Announcement

Collapse
No announcement yet.

Adding machines to domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding machines to domain

    I need a script that I can run from a workgroup PC. I'll call the script from a file share and pass in a new computer name and an OU where the computer account should be created.

    The script should check if the computer name already exists in the domain and delete it (or reset it). Then it should change the computer name and join the domain (or join, then change if necessary).

    This is what I've got so far (%1 = new computer name, %2 = DN of the OU):

    Code:
    DSQUERY computer -u administrator -p * -uco -name %1 | DSRM -uci -noprompt
    
    NETDOM RENAMECOMPUTER %computerName% /NewName:%1 /UserD:administrator /PasswordD:* /force
    
    NETDOM JOIN %1 /domain:contoso.com /OU:%2 /UserD:administrator /PasswordD:*
    Dsquery doesn't work though. It doesn't prompt me for a password and then says the domain is not available. I think the rest of the script works, assuming the computer name doesn't already exist on the network. So how can I ensure the computer name isn't on the network (besides using the GUI)?

    Thanks.

  • #2
    Re: Adding machines to domain

    If you pipe a command it won't show the prompt for the password. If I recall, the cursor will pause and wait for input. The issue here is that the piped information has already been attempted and will fail. You can do a simple test by doing the following...

    Code:
    dsquery computer -u administrator -p * -name %computername% | echo %computername%
    The prompt never appears, and the cursor pauses waiting for input. The echo appears before entering the password.
    You might be able to use -u -p on both dsquery and dsrm to keep this from happening or...

    Try this instead...
    Code:
    for /f %i in ('dsquery computer -name %computername% -u administrator -p *') do @dsrm -subtree -noprompt %i
    By changing the DO operation you can keep it from attempting to remove a computer that doesn't already exist within the domain.
    You may need to use -u -p for dsrm as well. I didn't test it but since you've already authenticated to dsquery it might work without logging in again.
    Last edited by ahinson; 31st March 2009, 16:54.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Adding machines to domain

      Thanks for the reply, you're correct about the behavior. I'm confused (I'm terrible with FOR commands ).

      I'm not sure how FOR helps. The problem (as I understand it), is that I'm unable to DSQUERY if the computer isn't a member of the domain but I can't join a computer to the domain if the computer name is already present in the domain.

      I've found that if I change the order of the script tasks and add the machine to the domain first (with a temporary name), the DSQUERY command still doesn't work.

      Comment


      • #4
        Re: Adding machines to domain

        The behavior is more like ForEach...

        ForEach item returned from dsquery (meaning it exists) run dsrm on the value (FQN) stored in the variable %i. Since it's restricted to [-name %computername%] it should only return a value in %i if the local computername is found in AD.

        Basically, dsrm won't run unless it's a domain member.

        I went back and re-read your original post and realized that you don't need to remove the computer to rename it. Netdom actually won't work unless it's a domain member.

        Probably need to do the following...(pseduo code)
        Code:
        CheckDomainMembership;
        
        If (CheckDomainMembership==True)
          Rename;
        else
        {
          AddToDomain;
          Rename;
        };
        Netdom:
        Renames a domain computer and its corresponding domain account. Use this command to rename domain workstations and member servers only.
        http://technet.microsoft.com/en-us/l.../cc788029.aspx

        Code:
        netdom renamecomputer %computername% /newname:%1 /ud:%2 /pd:* /force
        Last edited by ahinson; 31st March 2009, 19:52.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Adding machines to domain

          Right, so I changed the script to

          Code:
          netdom join...
          dsquery | dsrm...
          netdom renamecomputer...
          Netdom join succeeds but I'm still seeing the behavior where dsquery fails.

          In case it's helpful, the reason I'm running this script the way I am is that we regularly take machines off the floor and re-image them. After the re-image, the computer name is something generic like "image1" so I need to rename it to accounting1 or sales1 (if the machine is going to the accounting or sales departments).

          Usually, the computer name already exists because noone took the PC off the domain or deleted the machine account from ADUC and that's why removing the given computer name (%1 from my first post) is so important. If there's another way to add the freshly imaged PC to the domain with the same name as an existing machine account, that'd be fine with me.
          Last edited by mhashemi; 31st March 2009, 20:04. Reason: added stuff.

          Comment


          • #6
            Re: Adding machines to domain

            Make sure I follow...

            1. You need to remove an orphaned computer account first?
            2. Add the generic computer account (used in the image).
            3. Then rename it to what was the orphaned computer account? Right?

            Do you know the previously used computer name?
            Last edited by ahinson; 31st March 2009, 20:42.
            Andrew

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Adding machines to domain

              No, that doesn't work. As a test, here's what I did:

              1. From the GUI (local machine), change the computer name to test1
              2. Restart
              3. From the GUI (local machine), add to domain
              4. Restart
              5. From the GUI (local machine), change the computer name to test2 and add to workgroup
              6. Restart
              6a. At this point, there is a computer account the domain called test1 but no physical machine associated with it
              7. Open command prompt
              8. Run netdom join test2 /domain... /ou... /userd... /passwordd...
              9. Success: the machine is now a member of the domain with the name test2
              10. netdom renamecomputer test2 /newname:test1 /userd... /passwordd... /force
              11. Error: The account already exists. The command failed to complete successfully.
              12. Now ADUC shows accounts for test1 and test2 even though there is only one PC.

              What am I missing?

              Comment


              • #8
                Re: Adding machines to domain

                Originally posted by ahinson View Post
                Make sure I follow...

                1. You need to remove an orphaned computer account first?
                2. Add the generic computer account (used in the image).
                3. Then rename it to what was the orphaned computer account? Right?

                Do you know the previously used computer name?
                Sorry, I posted then saw your edit.

                Yes, those steps describe what I'm trying to do. Maybe there is an easier way to connect a reimaged machine to its orphaned computer account.

                I gave an example earlier (accounting1 and sales1) but what I should have done was just say that we use the machines' service tag as the computer name. So when I log in as the local admin and call the script, I type the service tag and pass it in as %1.

                Comment


                • #9
                  Re: Adding machines to domain

                  This is totally doable. If I had the time I'd write it for you but I don't. Keep plugging away and you'll figure it out.
                  Too often we give answers in this forum and the person gets a script they don't understand and off they run. I think it's best if you (or anyone else for that matter) figure it out on your own with some guidance rather than me or someone else do it. That's how I learned, examples, and trying it over and over until I got it.

                  That's not to say that's what you're expecting, just me venting.
                  Last edited by ahinson; 2nd April 2009, 03:04.
                  Andrew

                  ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                  Comment


                  • #10
                    Re: Adding machines to domain

                    This is totally not working the way I want.

                    I've got the machines joining the domain via sysprep with some random name.

                    The problem is that I can change a PC name (locally) to the name of a computer object in AD if I use the GUI, but not the command line.

                    Any thoughts?

                    Comment


                    • #11
                      Re: Adding machines to domain

                      Symantec Ghost Console can do all what you want without the need for any scripts. At the same time it can also reimage your PCs from an image prepared earlier.
                      1 1 was a racehorse.
                      2 2 was 1 2.
                      1 1 1 1 race 1 day,
                      2 2 1 1 2

                      Comment


                      • #12
                        Re: Adding machines to domain

                        But you're assuming we use ghost (we do not currently use ghost).

                        Comment


                        • #13
                          Re: Adding machines to domain

                          Originally posted by mhashemi View Post
                          But you're assuming we use ghost (we do not currently use ghost).
                          Not at all. Just stating that there is a program that will do all that you are wanting to do.
                          1 1 was a racehorse.
                          2 2 was 1 2.
                          1 1 1 1 race 1 day,
                          2 2 1 1 2

                          Comment

                          Working...
                          X