Use PowerShell to Replace netdom Commands to Join the Domain

Use PowerShell to Replace netdom Commands to Join the Domain

  • Comments 14
  • Likes

Summary: Learn how to replace netdom commands with simple Windows PowerShell cmdlets to rename and reboot the computer or join the domain.

Hey, Scripting Guy! Question Hey, Scripting Guy! It seems that I have been hand building a number of computers recently for a computer lab we are setting up at work. I have written a batch file that uses netdom commands to join the domain. I also use a netdom command to rename the computer, and the shutdown command to restart the computer. The syntax for each of these three commands is rather complex and convoluted. A strange thing is that it seems I can do this on Windows Server R2, but I cannot do this on Windows 7. What gives?

—AD

Hey, Scripting Guy! Answer Hello AD,

Microsoft Scripting Guy, Ed Wilson, is here. Well this afternoon I am drinking something a bit different. I decided to make a cup of masala chai. (The word chai, or many of its variations, simply means tea in many languages. Therefore, to speak of chai tea is redundant.) Anyway, I decided to use Dajarling tea, brewed a little strong, and I added cloves, cardamom, a cinnamon stick, fresh ground pepper, and 1/3 cup of warm milk. Coupled with an Anzac biscuit, it was quite nice.

AD, the reason that you cannot use your batch file (containing netdom commands) on Windows 7 is that by default Windows 7 does not contain the netdom command. You can add netdom to your computer running Windows 7 by installing the latest version of the Remote Server Administration Tools (RSAT). When it is installed, you still need to go to Programs and Features and turn on the tools you want to load. The RSAT tools are great, and that is where you gain access to the Active Directory module. But you should not load the RSAT only to access netdom, because you can do what you want to accomplish out of the box (assuming that your box is not Windows 7 Home edition that does not join domains).

AD, your batch file contained at least three commands to rename the computer, join the domain, and to restart the machine. The two netdom commands and the shutdown command are shown here.

netdom renamecomputer member /newname:member1.example.com /userd:administrator

netdom add /d:reskita mywksta /ud:mydomain\admin /pd:password

shutdown /r

In Windows PowerShell 2.0, this is still three commands, but at least the commands are native to Windows 7. In addition, the Windows PowerShell command is easier to read, and they support prototyping. An example of using Windows PowerShell to add a computer to the domain, rename the computer, and reboot the machine is shown here.

(Get-WmiObject win32_computersystem).rename("newname")

add-computer -Credential iammred\administrator -DomainName iammred.net

Restart-Computer

In the first command, I use the Get-WmiObject cmdlet to retrieve the Win32_ComputerSystem Windows Management Instrumentation class. (The Get-WmiObject cmdlet has an alias of gwmi, and it will also take credentials if required.) Because this class returns only one instance, I can use my group and dot trick (see My Ten Favorite Windows PowerShell Tricks) to directly call the Rename method to rename the computer.

After I rename the computer, I use the Add-Computer cmdlet to join the computer to the domain. The Add-Computer cmdlet allows me to specify the credentials that have rights to add computers to the domain, in addition to the name of the domain to join. Although I did not do it in my example, there is also an ou parameter that allows you to specify the path to the OU that will contain the newly created computer account.

The last command, Restart-Computer, appears without any parameters. This means that the computer will restart within one minute, and it will attempt to cause processes to politely exit (generally a good thing). For emergency type of situations, there is the Force switch that will cause the computer to immediately restart, and not wait on processes to politely exit. The use of this optional parameter can lead to data loss in some situations.

In the image that follows, I first use the Get-WmiObject cmdlet to rename the computer. The image shows the return value is 0, which means that the command completed successfully. Next, I use the Add-Computer cmdlet to join the computer to the iammred domain by using the administrator credentials. Upon hitting ENTER, a dialog box appears that requests the password for the credentials.

The command completed successfully, but a warning message states that a reboot is required for the change to actually take place. The last command shown in the image uses the Restart-Computer cmdlet to restart the computer. I added the WhatIf parameter to illustrate what happens when using the WhatIf parameter (and to permit myself time to make the screenshot).

Image of command output

After I remove the WhatIf switch, and rerun the Restart-Computer cmdlet, a message box appears that states the computer will shut down in a minute or less. After the quick reboot, I am able to switch from using a local account to a domain account, because the computer has now joined the domain. The commands are short, sweet, easy to remember, and easy to use. None of these commands require a script, in fact, they could easily be run as imported history commands. For more information about working with the Windows PowerShell history cmdlets, see this collection of Hey, Scripting Guy! blogs.

 AD, that is all there is to using Windows PowerShell to rename a computer and to join it to the domain.  Join me tomorrow for more cool Windows PowerShell stuff.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Will this work for local PC's only or can I somehow tweak this to rename remote PC's. I am in the process of renaming 95 PC's and would like to somehow take this script and rename remote PC's. Thanks!

  • Is there a way to enable the user role as well? When adding the pc to the domain giving a certain user role i.e admin,user,power user?

  • @EvolutionXtinct There are two ways to do this remotely. The first way is to use PowerShell remoting. You have to enable PowerShell remoting, but it can be done via Group Policy. Using PowerShell remoting, the commands would work exactly as written. The second way, is more complex. You can use the WMI command, to rename the computer, directly. It accepts a -computername and a -credential parameter. In PowerShell 2.0, the Add-Computer cmdlet does not have a -computername parameter, and therefore it adds the local computer to the domain or workgroup. You can use WMI, the Win32_Process wmi class, and the Create method to call PowerShell and to execute the Add-Computer cmdlet on a remote machine. I have written about all of these topics on the Hey Scripting Guy! blog. Use the Tag cloud, or the search box to find the articles.

  • @D3sky I wrote a blog article in which I describe a module to simplify creating local users, and adding users to groups. It should do what you need to do. blogs.technet.com/.../use-parameter-sets-to-simplify-powershell-commands.aspx

  • Hi Ed,

    Great! This is the way it goes ... these easy steps are quite worth a lot if you have to accomplish this task a couple of times a day!

    Powershell can be as simple as that!

    Klaus (Schulte)

  • Ed

    Is there a way to have this encrypted including the password so it can be used in an automated build script?

  • When I run these commands in succession, it seems to add to the domain but not actually change the name.  I was assuming it should be able to change the name without a reboot then add to the domain, correct?

  • How about renaming computer using a two digit prefix followed by serial number?  Ex: MS-xxxxnnnnnn

  • Doesn't work without a reboot in between - it joins the domain as the original computer name.

  • Little late to the party, but I can't get the rename to work either. Script returns '0' but doesn't do the rename.

  • I agree with Nope. You should reboot after renaming, otherwise you join domain with the old name.

  • There is an updated post about PowerShell v3.0 using the rename-computer cmdlet.  It looks like this supports domained computers.  I haven't tested it yet, but it is worth a look.

    blogs.technet.com/.../powertip-rename-a-computer-by-using-windows-powershell-3-0.aspx

  • Windows 7 does not include netdom by default. I scoured the net for hours looking for a simpler solution than this RSAT crap or what ever. Then powershell came up and that had its own bullcrappery errors which were more easily fixed than netdom however the solution to these errors were not in one place. SO to all those IT people out there im doin yall a favor here and putting everything in one location in as many forums as possible.

    FOR JOINING A COMPUTER TO A DOMAIN WITHOUT NETDOM - (Windows 7... possibly others have not tested but i dont see why it wouldnt work)

    First you create Two files BOTH are created using notepad.

    type exactly as displayed or cut and paste i dont care. input your own information in the obvious locations if you cant figure that out sell your computer, you have no business owning one.

    First file:

    powershell -command "& {Set-ExecutionPolicy Remotesigned}"

    powershell -file e:\domainjoin.ps1

    powershell -file f:\domainjoin.ps1

    powershell -file g:\domainjoin.ps1

    powershell -file h:\domainjoin.ps1

    powershell -file i:\domainjoin.ps1

    powershell -file j:\domainjoin.ps1

    powershell -file k:\domainjoin.ps1

    powershell -file l:\domainjoin.ps1

    powershell -file m:\domainjoin.ps1

    powershell -file n:\domainjoin.ps1

    powershell -file o:\domainjoin.ps1

    powershell -file o:\domainjoin.ps1

    PAUSE

    Ok! So now Save As -------- DomainJoin.bat (file type all files not txt) put it .. somewhere easily accessed.

    NOW Second file!

    $domain = "yourdomain"

    $password = "yourpassword" | ConvertTo-SecureString -asPlainText -Force

    $username = "$domain\youraccount"

    $credential = New-Object System.Management.Automation.PSCredential($username,$password)

    Add-Computer -DomainName $domain -Credential $credential

    Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Restricted -Force

    Okay! Save As - domainjoin.ps1 <--------- Pay attentionnnnnnnnnnnn! (again file type "all files" not .txt)

    NOW for this save it on the root of what ever you use for media for example... "c:\domainjoin.ps1" or "f:domainjoin.ps1"

    that is very important grass hoppers.

    Alrighty you are ready to run the file. Right click on DomainJoin.bat and hit run as administrator

    you will see a lot of errors fear not.

    in the script i included just about all of the drive letters the file could be on, so as long as you put it on the root of the USB stick or C Drive you should be good (you can also add the drive letters i did not include)

    Somewhere in those errors you should see something telling you a restart is required to apply settings. once it says hit any key to continue restart and you should be goooood to go!

  • thanks