#85506 - 2002-04-10 02:36 PM
How to join a computer in a domain via Scripts
|
Joerg
Fresh Scripter
Registered: 2002-03-12
Posts: 7
Loc: Burgdorf, Switzerland
|
Hi folks,
Does someone has experience, how to join a computer in to a ADS Domain by a kix script? At the moment we are using the commandline utility NETDOM to join computers to the domain.
It's easy to create a new computer object in ADS by kix script, but, how can I join the physical machine to that object? If someone has already done this, please let me know. Thanks.
Cheers,
Joerg
|
|
Top
|
|
|
|
|
#85507 - 2002-04-11 10:17 AM
Re: How to join a computer in a domain via Scripts
|
Roga
Lurker
Registered: 2002-04-11
Posts: 1
Loc: Nantes,FR
|
Netdom v1.8 is running well under NT4 Workstation to join a NT 4 Domain.
But if you need to join a Win2K Worsktation in an AD Domain you must use Netdom v5.00 give with the media of Win2K, and the command line is :
Netdom join @WKSTA /d:$Domain /ou:$Context /ud:$Domaine\$User /pd:$Password,
where $Domain is the AD that you want to request, $Context, is the Unit Orgnaization where to put your workstation object and $User is a user with enough right to create a computer account in the domain (equivalent to Accounts Operators for example).
This command must be run in a session open with an account equivalent to local administrator, in the other way you must specify the account, adding to the line, the options : /uo:@Wksta\Administrator /po:$Password
Rmq : to join WinXP Workstation use Netdom v5.1 that you can find on the WinXP media (Support tools)
Other informations, in Microsoft articles : Q222525 and Q266651
[ 11 April 2002, 10:18: Message edited by: Roga ]
|
|
Top
|
|
|
|
|
#85508 - 2002-04-12 02:35 PM
Re: How to join a computer in a domain via Scripts
|
Joerg
Fresh Scripter
Registered: 2002-03-12
Posts: 7
Loc: Burgdorf, Switzerland
|
Hi Roga
Thanks for response. We currently use NETDOM to join Computers to a domain. However, have you ever seen a function to do this straight in a kix script instead of using the shell.
Cheers, Jörg
|
|
Top
|
|
|
|
|
#85509 - 2002-04-12 02:53 PM
Re: How to join a computer in a domain via Scripts
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Joerg,
Here`s a link to a VB script that does this. I would have taken a stab at converting it for you but I dont have an environment to test it in. I get the feeling that you have good COM knowledge so give it a shot and advise of any problems. It would make for a most interesting script so if you get it to work, please post it for all to see.
Automating the Creation of Computer Accounts (Q222525)
Luck.
-Shawn
[ 12 April 2002, 14:54: Message edited by: Shawn ]
|
|
Top
|
|
|
|
|
#85510 - 2002-04-26 11:56 AM
Re: How to join a computer in a domain via Scripts
|
Joerg
Fresh Scripter
Registered: 2002-03-12
Posts: 7
Loc: Burgdorf, Switzerland
|
Hi Shawn
Thanks for your respone. Was in vacation for two weeks (had to recover my mind ;-)) and work now on the same problem again. In the meantime I have tested the Microsoft Solution in VBS, and the scripts works so far, as long as the machine has been joined to the domain already. My biggest problem at the moment is, how to access ADSI object via LDAP as long as the machine is NOT joined to the domain. For example: the command code:
$RootDSW = GetObject("LDAP://RootDSE")
works only, when the machine already belongs to the domain. Otherwise the script will fail. Anyway, I have to find a solution and will update the group with news on that problem.
Cheers,
Jörg
|
|
Top
|
|
|
|
|
#85512 - 2002-05-04 12:34 AM
Re: How to join a computer in a domain via Scripts
|
Joerg
Fresh Scripter
Registered: 2002-03-12
Posts: 7
Loc: Burgdorf, Switzerland
|
Finaly, I have found a solution, to access the ADS on a computer which does not belong to a domain already. The problem was, that a command like $MyOU = GetObject( "LDAP://.... ) will use the login credential from the current user signed on. As long the computer not belong to a domain the command above cannot be used. To solve that problem, it is necessary to provide the valid account and the domain controller. The script below show how to add a new computer to ADS when the computer, where the script is running, not yet belong to a domain.
code:
; Set the login credential
$sUser = "Administrator"
$sPassword = "password"
; Set the domain controler and the proper context
$sDomain = "domaincontroller"
$sContainer = "OU=Clients"
; Connect to ADS with the provided login credential
$oProvider = GetObject("LDAP:")
$rootDSE = $oProvider.OpenDSObject("LDAP://" + $sDomain + "/RootDSE", $sUser, $sPassword, 1)
; Collect the proper path, and get the OU where the machine should be created
$sPath = "LDAP://" + $sDomain + "/" + $sContainer + ","
$sPath = $sPath + $rootDSE.Get("defaultNamingContext")
$MyOU = $oProvider.OpenDSObject($sPath, $sUser, $sPassword, 1)
IF NOT $MyOU = 0
$MachineObj = $MyOU.Create("computer", "CN=NewPC")
IF NOT $MachineObj = 0
; Set mandatory properties and save object
$MachineObj.samAccountName = "NewPC"
$MachineObj.SetInfo
; Activate the computer account
$MachineObj.AccountDisabled = False
$MachineObj.SetInfo
? @ERROR
?
? @SERROR
ELSE
? @ERROR
?
? @SERROR
ENDIF
ELSE
? @ERROR
?
? @SERROR
ENDIF
I still have a problem when I would like to access ADS through an ADO provider when the machine not yet belong to a domain. If someone has an idea how to provide the domaincontroller information, please let me know. Thanks
Cheers,
Joerg
|
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 483 anonymous users online.
|
|
|
