/build/static/layout/Breadcrumb_cap_w.png
03/21/2019 350 views

In our environment all computers are named the service tag (bios serial number). I have a post install powershell that renames computer to bios with wmic command and joins the domain. The issue is if the name exists on the domain it will fail. Our helpdesk can remove computers from the domain but if they forget it causes post task to error (computer object name exists already). So I modified the powershell to 

1. Join Domain

2. Remove computer from domain that matches serial number

3. Rename computer to serial number


It all worked until I realized I was testing the script on a machine with RSAT tools which provides the AD module for powershell. A newly imaged machine doesn't have this ability.. and our security disables winrm so I cannot use ps remoting either.


Is there any method to use AD module during post image for these types of tasks? If not possible what kind of scripts can do similar things? I also want the imaged computer to be added to a AD group that enables bitlocker (we only want this on new machines now for testing).


What is best practice for this? Is it possible to perform similar functions with CMD? I think netdom is not supported on Win10 right? I am trying to automate for of our tasks to reduce errors and time. Any suggestions? Thanks!

0 Comments   [ + ] Show comments

Comments



Community Chosen Answer

2

The user you are joining the domain with probably needs more rights. We are a college and reimage classrooms all the time.  We do not remove machines from AD because the new machines would have to be added to our security and printer groups.  Also if the name existed already in the containers where we wanted  them the join would use that name vs creating one in the default container and we would have to have to move it.  When we get new machines we sometimes have to reset that object in AD.   

When that happened here it was the user we used to join the machines to the domain

The AD crew may need to allow that user to modify existing objects, delete existing object as well as create.

We use a simple VBS script and the machines join without a problem in the container we expect

Const JOIN_DOMAIN             = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144


strDomain = "tmccadmn.tmcc.edu"

WScript.StdOut.Write("Enter Authorized User ")
WScript.StdIn.Read(0)
strUser = WScript.StdIn.ReadLine()

Set ScriptPW = CreateObject("ScriptPW.Password")

WScript.StdOut.Write("Enter password ")
strPassword = ScriptPW.GetPassword()
WScript.StdOut.WriteLine ""


Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & _
"\root\cimv2:Win32_ComputerSystem.Name='" _
& strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _
NULL, _
JOIN_DOMAIN+ACCT_CREATE)

Answered 03/21/2019 by: SMal.tmcc
Red Belt

All Answers

0

You might be facing the issue described here:

https://support.quest.com/kace-systems-deployment-appliance/kb/155655/k2000-join-domain-powershell-script-for-when-machine-record-already-exists


In regards Bitlocker, a separate PowerShell Script as Post Install task should do it.

Answered 03/22/2019 by: Channeler
Red Belt