fortypoundhead.com

Join a Computer to a domain with VBScript

Posted On 2013-10-21 by dwirch
Keywords:
Tags: VBScript Scripting Tip Windows Windows Server 2012 Windows Server 2008
Views: 1706


When deploying large numbers of computers, there are several methods of joining a machine to a domain.  Since I am a big fan of VBScript (shhh!), I use this method to join the machine.

This VBScript works in all version of Windows, from Win95 to present day. You should be able to inject this machine at the end of your deployment process in order to automatically join it to the domain after deployment.

I know this is magic by any means, but I've been asked for it more than twice, so here it is for everyone.  Any questions, post a comment here or in the forums.

Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "YourDomainName"
strPassword = "ServiceAccountPassword"
strUser = "ServiceAccount"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, NULL, _
JOIN_DOMAIN + ACCT_CREATE)

What's Happening

The first section of the script sets some constants.  Not all of these constants are needed for this short little script, but I've included them all here for completeness.  The only two that are used for this function are Join_Domain and Acct_Create.  These are pretty self explanatory, I think.

The second section sets up some variables, namely the domain name you are joining to, and authentication information (username and password) for an account that the necessary permissions to join a machine to the domain.  Note that you should not utilize an account that has elevated permissions.  This account should be a domain user that does not have the "10-join limit" of regular accounts.  In all other aspects, the account shouldn't have any further rights.  Not even interactive login permissions. Why?  Because you're storing the authentication information in plain text, in a file.

Next, we are grabbing the name of the local computer, and setting up impersonation.  This will be used in the join/create operation.

Finally, the join/create operation is executed, with the returned success/fail value stored in a variable, in case you want to perform some other function depending on the outcome of the operation.


About the Author

dwirch has posted a total of 172 articles.

 


Comments On This Post

By: AnonymousCoward
Date: 2016-04-21

I noticed that the code there maybe compatible with windows 7 or lower. Would the same code be used for Windows 10 or is there any modifications to the script? I tried to make chanes to the script whilst trying to run it on a windows 10 PC and so far nothing has happened. The most i got was a message sayig return value = 5, I clicked ok and it shutdown on me. Does anyone know a solution?


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:23.20.157.174

Before you can post, you need to prove you are human. If you log in, this test goes away.


Beat With A Stick List Returns: By request, BWASL has returned to the site. Free your rage by telling the world about something that really grinds your gears. Add your beating.



Recent Forum Posts

BWASL returns
dwirch posted on May 13, 2017 at about 15:24 in Site News

BWASL returns
dwirch posted on May 13, 2017 at about 8:46 in Site News

Job Spammer: Balashankar Bose Bose
dwirch posted on May 11, 2017 at about 10:05 in Spammers

Job Spammer: Bharti Jigyasi
dwirch posted on May 11, 2017 at about 7:58 in Spammers

List of Shady Characters
dwirch posted on April 25, 2017 at about 16:39 in Webmaster Stuff

Job Spammer: Bilal Uddin
dwirch posted on April 25, 2017 at about 11:00 in Spammers