how to use powershell and WMI to join domain ?

rated by 0 users
This post has 12 Replies | 3 Followers

Top 500 Contributor
Posts 10
paulzhao Posted: 11-03-2011 9:55 PM

I using follow script to join domain , it's failed, can anybody help me? thanks very much!

(Get-WmiObject -NameSpace "Root\Cimv2" -Class "Wind32_ComputerSystem").JoinDomainOrWorkgroup("DomainName","AdminPassword","domain\Administrator",null,1)

 

 

Top 500 Contributor
Posts 7
Microsoft MVP

**Not tested**

You have a typo, which may just be an error, I also suspect that you need to use $null:

(Get-WmiObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("DomainName","AdminPassword","domain\Administrator",$null,1)

Top 500 Contributor
Posts 10

thanks marco, but It not works, return code 1332.

Top 25 Contributor
Posts 296
Microsoft MVP
Top Contributor

Hi

I think you probably have a few issues

1) Did you use "run as administrator" when you started PowerShell?  if you didn't the script will fail

2) Does the account you used have permissions to join machines to the domain and did you get the password right?

3) Your code needs to look like this

$computer="."

$cred = Get-Credential -Credential Administrator

$domcred = Get-Credential
$domain = $domcred.GetNetworkCredential().Domain
$user = $domcred.UserName
$password = $domcred.GetNetworkCredential().Password

$comp = Get-WmiObject Win32_ComputerSystem -ComputerName $computer -Credential $cred -Authentication 6
$ret = $comp.JoinDomainOrWorkgroup($domain, $password, $user, $null, 3)

 

The really important part is that you have to use -Authentication 6 (packet privacy) this ensures that the data sent to the domain is encrypted. The script will fail without this.

I have tested this and it worked

Top 25 Contributor
Posts 296
Microsoft MVP
Top Contributor

Should have added this.  I have covered authentication levels and other related WMI issues in this post

http://msmvps.com/blogs/richardsiddaway/archive/2011/08/04/authentication-impersonation-and-privileges.aspx

For a much more detailed view on using WMI look at PowerShell and WMI

www.manning.com/siddaway2

Top 500 Contributor
Posts 10

Thank you very much, I modify my script as below,it's works fine.

(Get-WMIObject -NameSpace "Root\Cimv2" -Class "Win32_ComputerSystem").JoinDomainOrWorkgroup("DomainName","AdminPassword","Domain\Admin",$null,3)

I change the last parameter to 3 from 1, but I don't know what's mean of this number? I cannot find in technet. Could you help me ? thanks very much!

Top 500 Contributor
Posts 7
Microsoft MVP

http://msdn.microsoft.com/en-us/library/windows/desktop/aa392154%28v=vs.85%29.aspx

That last field is the FJoinOptions.  When you use a "3", you're actually using the settings for "1" + "2".

Top 25 Contributor
Posts 296
Microsoft MVP
Top Contributor

The 3 is broken down as 2+1

1 means join domain

2 means create an account

I put them both in to be totally explicit about what I'm doing.

Top 500 Contributor
Posts 10

got it, and thank you very very much!!!!

Top 25 Contributor
Posts 296
Microsoft MVP
Top Contributor

You are very welcome

Top 100 Contributor
Posts 36

Hi,

How can I join the machine to the domain But by using a domain user (Called: "MainUser" and belong to the Domain Admins group in Active Directory)?

Please, let me know which changes should I make in the following script to do that:

$computer="."

$cred = Get-Credential -Credential Administrator

$domcred = Get-Credential
$domain = $domcred.GetNetworkCredential().Domain
$user = $domcred.UserName
$password = $domcred.GetNetworkCredential().Password

$comp = Get-WmiObject Win32_ComputerSystem -ComputerName $computer -Credential $cred -Authentication 6
$ret = $comp.JoinDomainOrWorkgroup($domain, $password, $user, $null, 3)

By the way, Can you please explain to me what is the $null and 3 (In bold, above)?

 

Regards,

Bader

Top 500 Contributor
Posts 10

hi bader,

 

for the JoinDomainOrWorkgroup parameter you can check follow link

http://msdn.microsoft.com/en-us/library/windows/desktop/aa392154%28v=vs.85%29.aspx

$null means null in powershell, and 3 means 1 + 2 .

Parameters

Name [in]

Specifies the domain or workgroup to join. Cannot be NULL.

Password [in]

If the UserName parameter specifies an account name, the Password parameter must point to the password to use when connecting to the domain controller. Otherwise, this parameter must be NULL.

UserName [in]

Pointer to a constant null-terminated character string that specifies the account name to use when connecting to the domain controller. Must specify a domain NetBIOS name and user account, for example, Domain\user. If this parameter is NULL, the caller information is used.

You can also use the user principal name (UPPED) in the form user@domain.

Windows 2000, Windows NT 4.0, and Windows Me/98/95:  You cannot specify UserName in UPPED format.
AccountOU [in, optional]

Specifies the pointer to a constant null-terminated character string that contains the RFC 1779 format name of the organizational unit (OU) for the computer account. If you specify this parameter, the string must contain a full path, otherwise Accent must be NULL.

Example: "OU=testOU, DC=domain, DC=Domain, DC=com"

FJoinOptions [in]

Set of bit flags that define the join options.

ValueMeaning
1 (0x1)

Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup.

2 (0x2)

Creates an account on a domain.

4 (0x4)

Deletes an account when a domain exists.

16 (0x10)

The join operation is part of an upgrade from Windows 98 or Windows 95 to Windows 2000 or Windows NT.

32 (0x20)

Allows a join to a new domain, even if the computer is already joined to a domain.

64 (0x40)

Performs an unsecured join.

128 (0x80)

The machine, not the user, password passed. This option is only valid for unsecure joins.

256 (0x100)

Writing SPN and DnsHostName attributes on the computer object should be deferred until the rename that follows the join.

262144 (0x40000)

The APIs were invoked during install.

 

Top 25 Contributor
Posts 296
Microsoft MVP
Top Contributor

Hi Bader

One problem is that you can't use credentials for local connections.  Your script starts with $computer="."   "." means the local computer so I'm assuming that you want to join the machine you are on to the domain.

You need to be running PowerShell with elevated privileges - "Run as adminsitrator"

Don't think you need -Authentication 6 on the local machine either.

If you want to run agaianst a remote machine then change

$computer="."

to

$computer="computername"

Hope this helps

 

Page 1 of 1 (13 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.