[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Rename and Join Domain script - problem when name exist in AD

Posted on 2014-03-19
7
Medium Priority
?
2,218 Views
Last Modified: 2014-04-03
This is a script I am using after imaging a thin client laptop.
What it does is join the domain, then rename the laptop while joined to the domain according to our naming convention, resulting in the Domain-Joining and Computer-Naming step needing only 1 reboot.

The problem is, if the computer name already exist in AD, it will only rename the computer and it will not join the domain.

I've pieced together this script with the help of others (judicious imitation), however, I feel the part where I need it to join the domain even if the computer already exists requires more advanced knowledge of WMI/win32 with respect to PowerShell and AD.


#Name computer based on naming convention and SMBIOSAssetTag, then Join the Domain, Then Reboot

$comp=gwmi win32_computersystem -Authentication 6
#Prompts you to enter in domain credentials to add
$cred=get-credential
#WMI Query to set new computer name
gwmi Win32_SystemEnclosure | % { $newname = "CITY-" + $_.SMBIOSAssetTag }
$domain="domain.com"
#Join The Domain
$comp.JoinDomainOrWorkGroup($domain,$cred.getnetworkcredential().password,$cred.username,$null,3)
#Rename domain-joined Computer
$comp.rename($newname,$cred.getnetworkcredential().password,$cred.username)
Restart-Computer

Open in new window


This is the part I believe needs to be adjusted:
$comp.JoinDomainOrWorkGroup($domain,$cred.getnetworkcredential().password,$cred.username,$null,3)

Open in new window


The $null part is the OU, I believe, and the 3 part is a code.
The reference for that is here: http://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx
I believe "3" is the sum of "1" and "2":
1 being "Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup."
2 being "Creates an account on a domain."

What I don't see here are any flags/bits that would let me delete the computer in AD before joining, or joining the system using the same name.

I tried 32 and 35 instead of 3 but that doesn't work.
0
Comment
Question by:garryshape
  • 4
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
BT15 earned 1336 total points
ID: 39943109
http://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx

you might try using4 instead:

$comp.JoinDomainOrWorkGroup($domain,$cred.getnetworkcredential().password,$cred.username,$null,4) 

Open in new window


unless you have already tried this, you might want to rename the computer prior to joining the domain.
0
 

Author Comment

by:garryshape
ID: 39943309
Ok I will try. I wasn't certain on the wording of that.
So 4 means it deletes the object from AD before creating the object right?
0
 
LVL 7

Assisted Solution

by:BT15
BT15 earned 1336 total points
ID: 39943341
not really sure. the wording confused me also.

I'll admit, using this method for joining machines to the domain is a little foreign to me.

if you had either the RSAT tools from Microsoft or the Quest AD tools installed on your image, I would suggest using the commandlets there to check for the existence of the name before attempting to join:

an example in RSAT:

if (get-computer $computername -credential $cred) {
   write-host $computername exists. removing
   remove-adcomputer $computername -credential $cred -confirm:$false
 }


#now use your code to rename and join
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 664 total points
ID: 39943645
Why not use just 1?  if the account exists, it will use it then rename.  If the account doesn't exist it joins with existing name then renames it.

I see no logic to using 3.
0
 

Author Comment

by:garryshape
ID: 39944394
Sorry , I will try it with just 1 next time tomorrow and report back.
0
 

Author Comment

by:garryshape
ID: 39945505
1 doesn't appear to work.
It stays in the work group.

I have to delete the computer from Active Directory first then the script will work
0
 

Author Closing Comment

by:garryshape
ID: 39976078
Thanks for the input, the issue appears to be with our AD servers and an admin is looking into. Scripts solutions work.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question