Jump to content
DarrenWhite99

Automating Domain Join

Recommended Posts

This is for a followup request from topic http://www.labtechgeek.com/forum/viewtopic.php?f=14&t=2361 regarding automation for a Domain Join script.

I am attaching the scripts that I use to perform domain joins manually, and the script/EDF's that I use to automate this process.

Importing the Script XML will create all of the mentioned Scripts, as well as the Client, Location, and Agent level EDF's (not all specifically named here). I have not included the Searches, Groups, and Script Schedule items that complete the automation but I believe that you could choose how to integrate this in your environment and create those items easily enough. Refer to the topic mentioned above for a fuller explanation of how these are integrated into my environment.

"Join Computer To Domain" is a script that will perform a manual domain join. It requires the netdom.zip bundle (included) and references the LTGetFile function script. Prior to attempting the join it validates that a DC is reachable.

"LTGetFile" is a swiss army knife downloader script I wrote and have refined over time. It handles multiple levels of integrity verification, automatic retries, automatic .zip/.tgz extraction, and supports downloading from LTShare, UNC paths, HTTP/HTTPS, and even SCP (using winscp, not included in this bundle).

"AUTOMATIC - Perform Domain Join" is a script that is meant to be run on a schedule against a target group (machines that need to be joined to a domain). It references computer, location, and client level EDF's to determine what domain should be joined, and uses the "EDF - AD FQDN policy" script to update a single EDF that identifies agents that need to be joined to a domain. It also calls the "FUNCTION - Check for Pending Reboot" script.

"EDF - AD FQDN policy" is an offline script that can be run in your daily agent maintenance batches. It determines the domain the computer should belong to (Using the "AUTO-Domain FQDN" EDF) and if it is part of that domain or not, and updates the "POLICY - AD FQDN Domain to Join" EDF. If this is not run regularly, the search will not identify systems with the incorrect domain name. An alternative to running this with daily batches is to import the MONITOR sql file, which can trigger this script when the "POLICY - AD FQDN Domain to Join" EDF needs to be refreshed.

"POLICY - AD FQDN Domain to Join" This EDF holds the name of the domain that the computer needs to be joined to, and is designed to be a simple EDF target for a search that can autojoin computers that need action to be taken to a specific group. If no action is needed, the value will be blank. If a value exists, the "AUTOMATIC - Perform Domain Join" script should be run.

"FUNCTION - Check for Pending Reboot" - Tests if a reboot is needed, looking at various registry keys, and if there are Pending File Rename Operations it will run a special script that attempts to process those operations immediately. (Usually the files are locked and so the rename is postponed until reboot, but often they will become unlocked earlier and can be processed without a restart).

The Search XML contains a search for computers that need to be joined to a domain (based on the "POLICY - AD FQDN Domain to Join" EDF being populated). You can schedule the "AUTOMATIC - Perform Domain Join" script using this search, at whatever time of day or frequency you want.

Enjoy.

AUTOMATIC-DomainJoin.zip

  • Like 3

Share this post


Link to post
Share on other sites

Does this work for joining domains remotely? Without having a VPN set up? Basically using Labtech agent as the tunnel?

Share this post


Link to post
Share on other sites

No. It can enable a domain join without even needing to login to the desktop, but you would need to have an underlying network vpn if you are remote. We have successfully joined the domain even over a personal VPN from the computer so remote joins are possible, but only in already possible ways. This does not provide for offline domain joining.

Share this post


Link to post
Share on other sites

I have re-posted the bundle in this topic. Scripts have been updated, and the bundle now includes a Search and an Internal Monitor to provide more flexibility in managing automatic domain joins. If you have downloaded this before, you should refresh it with this. (If not, what are you waiting for?)

Share this post


Link to post
Share on other sites

Getting the following error attempting to join Win10 to Server2016 DC:

"A Domain Controller is unreachable or not discoverable with the current DNS setings. Verify DNS settings and DC connectivity. - The system cannot find the path specified."

 

I am able to join the domain manually. Ideas?

 

Share this post


Link to post
Share on other sites
3 hours ago, BBradley said:

The system cannot find the path specified.

That looks like the result of the command that tested the domain controller connectivity, and that it could not find the exe.  It tests by running this command: 

SHELL:  "@NETDOMEXE@" /query /domain:"@AD_FQDN@" /userd:"@AD_User@" /passwordd:"@AD_Password@" PDC 2>&1 && ECHO COMMUNICATIONSUCCESS  and store the result in %shellresult%

"@NETDOMEXE@" is the path to netdom.exe, which it should be downloaded and extracted if you have everything setup right. You will need to track down why that file doesn't exist.

  • Like 1

Share this post


Link to post
Share on other sites

@DarrenWhite99 I'm getting this error when I try to open many of the imported scripts, eg "AUTOMATIC - Perform Domain Join". Any idea how to resolve that? Could this have anything to do with the fact that I've previously imported (and renamed) many of your other scripts (eg, GetFile and Email results to technician)?

image.png.824ee08ec55c50edd96b5ad50a02dfef.png

Share this post


Link to post
Share on other sites
On 5/17/2019 at 11:03 AM, shshinsupport said:

Hello. The bundle does not include the Manual Domain Join. Could you post that as well?

The script should be named "Join Computer to Domain". All the scripts should be in the "__Examples" folder.

Share this post


Link to post
Share on other sites
11 hours ago, shshinsupport said:

Could you provide me with a link? Sorry but I couldn't find it.

For the bundle download? Like, the one attached to the bottom of topic post, visible by scrolling up? Or some other link?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×