Joining a Computer to a Domain Using PowerShell
Using PowerShell scripts within a task sequence provides more flexibility than using the CustomSettings.ini file to join a computer to a domain. The parameters of the CustomSettings.ini file are common to any deployment you perform. That's why creating a custom PowerShell script to join your domain will be customize to only your environment, so the security risk is very low.
Here is the code to join a domain using PowerShell:
$strUser = "bjtech\Administrator" $strDomain = "bjtech.edu" $strPassword = ConvertTo-SecureString "P@55w0rd" -AsPlainText -Force $Credentials = New-Object System.Management.Automation.PsCredential $strUser, $strPassword $strOU = "OU=STAGING,DC=LOCAL,DC=BJTECH,DC=EDU" Add-computer -DomainName $strDomain -Credential $Credentials
Once you have created your *.ps1 file and copy it to the script folder under your deployment share. You will then haveto call it within your Task sequence. I placed my PowerShell script command in the “Custom Task Node”. Open your Task Sequence > Click on Add > General > Run PowerShell Script
Within the PowerShell Command Line you will call the PowerShell Script within your script folder: %SCRIPTROOT%\BTNHD\JoinDomain.ps1
Can you please make a video on how to use a normal user with minimum privilege as I don’t want to use Domain Admin Account.
This doesn’t seem to be working for me – all set up and running however because it needs to reboot it’ll error and will cause the rest of the process to fail. Where abouts in the task sequence should it be placed?
Place it at the end of the TS follow with a reboot.
This doesn’t seem to work anymore, I get an error when it fails to join.
“You can’t connect to the file share because it’s not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack. Your system requires SMB2 or higher. For more info on resolving this issue, see: https://go.microsoft.com/fwlink/?linkid=852747”
SMB1 is disabled on the my Server 2012 that has MDT and WDS on it. The link Microsoft provides isn’t very helpful either. Any ideas?
Does this use the computer name within MDT 2013?
Excellent Script to use in my Task Sequence to avoid it joining the domain too early on. However you missed out one bit in the last line. Should be
Add-computer -DomainName $strDomain -Credential $Credentials -OUPath $strOU
otherwise the variable you defined early for $strOU has no effect.