
should i do the same on the DC ?
Should I import powershell AD module on the DC ?
I have the version 3 of Powershell on my Windows 7 workstation.
I've already imported powershell AD module.
The DC i've set inside the script is my logonserver, and i've put the DC fqdn.

Thank you very much
Error-Message-Join.jpg
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39927170
Did you run Enable-PSRemoting on your DC?  Can you do that an then paste any error messages?
0
 

Author Comment

by:AMATERASOU
ID: 39929505
Error_Task-2_3Hello

First: Yes i did execute Enable-PSRemoting on the DC see attached screenshot (EnablePSremoting.jpg)

Second: I don't know for what reason but i can't remotely execute the script from my Win 7 Worstation remotely.... see attached screenshot (Executing Remotly_From-My Win7_KOEnablePSremotingError_Task-1_2_3 Executing Remotly_From-My Win7_KO.jpg)

Third: the computer Object already existed in the domain and when i tried to rejoin or move to another OU i had errors..... see attached screenshot (Error_Task-1_2_3.jpg)

Fourth: I deleted the computer Object in AD and tried a Join. The join worked (Created the computer obbject in AD) But the Rejoin or Move to OU did not work.....see attached screenshot (Error_Task-2_3.jpg)

When the machine was in the OU computer i tried to logon the machine as a domain user but the machine was still not in the domain.

I thank the script just create the object in AD but doesn't physically  join the machine to the domain

I was thinking can we put the target path in the script so the machine doesn't go srtaight to the computer container in AD.

I have a Forest with 4 child domains can we put a syntax for DC of other domains this will avoid modifying the server name in the script??

But for real THANK YOU!!!
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39929603
Let's tackle the (hopefully) easiest problem first.  Your error on establishing a remote connection to the DC shows that you're access is being denied.  Are you sure you're logging in with domain admin credentials or something similar?
0
 

Author Comment

by:AMATERASOU
ID: 39929724
Hello,

You right when i log on with my admin cred i'm able to connect remotely to the DC.
but i had to log on to my workstation with my admin cred. i thougt by login with my domain user account and right click on Ps1 to run as an administrator would do the job.
but as i was loged on with my domain user account it never ask me for my admin credential. on the contrary of when i was logged on with my domain admin account.
i was ask for admin credential when i ran Ps1 as an administrator

Oh well this was easy IT WORKS!!! Thank you!!!
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40848156
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now