Join a Computer to a domain with VBScript

Posted On 2013-10-21 by dwirch
Tags: VBScript Scripting Tip Windows Windows Server 2012 Windows Server 2008
Views: 2256

When deploying large numbers of computers, there are several methods of joining a machine to a domain.  Since I am a big fan of VBScript (shhh!), I use this method to join the machine.

This VBScript works in all version of Windows, from Win95 to present day. You should be able to inject this machine at the end of your deployment process in order to automatically join it to the domain after deployment.

I know this is magic by any means, but I've been asked for it more than twice, so here it is for everyone.  Any questions, post a comment here or in the forums.

Const WIN9X_UPGRADE = 16
strDomain = "YourDomainName"
strPassword = "ServiceAccountPassword"
strUser = "ServiceAccount"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, NULL, _

What's Happening

The first section of the script sets some constants.  Not all of these constants are needed for this short little script, but I've included them all here for completeness.  The only two that are used for this function are Join_Domain and Acct_Create.  These are pretty self explanatory, I think.

The second section sets up some variables, namely the domain name you are joining to, and authentication information (username and password) for an account that the necessary permissions to join a machine to the domain.  Note that you should not utilize an account that has elevated permissions.  This account should be a domain user that does not have the "10-join limit" of regular accounts.  In all other aspects, the account shouldn't have any further rights.  Not even interactive login permissions. Why?  Because you're storing the authentication information in plain text, in a file.

Next, we are grabbing the name of the local computer, and setting up impersonation.  This will be used in the join/create operation.

Finally, the join/create operation is executed, with the returned success/fail value stored in a variable, in case you want to perform some other function depending on the outcome of the operation.

About the Author

dwirch has posted a total of 189 articles.

Comments On This Post

By: AnonymousCoward
Date: 2016-04-21

I noticed that the code there maybe compatible with windows 7 or lower. Would the same code be used for Windows 10 or is there any modifications to the script? I tried to make chanes to the script whilst trying to run it on a windows 10 PC and so far nothing has happened. The most i got was a message sayig return value = 5, I clicked ok and it shutdown on me. Does anyone know a solution?

By: AnonymousCoward
Date: 2017-09-07

value = 5 means access denied, make sure the user id you are using has access to add computer to domain.

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links