0

My company would like to use a Syprep image and an autounattend.xml file to deploy new machines or rebuild old ones with a USB stick. We do not want to use SCCM. I will push us to use WDS in the future but we still want to be able to do this through just putting a USB into the machine.

I have been caught at one hurdle for a while now, I cannot get the machine to join the domain automatically after first logon. I am using some powershell scripts to do this. So far I'm simply testing a script to re-name the machine. This works if I run it myself on a VM, but it will not work if I run it from the autounattend.xml. Unattend will run a script on logon as admin which will open a batch file that runs a powershell script as admin and bypasses the script running policy. That script will then rename the PC.

Except, it doesn't. Online I have seen that you cannot do the domain join automatically through WDS anyway since Microsoft has a bug that will not let you join through any pass other than OOBE. Which means either way I have to get this script to work for an automatic domain join.

When the new PC boots up for the first time, other scripts I have created will run, while this one never seems to achieve anything. It seems the batch file executes but its whether the script works or not. I don't see any errors in event log.

The below scripts simply re-name the machine. This is just as a test.

Unattend script:

C:\_scripts\4_psbypass.bat

Batch script:

@echo off PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\_scripts\Rename-PC.ps1""' -Verb RunAs}" @echo - PC name changed>> C:\log.txt @echo - Joined to example domain>> C:\log.txt @echo - Machine restarted>> C:\log.txt del %0

Powershell script:

This script will be placed into the WIM file of the image we will deploy. Once the admin account performs an initial autologon this script will execute. The script uses a domain admins credentials to find the list file it will access. Once credentials are entered, the script will check for the appropriate PC name. If it is a new build it will simply look at the top PC number in the list and rename itself to that number while adding the next number to the top of the list. If a PC needs rebuilding, add a ' -r' next to its number for example: << 199 -r >>. The script will then remove the ' -r', rename the PC and will not add to the list. If there are multiple marked numbers then it will target the lowest number. The script will restart the PC and delete itself after execution.

Creates the credential for the whole powershell script. Needs to be domain admin.

$user = "Domain\admin" $pass = Get-Content "C:\_scripts\_cred\adaapass.txt" | ConvertTo-SecureString $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user, $pass

Mounts the network drive temporarily for the duration of the script.

New-PSDrive -Name 'X' -PSProvider FileSystem -Root "\\path\c$\DiskImagingPathTests\_scripts" -Credential $cred

Defines the path to the existing list of domain PC's. Finds the txt exlist txt file fromt the mounted drive.

$path = "X:\exlist.txt"

Stores the top number of the list. $listName = Get-Content -Path $path -TotalCount 1

Overwrites the number stored with the lowest marked PC if one exists.

Get-Content $path | ForEach-Object { if($_ -match ' -r'){ $listName = $_ } }

Removes the mark from the number in the variable and the list. Or if it is a new PC it will add a new number to the top of the list.

if($listName -match "(?<content>.*) -r"){ (Get-Content $path) -replace $listName, $listName.split(" ")[0] | Set-Content $path $listName = $matches['content'] } else { $listName = [string] ([int] $listName + 1) $listName + "n" + (Get-Content $path -Raw) | Set-Content $path }`

Cleans whitelines.

(gc $path) | ? {$_.trim() -ne "" } | set-content $path

Unmounts the network drive

Remove-PSDrive -Name 'X'

Formats the name correctly for the domain.

$listName = "Domain" + $listName

Renames the PC and restarts (requires local credentials).

Rename-Computer -NewName $listName -Restart

Am I going about this wrongly? Any advice will be of help. I almost just want a second opinion on the matter. I'm kind of stuck at a wall since I don't have many more things to try.

Rhys
  • 3
  • 3
  • 1
    I'm confused; you ask about joining the domain, but AFAICT your script doesn't even attempt to join the domain, it just renames the machine. Which are you trying to do? Also, at what point does it go wrong? – Harry Johnston Oct 16 '19 at 16:26
  • Sorry if I did not make it clear enough, I did say in there that I was just using a re-naming script to test with. I can use that script on a working machine and it works just fine but it doesn't re-name itself when it first boots with the Answer File. – Rhys Oct 17 '19 at 10:27
  • Change your unattend script to `cmd /c C:\_scripts\4_psbypass.bat > c:\rename.log 2>&1` so you have a log of the output when the script runs. You should then be able to see where it is failing. – Harry Johnston Oct 17 '19 at 18:23
  • I noticed that you mentioned that you can't use `SCCM`, does that include `MDT`? – Elliot Huffman Oct 18 '19 at 00:34
  • @HarryJohnston Thank you, I will start logging the whole process and update. – Rhys Oct 21 '19 at 08:51
  • You may want to use `Add-Computer` in `PowerShell` to domain join your machine or if you are doing it via `CMD`, check out `netdom`. `Rename-Computer` is purely for renaming a computer name, not establishing a trust relationship between a computer and a domain controller. – Elliot Huffman Oct 31 '19 at 00:54

1 Answers1

0

So after tinkering with this for a while, I finally got it. I used Start-Transcript to create log files for the PowerShell, removed the batch files and just launched the PowerShell Scripts straight from the first logon command of my sysprepped image.

The script most likely wasn't even running, but I managed to join it to the domain eventually by using the Rename-Computer command before I used the Add-Computer command. Then I rebooted the machine and this worked!

Thanks for the help guys, I'm fairly new to scripting like this so if theres one thing to learn from me, it's that logging your scripts is essential.

Rhys
  • 3
  • 3