Joining domain...

dot45 · December 31, 2009

The above code does almost what i need. How do I get the computer account to be created in another OU besides the default one? eg. I am adding machines that need to go into a different ou to be managed properly as they are running xp embedded.

jwebb · January 7, 2010

Take a look into this thread: http://www.autoitscript.com/forum/index.ph...;hl=join+domain - from there i got my code to join a computer to the domain - did not need the gui stuff.
Only problem i didn't solve until now is what to do when a machine account already exists

Can you share how you deal with computer accounts that already exist? Thanks.

Jim

water · January 7, 2010

To check if a computer account already exists in the AD you can use the adfunctions UDF or the new AD UDF (which is based on adfunctions).

You can use the following function to check for the existance of a computer (note the trailing "$") and show the OU where the computer is defined:

; Syntax for adfunctions.au3
#include <adfunctions.au3>
$sComputer = @ComputerName
If _ADObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _ADSamAccountNameToFQDN($sComputer & "$"))

; Syntax for AD.au3
#include <AD.au3>
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))

Edited January 7, 2010 by water

jwebb · January 7, 2010

To check if a computer account already exists in the AD you can use the adfunctions UDF or the new AD UDF (which is based on adfunctions).
You can use the following function to check for the existance of a computer (note the trailing "$") and show the OU where the computer is defined:
; Syntax for adfunctions.au3
#include <adfunctions.au3>
$sComputer = @ComputerName
If _ADObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _ADSamAccountNameToFQDN($sComputer & "$"))

; Syntax for AD.au3
#include <AD.au3>
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))

Thanks for the quick reply!

When I try to run the code I get:

C:\Program Files (x86)\AutoIt3\Include\AD.au3 (331) : ==> Variable must be of type "Object".:

Local $oAD_RecordSet = $oAD_Connection.Execute($sAD_Query)

Local $oAD_RecordSet = $oAD_Connection^ ERROR

Also I should explain my goal is to create a program the allow a user to join AD. I need to check if a computer has been joined before because the code to join the computer is different.

Thanks again for your help.

Jim

water · January 8, 2010

Sorry, my fault!

The code for the AD UDF should look like:

; Syntax for AD.au3
#include <AD.au3>
_AD_Open()
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))
_AD_Close()

jwebb · January 8, 2010

Sorry, my fault!

The code for the AD UDF should look like:

; Syntax for AD.au3
#include <AD.au3>
_AD_Open()
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))
_AD_Close()

That works great!

My next question is how do I search for a computer in AD from a computer not yet joined?

What I've found is if it's first time the machine is joined I specify the OU. If the that same machine get's reimaged the join won't work if I specify the OU, I get error 2224(Same error if I use netdom). My plan is to do a quick search for the machine the script is running on. If the computer is not found join using the OU. If it is found join without the OU.

Thanks again for your help!

Jim

water · January 8, 2010

Hi Jim,

to query the AD from a computer that is not yet a member of the domain you have to provide the information (DNSDomain, HostServer and Configuration) to the _AD_Open call:

From the AD source code - function _AD_Open:

; If you want to connect to a different domain (not the domain your computer is a member of) or your computer is no domain member

; then please provide $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam as FQDN.

; Example:

; $sAD_DNSDomainParam = "DC=subdomain,DC=example,DC=com"

; $sAD_HostServerParam = "servername.subdomain.example.com"

; $sAD_ConfigurationParam = "CN=Configuration,DC=subdomain,DC=example,DC=com"

Thomas

Edited January 8, 2010 by water

jwebb · January 8, 2010

Hi Jim,

to query the AD from a computer that is not yet a member of the domain you have to provide the information (DNSDomain, HostServer and Configuration) to the _AD_Open call:
From the AD source code - function _AD_Open:

; If you want to connect to a different domain (not the domain your computer is a member of) or your computer is no domain member then please provide
; $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam as FQDN.
; Example:
; $sAD_DNSDomainParam = "DC=subdomain,DC=example,DC=com"
; $sAD_HostServerParam = "servername.subdomain.example.com"
; $sAD_ConfigurationParam = "CN=Configuration,DC=subdomain,DC=example,DC=com"

Thomas

Thank you for your patience.

I'm getting close. After passing the parameters listed above I get a COM error 8007054B on a machine not joined to AD. Then I get an AutoIt error on line 3970, "Error in expression". I've included my code below.

Thanks again.

Jim

; Syntax for AD.au3
#include <AD.au3>

Global $sAD_UserIdParam , $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam

_AD_Open($sAD_UserIdParam = "myuser", $sAD_PasswordParam = "mypassword", $sAD_DNSDomainParam = "DC=test,DC=local", $sAD_HostServerParam = "dc1.test.local", $sAD_ConfigurationParam = "" )
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))
_AD_Close()

water · January 8, 2010

Please change the code to:

#include <AD.au3>
_AD_Open("myuser","mypassword", "DC=test,DC=local", "dc1.test.local", "CN=Configuration,DC=test,DC=local")
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$")
_AD_Close()

Edited January 8, 2010 by water

jwebb · January 8, 2010

Please change the code to:

#include <AD.au3>
_AD_Open("myuser","mypassword", "DC=test,DC=local", "dc1.test.local", "CN=Configuration,DC=test,DC=local")
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$")
_AD_Close()

Now I get COM error 000000A9, "Variable must be of type 'Object'." It also refrences script line number 335. I get this message twice.

Here is what I have now.

Jim

; Syntax for AD.au3
#include <AD.au3>

_AD_Open("myuser", "mypassword", "DC=test,DC=local", "dc1.test.local", "CN=Configuration,DC=test,DC=local" )
$sComputer = @ComputerName
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))
_AD_Close()

water · January 8, 2010

Seems to be a problem withe the userid (syntax must be "domain\username"). Could you please change the code to:

; Syntax for AD.au3
#include <AD.au3>

_AD_Open("test\myuser", "mypassword", "DC=test,DC=local", "dc1.test.local", "CN=Configuration,DC=test,DC=local" )
$sComputer = "@ComputerName"
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))
_AD_Close()

Edited January 8, 2010 by water

jwebb · January 8, 2010

Seems to be a problem withe the userid (syntax must be "domain\username"). Could you please change the code to:

; Syntax for AD.au3
#include <AD.au3>

_AD_Open("test\myuser", "mypassword", "DC=test,DC=local", "dc1.test.local", "CN=Configuration,DC=test,DC=local" )
$sComputer = "@ComputerName"
If _AD_ObjectExists($sComputer & "$") Then ConsoleWrite("Computer " & $sComputer & " exists in OU " & _AD_SamAccountNameToFQDN($sComputer & "$"))
_AD_Close()

I got it working! Thanks for your help. Turns out part of my problem was I was trying to run the exe from a Novell server. Once I coppied it local or to a Windows server it started working.

Jim

TheWorkz · April 15, 2011

This code has worked great for us when automated, but I have one question about a change.. We want to prompt our technicians to enter the password to add a computer to the domain. I modified the $strAdminPass to require an input box which works great when they enter the right password! However, if it errors or one types in the wrong password, it closes. How do I go about getting this to loop back and ask for a password again if it errors out?

I'm sure its probably simple, but I am new to this, so please bare with me

Thanks!

Global Const $JOIN_DOMAIN = 1
Global Const $ACCT_CREATE = 2

$strAdminPass = InputBox ("Password", "Please enter the Password to Join the Domain", "", "*M")
$strAdminAccount = 'pcbuild'

$strComputer = "."
$strDomainName = "ourdomain.com"
 
$objWMIService = ObjGet("winmgmts:" & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colCompSystems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem")

For $objCompSystem In $colCompSystems
  
  $intJoinDomain = $objCompSystem.JoinDomainOrWorkgroup($strDomainName, $strAdminPass, $strDomainName & '\' & $strAdminAccount, '', $JOIN_DOMAIN + $ACCT_CREATE)
  If $intJoinDomain = 0 Then
    MsgBox(0, @ScriptName, "Joined computer to " & $strDomainName & " domain.")
  ElseIf $intJoinDomain = 1 Then
    MsgBox(0, @ScriptName, "Joined computer to " & $strDomainName & " domain." & @CRLF & "  Must reboot.")
  Else
    MsgBox(0, @ScriptName, "Unable to join computer to " & $strDomainName & " domain." & @CRLF & _GetExitCode($intJoinDomain)) 
  EndIf
Next

Func _GetExitCode($iExitCode)
    Local $sLine = ''
    $Pid = Run(@ComSpec & " /c net helpmsg " & $iExitCode, @SystemDir, @SW_HIDE, 2)
    While 1
        $sLine &= StdoutRead($Pid)
        If @error Then ExitLoop        
    Wend
     $strErrorMessage = "ErrorCode: " & $iExitCode & " " & StringStripWS(StringStripCR($sLine), 3)
    Return($strErrorMessage)
EndFunc

TheWorkz · April 19, 2011

This code has worked great for us when automated, but I have one question about a change.. We want to prompt our technicians to enter the password to add a computer to the domain. I modified the $strAdminPass to require an input box which works great when they enter the right password! However, if it errors or one types in the wrong password, it closes. How do I go about getting this to loop back and ask for a password again if it errors out?
I'm sure its probably simple, but I am new to this, so please bare with me
Thanks!

Can anyone please help me with this? I have been trying all sorts of things, but just can't seem to get it right.

Pretty much looking for:

If joining domain succeeds, close.

If joining domain errors, retry and ask for password again.

Thanks again.

water · April 19, 2011

I am on vacation and will reply next week.

water · April 19, 2011

-- Sorry, double post --

Edited April 23, 2011 by water

water · April 23, 2011

Just do it in a loop until 1) the join command returns without an error or 2) the loop is exited by the user

Global Const $JOIN_DOMAIN = 1
Global Const $ACCT_CREATE = 2

$strAdminAccount = 'pcbuild'
$strComputer = "."
$strDomainName = "ourdomain.com"
 
$objWMIService = ObjGet("winmgmts:" & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colCompSystems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem")

While 1
    $strAdminPass = InputBox ("Password", "Please enter the Password to Join the Domain", "", "*M")
    For $objCompSystem In $colCompSystems
        $intJoinDomain = $objCompSystem.JoinDomainOrWorkgroup($strDomainName, $strAdminPass, $strDomainName & '\' & $strAdminAccount, '', $JOIN_DOMAIN + $ACCT_CREATE)
        If $intJoinDomain = 0 Then
            MsgBox(0, @ScriptName, "Joined computer to " & $strDomainName & " domain.")
            ExitLoop 2
        ElseIf $intJoinDomain = 1 Then
            MsgBox(0, @ScriptName, "Joined computer to " & $strDomainName & " domain." & @CRLF & "  Must reboot.")
            ExitLoop 2
        Else
            $iRC = MsgBox(21, @ScriptName, "Unable to join computer to " & $strDomainName & " domain." & @CRLF & _GetExitCode($intJoinDomain)) 
            If $iRC = 2 Then ExitLoop 2
        EndIf
    Next
WEnd

Func _GetExitCode($iExitCode)
    Local $sLine = ''
    $Pid = Run(@ComSpec & " /c net helpmsg " & $iExitCode, @SystemDir, @SW_HIDE, 2)
    While 1
        $sLine &= StdoutRead($Pid)
        If @error Then ExitLoop        
    Wend
    $strErrorMessage = "ErrorCode: " & $iExitCode & " " & StringStripWS(StringStripCR($sLine), 3)
    Return($strErrorMessage)
EndFunc

Edited April 23, 2011 by water

TheWorkz · April 26, 2011

Worked great Water! That makes sense now..

Thank You very much.

jaylweb · November 22, 2011

May I ask why you don't want to use netdom.exe?

I don't want to use netdom.exe because I want this function to be a part of installer without external exe's

I felt compelled to comment on this. One of the benefits of using WMI, is that you can join a PC to a domain if it is already in the domain. For example, if you have to re-image a PC and join it to the domain, the computer object already exists. Netdom will error if the computer object already exists, unless you remove it first. With WMI, you can join the domain even if the computer object exists.

I have been using WMIC.EXE in the past with a batch file. I have a need now to move this into AutoIT to help secure the password.

Sign In

Joining domain...

Recommended Posts

dot45

jwebb

water

jwebb

water

jwebb

water

jwebb

water

jwebb

water

jwebb

TheWorkz

TheWorkz

water

water

water

TheWorkz

jaylweb

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta