Jump to content
Sign in to follow this  
B0r1s

Active Directory AD UDF _AD_JoinDomain not working

Recommended Posts

B0r1s

Hi,

I'm working on a script using the Active Directory UDF

I have trouble joining a computer to the domain. The script ends saying "WMI Object could not be created. @extended=0"

I use the exact code contained in _AD_JoinDomain.au3 exemple (in fact I compile the code without changing anything, except for credentials in _AD_open())

I have no clue what is not working.

More info :

  • I launch the script as a local admin (the machine is not yet part of the domain)
  • the computer account exists in AD
Feel free to ask for more info.

Thanks

Share this post


Link to post
Share on other sites
water

Could you please insert $iAD_Debug = 2 after line

#include <AD.au3>
and post the result?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
B0r1s

Thanks for answering.

My code (sorry I forgot to post it, but as you can see, I changed only the _AD_Open() parameters

I use autoit 3.3.8.1

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Joins a computer to the domain - the computer account has to be created
; in advance using _AD_CreateComputer.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
$iAD_Debug = 2


Global $DC_FQDN="AD.mydomain.com"
Global $sAD_DNSDomainParam="DC=AD,DC=mydomain,dc=com"
Global $domain="mydomain.com"
Global $domain_name="mydomain"
Global $domain_user="administrateur"
Global $domain_password="password"

; Open Connection to the Active Directory
_AD_Open($domain_name&""&$domain_user,$domain_password,$sAD_DNSDomainParam,$DC_FQDN,$sAD_DNSDomainParam)
;~ _AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script joins a computer to the domain." & @CRLF & @CRLF & _
  "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit
; Enter the computer to join
#region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Active Directory Functions - Example 1", 714, 156)
GUICtrlCreateLabel("Computer to join (NetBIOSName):", 8, 10, 231, 17)
Global $IComputer = GUICtrlCreateInput("", 241, 8, 459, 21)
Global $BOK = GUICtrlCreateButton("Join Computer", 8, 114, 121, 33)
Global $BCancel = GUICtrlCreateButton("Cancel", 628, 114, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
Global $nMsg = GUIGetMsg()
Switch $nMsg
  Case $GUI_EVENT_CLOSE, $BCancel
   Exit
  Case $BOK
   Global $sComputer = GUICtrlRead($IComputer)
   ExitLoop
EndSwitch
WEnd
; Join the computer to the domain
Global $iValue = _AD_JoinDomain($sComputer)
If $iValue = 1 Then
MsgBox(64, "Active Directory Functions - Example 1", "Computer '" & $sComputer & "' successfully joined. Please reboot the computer")
ElseIf @error = 1 Then
MsgBox(64, "Active Directory Functions - Example 1", "Computer account for '" & $sComputer & "' does not exist in the domain")
ElseIf @error = 3 Then
MsgBox(64, "Active Directory Functions - Example 1", "WMI object could not be created. @extended=" & @extended)
ElseIf @error = 4 Then
MsgBox(64, "Active Directory Functions - Example 1", "Computer '" & $sComputer & "' is already a member of the domain")
ElseIf @error = 5 Then
MsgBox(64, "Active Directory Functions - Example 1", "Joining computer '" & $sComputer & "' to the domain was not successful. @extended=" & @extended)
Else
MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf
; Close Connection to the Active Directory
_AD_Close()

The debug result is in the screenshot (first time user on this forum, I hope I'm not going to screw it up)

Edit : I realize my UI is in french. Windescription = Accès refusé means access denied

post-70913-0-91003200-1331733218_thumb.p

Edited by B0r1s

Share this post


Link to post
Share on other sites
water

But you still get the message "WMI object could not be created"?

If yes then the problem seems not to be AD related but caused by WMI.

How do you enter the name of the computer? Can you give an example?

Is the computer account defined with the same name?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

According to MSDN the error you see can be caused by missing permissions:

Error: 0x80070005 – E_ACCESS_DENIED Access denied by DCOM security.

Possible Issues: The user does not have remote access to the computer through DCOM. Typically, DCOM errors occur when connecting to a remote computer with a different operating system version.

Solution: Give the user Remote Launch and Remote Activation permissions in dcomcnfg. Right-click My Computer-> Properties Under COM Security, click "Edit Limits" for both sections. Give the user you want remote access, remote launch, and remote activation. Then go to DCOM Config, find "Windows Management Instrumentation", and give the user you want Remote Launch and Remote Activation. For more information, see Connecting Between Different Operating Systems

Do you run the script on the computer you want to join or from a different computer?

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
BrewManNH

Does this computer already have a different name than what you're trying to use when you're adding it? If so, the process will fail because AD will see that there's already a computer defined with that name in the AD and won't allow you to change the one you're on to change it to an already existing name. Just a thought.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
B0r1s

But you still get the message "WMI object could not be created"?

Yes

If yes then the problem seems not to be AD related but caused by WMI.

Indeed : )

I run the script as a local administrator. I have verified that I have the right to use WMI (Computer Managemement/ Service and Application/WMI Control / Properties / Security / Security)

How do you enter the name of the computer? Can you give an example?

Is the computer account defined with the same name?

The dialog box asks for the name of the computer. I enter "testdeploy" (with or without caps, no quotes) and click on Join Computer.

Share this post


Link to post
Share on other sites
water

@BrewManNH

I think it's WMI related because the first thing the script tries to do is connect to WMI. There the error pops up.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

Is "testdeploy" the name of the computer (NetBios name) you are running the script on?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
B0r1s

Does this computer already have a different name than what you're trying to use when you're adding it?

Yes. My computer has an autogenerated name. I try to join it to the domain with another (more user friendly) name.

If so, the process will fail because AD will see that there's already a computer defined with that name in the AD and won't allow you to change the one you're on to change it to an already existing name. Just a thought.

I don't think so. The AD UDF doc specifies that the computer account should be created beforehand in AD using _AD_CreateComputer()

Note : If I try to join the computer and I keep the same name, the error is not the same (we might be on something !!) : )

Screenshot :post-70913-0-81311400-1331736877_thumb.p

Share this post


Link to post
Share on other sites
B0r1s

Is "testdeploy" the name of the computer (NetBios name) you are running the script on?

No (see previous post).

Share this post


Link to post
Share on other sites
water

You have to use the NetBios name of a computer (run "net user" in a DOS windows and you will get the name like C0001).

You can't join computer C0001 as "testmachine" to make the name more "user friendly".

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
B0r1s

I am currently running some tests. I'll get back to you. Thanks for your help.

Share this post


Link to post
Share on other sites
B0r1s

So here we are : I try to join the domain under the real name of the computer and I have "Joining computer "testdeploy" was not successful @extended=2202

Communicating with AD is ok, as I create the computer account using _AD_CreateComputer()

Share this post


Link to post
Share on other sites
BrewManNH

Create the computer name using the computer's current name, join it to the domain with the current name, reboot, rename the computer to the name you want it to be, and see if that works.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
water

2202 means: "The specified username is invalid" according to MSDN.

When you create the account using _AD_CreateComputer you specify as parameter 3 the "User or group that will be allowed to add the computer to the domain (SamAccountName)".

Only the specified user or the members of the specified group can join a computer to the domain.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

Create the computer name using the computer's current name, join it to the domain with the current name, reboot, rename the computer to the name you want it to be, and see if that works.

Hi BrewManNH,

it's a bit more complex than that. You have to use the RIGHT computer name, the RIGHT computer account, the RIGHT user or group name.

That's where the most issues arise.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
B0r1s

2202 means: "The specified username is invalid" according to MSDN.

When you create the account using _AD_CreateComputer you specify as parameter 3 the "User or group that will be allowed to add the computer to the domain (SamAccountName)".

Only the specified user or the members of the specified group can join a computer to the domain.

Ok, I did not understand that. Thank you.

I hadn't specified the credentials at first, as they are the same as _AD_Open(), but it seems to solve the problem.

Important note : strangely enough, _AD_Joindomain only worked when I specified the credentials without the "domain" part (i;e administrateur instead of domainadministrateur).

I'm almost good to go. I now have a new question, but I'm starting another thread.

Thanks a lot for the quick help (and awesome UDF)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×