Join domain Prompt for Credentials

rated by 0 users
This post has 4 Replies | 3 Followers

Not Ranked
Posts 4
dugullett Posted: 04-30-2012 1:30 PM

This is my very first script using Powershell so please excuse me. I'm sure there are cleaner ways to get this done. A little bit of background... 

This will run as a post-install after an image to join the user to our domain. After it successfully runs it will delete itself and then reboot. My problem is this. If the user enters incorrect credentials then it will continue to run, and delete itself resulting in not joining the domain. Entering the credentials in the script is not an option in our enviroment. What I have currently results in an infinite loop because ($res -eq $null). I've tried almost every variation for the "Do{   }". Nothing seems to want to work. 

If the credentials are entered correctly then it will join the domain successfully. 

------------------------------------------------------------------------------------

$a = new-object -comobject wscript.shell

$c = Get-Credential DOMAIN\

$oupath = 'OU=TEST, OU=Workstations, DC=DOMAIN, DC=ORG'

Function Verify-ADAuth

{

$username = $c.username

$password = $c.GetNetworkCredential().password

 

$CurrentDomain = 'LDAP://domaincontroller/DC=DOMAIN,DC=ORG'

 

$dom = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,$UserName,$Password)

$res= $dom.name 

 

if ($res -eq $null)

{

    Do

        {$c = Get-Credential Domain\

        }

    Until ($res -ne $null)

    }

else

{

#Progress Bar

for ($i = 1; $i -le 10; $i++) { 

write-progress -id 1 -activity "Joining Domain" -status "Please Wait..." -percentComplete ($i*10);

sleep 1;}    

Add-Computer -domainname domainname.org -oupath $oupath -Credential $c -ErrorAction silentlycontinue

Add-Computer -DomainName swmed.org -Credential $c

$e = $a.popup("Welcome to domainname.ORG",30,"Domain Join",0)

}

}

Verify-ADAuth

 

 

 

Not Ranked
Posts 4

I moved $c= get-credential into function Verify-ADAuth. Then changed Do {Verify-ADAuth}. This is working, but I'm still interested in a cleaner way. 

Top 25 Contributor
Posts 139

is this really quicker than just right-click computer > properties > change domain and computer name? or what kind of computer imaging are you using? I use Microsoft Deployment Toolkit and I've configured it to automatically join the domain.

Anyway, to answer your question, perhaps the main reason the script continues to delete itself etc even though it did not successfully join the domain would be because you put -ErrorAction silentlycontinue. I think what would work much better here would be to use a try/catch and set the '-ErrorAction Stop' parameter.

try this:

$continue = $True

try {

Add-Computer -domainname domainname.org -oupath $oupath -Credential $c -ErrorAction Stop

} catch {

$continue = $False

}

If ($continue) {

<the rest of the code here that should execute only if the add-computer command completes successfully>

}

Top 10 Contributor
Posts 1,901
Microsoft MVP
Top Contributor

Hi, I suppodr you are trying to automate your deployment righ? if yes, there is a cleaner way, depending on you deployment method there is usually a well documented process to automate the domain join e.g. using unattended install parameters. Try not to reinvent the wheel, if there is a robust and tested solution already available.

but to your script:

as mentioned above the add-computer by default raises a non-terminating exceptions so use Add-Computer -ErrorAction Stop ...

I do not think it is necessary to validate the authentication beforehand, if it fails on the join is what you need to know.

there are ways to save credentials in the powershell script but it is a security risk.

 

Try

{

#if an exception is raised in the try block, it jumps directly to the catch. the "test" wont run in that case.

#if you need to be sure more of the commands try to run do a separeate try catch block.

add-computer -errorAction Stop <etc>

"test"

}

catch

{

 <log error>

break #will break out of the current scope.

}

finally

{

<log that the command have run on the computer>

}

<delete script>

Not Ranked
Posts 4

Thanks for the replies. I've almost forgotten about this.

This is a post installation task on our images. For whatever reason they want to prompt for credentials even though if a user can figure out how to PXE boot, and then the password to our boot environment then they deserve to join the domain. I had one in place that was totally silent, but they wanted something like this. I realize there are a ton of easier ways to join the domain. 

I will give this a shot. I'm still learning Powershell, but I've gotten a little bit better since this post. Thank you.

Page 1 of 1 (5 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.