Adding machine to Correct OU during Auto Join Domain .VBS

This is for WIndows 8.1 I can now get it to run this VBS and it adds the machine to the domain correctly, however if I remove NULL and place strOU, and place the Full AD line it does NOT work at all.... Can anyone help out? Thanks


Const WIN9X_UPGRADE = 16
strDomain = "xxxxx"
strPassword = "xxx"
strUser = "xxxx"

strOU = "OU=_General Users,OU=Computers,OU=Off-site,DC=xxx,DC=xxx,DC=xxxx,DC=xxx"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _


Again, If I remove NULL above, and place strOU it will not join the domain at all.. If I LEAVE NULL in its place its ignores the OU string and adds the domain correctly, just places it in the default OU in AD... Thank you for any help

7 Comments   [ + ] Show comments
  • I would assume that the user represented by strUser has rights to modify the OU itself? If that's the case, it might help to know what the ReturnValue is when it fails. - BHC-Austin 7 years ago
  • Thanks. Yes the User has the permissions, I don't "see" an error popup, Is the error logged somewhere on the system? TY - jgoucher12 7 years ago
  • I used the cscript command to output.log but the file just gets created and says microsoft script and no further info is displayed regarding success or failure - jgoucher12 7 years ago
  • You need to specifically output the vaule of ReturnValue to screen (usging WScript.Echo, for instance), before anythign will get written to a file. Then you should be able to just Google the error code that it returns. - BHC-Austin 7 years ago
  • If the system is on the network why does it really matter when the updates and antivirus gets applied? Unless your policies are so strict this will work fine. But again he was asking about adding the computer to the OU not about Antivirus or Windows Updates. Thats microsoft path below using a answer file. - mikesharp1 7 years ago
  • I have tried using the answer file multiple times, it never works for me. it was always giving the computer name a "generic name". It was going to the correct OU just as a generic name not the name I needed to give it. Each machine has a unique name we need to assign them... any other thoughts? - jgoucher12 7 years ago
    • See my earlier comment about how to get the result of the JoinDomainOrWorkGroup method. You're already outputting that to a variable, now you just need to see what's in that variable (ReturnValue). I usually use WScript.Echo to output it to screen when I'm debugging - BHC-Austin 7 years ago
  • True, his question IS about adding the machine account to a specific OU, but he's trying to do it via a VBScript, and I'm justg trying to help him fix his script. My apologies if my comment on your answer seemed to discount it in any way, that was certainly not my intentions.

    I know that using the answer file is MS's method, I was just providing some justification for using script vs the answer file for future readers as I'm sure there are many reasons (beyond the examples I provided) why you might want to do this outside of the answer file. - BHC-Austin 7 years ago

Answers (2)

Posted by: mikesharp1 7 years ago
2nd Degree Black Belt

Use the answer file using a syspreped image.You can use ADSI edit to find the path of the OU you want.


                <MachineObjectOU>OU=VDI,DC=oglesby,DC=local </MachineObjectOU>

  • Answer file should work, but there may be a reason the OP is using a script instead. At my company, we like to make sure our antivirus and Windows Updates have been applied before we join a system to the domain. It's also possible if his permissions are not correct that using the answer file would fail as well. - BHC-Austin 7 years ago
Posted by: adam_nerell 7 years ago
Yellow Belt

If youre deploying 8.1 then you should really stop using VB-script IMHO, both for computer renaming and domain joining.

Why? VB script is uggly (again IMHO), and hard to use (let the flaming begin :-) ). Also WSName is not supported nor developed any more.

PowerShell is the way to go, super easy, super clean and there’s an abundance of info on google for this.


Computer rename (Use K2 3.6 and tick that this requires a reboot in the post install task):


Bat file:

powershell.exe -nologo -executionpolicy bypass -noprofile -file ".\ComputerRename.ps1"


ComputerRename.ps1(I'm pulling the servicetag and put it in the computername, which I find useful, edit as you like) (Google it and you'll find infinite ideas on this, WMI is your friend):

$serial=Get-WMIObject -Class Win32_Bios | select -expand "SerialNumber"

$NewName="ws-"+ $serial

$ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem


Zip those and run the bat in a post deployment task.


Domain Join (Again, use K2 3.6 and tick that this requires a reboot in the post install task)

I use ksleep.exe to let everything settle down after the reboot. Had some issues on sites with no DC locally prior to using that, but it can surley be omitted in ideal conditions.

Bat file:

ksleep.exe 10

powershell.exe -nologo -executionpolicy bypass -noprofile -file ".\jd.ps1"


$domain = "domainname"

$password = "pwd for a user account that can add computers to domains" | ConvertTo-SecureString -asPlainText -Force

$username = "$domain\accountname

$credential = New-Object System.Management.Automation.PSCredential($username,$password)

$ouPath="OU=Computers,OU=My OU,DC=my,DC=domain"


add-computer -Credential $credential -DomainName $domain -OUPath $ouPath


Zip those and run the bat in a post deployment task.

Lastly as someone surely will point out looking at the documentation for "add-computer" actually it seems that it supports renaming and joining in one swoop. I haven't got that working in win 7 after upgrading to the latest version of the management tool, but it might work in 8/8.1 .


Also, everything in this post is stolen from others, so any credit is to everyone else... :-)



This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ