Improve company productivity with a Business Account.Sign Up

x
?
Solved

Rename and Join Domain script - problem when name exist in AD

Posted on 2014-03-19
7
Medium Priority
?
2,340 Views
Last Modified: 2014-04-03
This is a script I am using after imaging a thin client laptop.
What it does is join the domain, then rename the laptop while joined to the domain according to our naming convention, resulting in the Domain-Joining and Computer-Naming step needing only 1 reboot.

The problem is, if the computer name already exist in AD, it will only rename the computer and it will not join the domain.

I've pieced together this script with the help of others (judicious imitation), however, I feel the part where I need it to join the domain even if the computer already exists requires more advanced knowledge of WMI/win32 with respect to PowerShell and AD.


#Name computer based on naming convention and SMBIOSAssetTag, then Join the Domain, Then Reboot

$comp=gwmi win32_computersystem -Authentication 6
#Prompts you to enter in domain credentials to add
$cred=get-credential
#WMI Query to set new computer name
gwmi Win32_SystemEnclosure | % { $newname = "CITY-" + $_.SMBIOSAssetTag }
$domain="domain.com"
#Join The Domain
$comp.JoinDomainOrWorkGroup($domain,$cred.getnetworkcredential().password,$cred.username,$null,3)
#Rename domain-joined Computer
$comp.rename($newname,$cred.getnetworkcredential().password,$cred.username)
Restart-Computer

Open in new window


This is the part I believe needs to be adjusted:
$comp.JoinDomainOrWorkGroup($domain,$cred.getnetworkcredential().password,$cred.username,$null,3)

Open in new window


The $null part is the OU, I believe, and the 3 part is a code.
The reference for that is here: http://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx
I believe "3" is the sum of "1" and "2":
1 being "Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup."
2 being "Creates an account on a domain."

What I don't see here are any flags/bits that would let me delete the computer in AD before joining, or joining the system using the same name.

I tried 32 and 35 instead of 3 but that doesn't work.
0
Comment
Question by:garryshape
  • 4
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
BT15 earned 1336 total points
ID: 39943109
http://msdn.microsoft.com/en-us/library/aa392154(v=vs.85).aspx

you might try using4 instead:

$comp.JoinDomainOrWorkGroup($domain,$cred.getnetworkcredential().password,$cred.username,$null,4) 

Open in new window


unless you have already tried this, you might want to rename the computer prior to joining the domain.
0
 

Author Comment

by:garryshape
ID: 39943309
Ok I will try. I wasn't certain on the wording of that.
So 4 means it deletes the object from AD before creating the object right?
0
 
LVL 7

Assisted Solution

by:BT15
BT15 earned 1336 total points
ID: 39943341
not really sure. the wording confused me also.

I'll admit, using this method for joining machines to the domain is a little foreign to me.

if you had either the RSAT tools from Microsoft or the Quest AD tools installed on your image, I would suggest using the commandlets there to check for the existence of the name before attempting to join:

an example in RSAT:

if (get-computer $computername -credential $cred) {
   write-host $computername exists. removing
   remove-adcomputer $computername -credential $cred -confirm:$false
 }


#now use your code to rename and join
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 664 total points
ID: 39943645
Why not use just 1?  if the account exists, it will use it then rename.  If the account doesn't exist it joins with existing name then renames it.

I see no logic to using 3.
0
 

Author Comment

by:garryshape
ID: 39944394
Sorry , I will try it with just 1 next time tomorrow and report back.
0
 

Author Comment

by:garryshape
ID: 39945505
1 doesn't appear to work.
It stays in the work group.

I have to delete the computer from Active Directory first then the script will work
0
 

Author Closing Comment

by:garryshape
ID: 39976078
Thanks for the input, the issue appears to be with our AD servers and an admin is looking into. Scripts solutions work.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway.  Forget that we don't back up the desktops - only the servers.  Well, let's sneak their data on…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question