Abu Dhabi is the capital and the second largest city of the United Arab Emirates and this is where our Active Directory hero Jithesh Raj (JR) is based. He is going to show us how to master the “Domain Join” with PowerShell by giving it a “Golden Touch” at the end…


Today we will look at some simple yet very useful PowerShell Cmdlets that will help us remotely join/unjoin/restart clients to domain/workgroup.

Let´s look at some prerequisites

We must have PowerShell 3.0 which comes by default with Windows 8/ Windows Server 2012 to execute the Cmdlets

1

You need to modify the below incoming Protocol /Ports and allow communication in Windows Firewall

23

4

Let’s get started!!..

So let us try a simple command to join a machine to domain and restart from a remote computer. You will be prompted for local and domain credentials when we run the below command.

5

Add-Computer -ComputerName 10.1.1.11 -Domain litware.com -LocalCredential administrator -Restart -Credential litware\administrator -force -v

In the above example we used the LocalCredential parameter to specify an account that has permissions on the computer 10.1.1.11. We also used the Credential parameter to specify a user account that has permission to join computer to the domain. Finally, the force parameter is specified to suppress user confirmation messages. We could also use the –OUPath as an additional parameter to specify the Organization Unit for the machine account.

Now, let us look at the command to unjoin the same machine from the domain.

6

7

Notice that when we use the –Restart parameter we receive an error and when we skip, it asks us to restart the computer.

8

To force a restart you could simply use the Restart-Computer cmdlet above as well:

Restart-Computer -ComputerName 10.1.1.11 -Credential sublitware-dc1\Administrator

This was quite simple, right? Let´s make things a little more complicated now… What if you had to perform the above tasks on 100+ machines, which must be to disjoined and rejoined to a different domain.

We have a list of all the machines which are part of litware.com stored in a file called Client2join.csv. We are asked to join these machines to its child domain Sublitware.litware.com.

Clients2join.csv contains list of 4 IP’s and In this example I’m using Windows 8.1, Windows 7, Windows 2008 R2 servers

9

10

This will prompt you for credentials to use during domain join operation. Afterwards we run the command to join the machines specified in the Client2join.csv.

11
Although we got an error for WMI for the last 3 machines, once we looked up the OU we were able to see successful domain join. The same reflected in the netsetup.log from these machines.

12

We can confirm the successful join through AD Users and Computers

13

And finally to give it the ‘MIDAS’ touch and use our Restart-Computer CmdLet to reboot all of them.

Import-csv .\clients2join.csv | % { Restart-Computer –computerName $_.clients –force –v }

The –v is for verbose output. The output below just informs us, to enable remote shutdown access rights to be able to restart the machines.

14

The domain join can also be modified to domain unjoin by using the parameter –UnjoinDomainCredential.

That brings us to the end of this post and until we meet next, join as many clients using Power “Domain Join” Shell with a Golden Touch…


Original content from Jithesh Raj (JR). Posted by MEAGBS editor Aydin Aslaner.