Join a computer to domain

skysel · December 22, 2010

Hi, I've searched the forums for script which could join a client computer to a domain, with specifying admin user/pass with permissions to join.

(you know the drill, computer->properties->computer name->Change (there you enter the domain, and username + password which allows computer to be joined)

I've checked the ADFunctions, however those work on AD directly (to my knowledge) and not on client computers.

I'm just curious, if anyone has a script made for this occasion and if so, mind sharing it?

thanks in advance!

rudi · December 22, 2010

Hi

NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /JOINDOMAIN

Regards, Rudi.

Juvigy · December 22, 2010

Keep in mind that NETDOM.EXE should be downloaded as it is not included in most windows releases.

rudi · December 22, 2010

Hi.

Keep in mind that NETDOM.EXE should be downloaded as it is not included in most windows releases.

I dropped that, as it's really not too hard to find that information

Regards, Rudi.

skysel · December 22, 2010

I was actually hoping for AutoIt powered script, without the need for 3rd party programs :-)

Here is an old topic of mine with same question but no resolution,

Edited December 22, 2010 by skysel

jazzyjeff · December 22, 2010

Have you looked at Water's AD.au3 UDF?

He did a great job with this and made it a lot easier for me to join PCs to a domain.

JLogan3o13 · December 22, 2010

Below is what I use, in VBScript. I'm sure it would be a couple minutes' work to convert to AutoIT, I've just not gotten around to it. Hope it gets you on the path you'd like.

Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "mydomain.com"
strPassword = "mypassword"
strUser = "myusername"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)

skysel · December 22, 2010

Below is what I use, in VBScript. I'm sure it would be a couple minutes' work to convert to AutoIT, I've just not gotten around to it. Hope it gets you on the path you'd like.

Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "mydomain.com"
strPassword = "mypassword"
strUser = "myusername"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)

@Jlogan3o13, This was the code I've been playing around with in the link I posted few hours ago. Never got it to work properly.

@JazzyJeff, mind sharing the script that you made (I have the AD UDF)?

Edited December 22, 2010 by skysel

water · December 22, 2010

Joining a computer with the AD UDF is quite easy

Please have a look at the example script for _AD_JoinDomain.

skysel · December 22, 2010

Joining a computer with the AD UDF is quite easy
Please have a look at the example script for _AD_JoinDomain.

I would like the script to join the domain by specifying ONLY the user/pass + computer name (since code would be integrated in an existing 'deployment' script). We move computers manualy to rightful OU's, so the script just needs to join/create computer to a domain without specified OU.

And yes, I have found an example of your script, tested it but even with specified OU's it won't work (I'm guessing I would have to specify domain admin user / pass):

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Joins a computer to the domain - the computer account has to be created
; in advance using _AD_CreateComputer.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>

; Open Connection to the Active Directory
_AD_Open()

Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script joins a computer to the domain." & @CRLF & @CRLF & _
        "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit

; Enter the computer to join
#region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Active Directory Functions - Example 1", 714, 156)
GUICtrlCreateLabel("Computer to join (NetBIOSName):", 8, 10, 231, 17)
Global $IComputer = GUICtrlCreateInput("", 241, 8, 459, 21)
Global $BOK = GUICtrlCreateButton("Join Computer", 8, 114, 121, 33)
Global $BCancel = GUICtrlCreateButton("Cancel", 628, 114, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###

While 1
    Global $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE, $BCancel
            Exit
        Case $BOK
            Global $sComputer = GUICtrlRead($IComputer)
            ExitLoop
    EndSwitch
WEnd

; Join the computer to the domain
Global $iValue = _AD_JoinDomain($sComputer)
If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Computer '" & $sComputer & "' successfully joined. Please reboot the computer")
ElseIf @error = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Computer account for '" & $sComputer & "' does not exist in the domain")
ElseIf @error = 3 Then
    MsgBox(64, "Active Directory Functions - Example 1", "WMI object could not be created. @extended=" & @extended)
ElseIf @error = 4 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Computer '" & $sComputer & "' is already a member of the domain")
ElseIf @error = 5 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Joining computer '" & $sComputer & "' to the domain was not successful. @extended=" & @extended)
Else
    MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

; Close Connection to the Active Directory
_AD_Close()

jazzyjeff · December 22, 2010

#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <GUIListBox.au3>
#include <GUIListView.au3>
#include <WindowsConstants.au3>
#include <AD.au3>
#include <Array.au3>
#include <ScrollBarConstants.au3>

; Add Computer Description
$CompDesc = InputBox("Computer Description", "Enter: Lastname, Firstname", "")
RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters", "srvcomment", "REG_SZ", $CompDesc)

;Create connection to AD
_AD_Open("Username", "Password", "DC=Company,DC=net", "server.Company.net", "CN=Configuration,DC=Company,DC=net")

;Choose domain OU
    Global $adOU = _AD_GetAllOUs("OU=Company Workstations,DC=Company,DC=net","")
    For $iCount = 1 To $adOU[0][0]
        If $iCount = 1 Then
            $sOU = $adOU[$iCount][0]
        Else
            $sOU = $sOU & "|" & $adOU[$iCount][0]
        EndIf

    Next

    #region ### START Koda GUI section ###
    $main2 = GUICreate("Active Directory", 780, 344, 150, 124)
    $ListOU = GUICtrlCreateList("", 7, 8, 768, 279, BitOR($LBS_SORT, $LBS_STANDARD, $LBS_EXTENDEDSEL, $LBS_DISABLENOSCROLL, $WS_VSCROLL, $WS_HSCROLL, $WS_BORDER))
    GUICtrlSetData($ListOU, $sOU)
    $btnCont2 = GUICtrlCreateButton("Continue", 7, 291, 768, 41, $WS_GROUP)
    GUICtrlSetFont(-1, 20, 400, 0, "Impact")
    GUISetState(@SW_SHOW)
    #endregion ### END Koda GUI section ###

    While 1
        $nMsg = GUIGetMsg()

        Switch $nMsg
            Case $GUI_EVENT_CLOSE
                Exit
            Case $btnCont2
                ; Check what OU has been selected in the listbox
                $selOU = _GUICtrlListBox_GetSelItems($ListOU)
                Global $selectedItem = $selOU[1] + 1
                ;Create computer account in AD
                Global $iComp = _AD_CreateComputer($adOU[$selectedItem][1], @ComputerName, "Username")
                If $iComp = 1 Then
                    MsgBox(64, "Successful", @ComputerName & " is in the Company Domain.", 5)
                ElseIf @error = 1 Then
                    MsgBox(64, "Fail", "The Computers OU can not be found to create Computer account in AD.")
                ElseIf @error = 2 Then
                    MsgBox(64, "Fail", @ComputerName & " already exists in the Company Domain.")
                ElseIf @error = 3 Then
                    MsgBox(64, "Fail", "The user Company\Username does not exist.")
                    ;Else
                    ;   MsgBox(64, "Active Directory Functions", "Creating Computer account - Return code '" & @error & "' from Active Directory")
                EndIf
                ;Join computer to AD account
                Global $iDom = _AD_JoinDomain(@ComputerName, "Username", "Password")
                If $iDom = 1 Then
                    MsgBox(64, "Successful", @ComputerName & " has now been joined to the Company Domain", 5)
                EndIf
                If @error = 1 Then
                    MsgBox(64, "Fail", @ComputerName & " does not exist in the Company Domain.")
                ElseIf @error = 2 Then
                    MsgBox(64, "Fail", "The user Company\Username could not be found in the Domain.")
                ElseIf @error = 3 Then
                    MsgBox(64, "Fail", "WMI Object could not be created. Return code - " & @extended)
                ElseIf @error = 4 Then
                    MsgBox(64, "Fail", @ComputerName & " is already a member of the Company Domain.")
                ElseIf @error = 5 Then
                    MsgBox(64, "Fail", @ComputerName & " was unable to join the Company Domain. Return code - " & @extended)
                EndIf
        EndSwitch
    WEnd
_AD_Close()

water · December 22, 2010

First you have to define a computer object in the AD using _AD_CreateComputer then you can join the computer to the domain using _AD_JoinDomain.

skysel · December 23, 2010

First you have to define a computer object in the AD using _AD_CreateComputer then you can join the computer to the domain using _AD_JoinDomain.

Right, seems I'm stupid enough not to fix the script to my needs.

I've modified jazzyjeff's script to my needs, it returns some datetotime error at line 4096 AD.au3.

Meanwhile, on your script I can't even create new computer in AD. According to your documentation:

; _AD_CreateComputer($sAD_OU, $sAD_Computer, $sAD_User)
; Parameters ....: $sAD_OU - OU to create the computer in. Form is "OU=sampleou,OU=sampleparent,DC=sampledomain1,DC=sampledomain2" (FQDN)
;                  $sAD_Computer - Computername, form is SamAccountName without trailing "$"
;                  $sAD_User - User or group that will be allowed to add the computer to the domain (SamAccountName)

There is only variable for user. And not for password of the user, which would be allowed to create computer in OU.

Really furstarted right now

water · December 23, 2010

I've modified jazzyjeff's script to my needs, it returns some datetotime error at line 4096 AD.au3.

In most cases this is caused by an "old" version of AutoIt. Before 3.3.6.0 function _Date_Time_SystemTimeToDateTimeStr doesn't support a second parameter.

Meanwhile, on your script I can't even create new computer in AD. According to your documentation:
; _AD_CreateComputer($sAD_OU, $sAD_Computer, $sAD_User)
; Parameters ....: $sAD_OU - OU to create the computer in. Form is "OU=sampleou,OU=sampleparent,DC=sampledomain1,DC=sampledomain2" (FQDN)
;                  $sAD_Computer - Computername, form is SamAccountName without trailing "{:content:}quot;
;                  $sAD_User - User or group that will be allowed to add the computer to the domain (SamAccountName)
There is only variable for user. And not for password of the user, which would be allowed to create computer in OU.

For _AD_CreateComputer you only need $sAD_User. This parameter specifies the AD user or group that is allowed to add the computer to the domain. No password required.

You might need the password with function _AD_JoinDomain.

Example:

_AD_CreateComputer("OU=Computers,DC=microsoft,DC=com", "PC0001", @Username)
_AD_JoinDomain("PC0001")

You create computer "PC0001" in the specified OU. The current userid is allowed to join the computer to the domain. No userid/password needed.

_AD_CreateComputer("OU=Computers,DC=microsoft,DC=com", "PC0002", "Groupxy")
_AD_JoinDomain("PC0001", "userid1", "password1") ; Example 1
_AD_JoinDomain("PC0001")                        ; Example 2

You create computer "PC0001" in the specified OU. All members of the group "Groupxy" are allowed to join the computer to the domain.

Example 1: Then PC0001 ist joined to the domain with the credentials of userid1/password1. This only works when "userid1" is a member of group "Groupxy".

Example 2: Then PC0001 ist joined to the domain with the credentials of the current user. This only works when the current user is a member of group "Groupxy".

skysel · December 24, 2010

In most cases this is caused by an "old" version of AutoIt. Before 3.3.6.0 function _Date_Time_SystemTimeToDateTimeStr doesn't support a second parameter.

For _AD_CreateComputer you only need $sAD_User. This parameter specifies the AD user or group that is allowed to add the computer to the domain. No password required.
You might need the password with function _AD_JoinDomain.

Example:
_AD_CreateComputer("OU=Computers,DC=microsoft,DC=com", "PC0001", @Username)
_AD_JoinDomain("PC0001")
You create computer "PC0001" in the specified OU. The current userid is allowed to join the computer to the domain. No userid/password needed.
_AD_CreateComputer("OU=Computers,DC=microsoft,DC=com", "PC0002", "Groupxy")
_AD_JoinDomain("PC0001", "userid1", "password1") ; Example 1
_AD_JoinDomain("PC0001")                        ; Example 2
You create computer "PC0001" in the specified OU. All members of the group "Groupxy" are allowed to join the computer to the domain.
Example 1: Then PC0001 ist joined to the domain with the credentials of userid1/password1. This only works when "userid1" is a member of group "Groupxy".
Example 2: Then PC0001 ist joined to the domain with the credentials of the current user. This only works when the current user is a member of group "Groupxy".

Ok, so I managed to get computer added to the domain. But the workstation I ran script from, didn't get added to domain.

Means, only computer account was created in AD, the workstation however wasn't configured / renamed at all to join the domain. Further help?

water · December 25, 2010

Ok, so I managed to get computer added to the domain. But the workstation I ran script from, didn't get added to domain.
Means, only computer account was created in AD, the workstation however wasn't configured / renamed at all to join the domain. Further help?

What do you mean by "configured / renamed"?

For further debugging could you please post your code?

Please insert the following lines into your code to get detailed information for debugging:

$iAD_Debug = 2
$iResult = _AD_JoinDomain("...") ; Please insert your _AD_JoinDomain statement here
msgbox(0,"","Result: " & $iResult & @CRLF & "Error: " & @error & ", Extended: " & @extended)

Starting tomorrow I'm on vacation and will be online 3rd of January again.

jazzyjeff · December 26, 2010

Does the account you are running the script from have local admin rights?

water · December 26, 2010

you have to reboot after joining a pc to the domain.

Lewis · March 5, 2011

I am sorry but i am very new to scripting and i have a question on connecting to our active directory. I found the AD.au3 and would like to use it in my ability to join a computer to our domain. I have created a script to join a computer to the domain but i prompt to ask questions as to what OU to join a computer to. I then take that response and connect them.

My issue has been that the techs sometime are not in a posistion to remember the OU they need.

I am working on the ability to query the AD Tree and build a radio list of Father/Son relationship so that our techs can just click a radio button and have the computers added to the domain. I have this working if i run my script on a computer that is logged on with a domain user but fails if the computer is not on the domain yet. I get an error : Variable must be of type "Object" - I beleive this is due to not passing user credentials to the script.

Here is my question

How do you pass an Active Domain user name and password to the _AD_Open()routine?

I am not sure about how to use $sAD_UserIdParam, $sAD_PasswordParam and $sAD_DNSDomainParam

again sorry for my beginner status

Thanks for any help

water · March 5, 2011

How do you pass an Active Domain user name and password to the _AD_Open()routine?
I am not sure about how to use $sAD_UserIdParam, $sAD_PasswordParam and $sAD_DNSDomainParam

Run _AD_Open() from a PC that is connected to the domain. Then do a ConsoleWrite of the 3 variables and then pass them to _AD_Open().

Please have a look in the _AD_Open example script and html file. You'll find a lot of useful information there.

Sign In

Join a computer to domain

Recommended Posts

skysel

rudi

Juvigy

rudi

skysel

jazzyjeff

JLogan3o13

skysel

water

skysel

jazzyjeff

water

skysel

water

skysel

water

jazzyjeff

water

Lewis

water

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta