VMware Cloud Community
MikeErter
Enthusiast
Enthusiast

Invoke-VMScript to join Windows guest to domain?

Hi PowerCLI experts,

Has anyone had success running add-computer within a Window guest via Invoke-VMScript to join it to the domain? 

I played with this for an hour and a half last night without success. 

If someone has made this work, I'd love to know what you did...

Thanks! Smiley Happy

9 Replies
jpsider
Expert
Expert

Can you post what you were working on so we can build from that or point you in the right direction?

Reply
0 Kudos
MikeErter
Enthusiast
Enthusiast

Hi jpsider‌,‌ well, I tried several things, but the thing I still have open in my PowerShell ISE window is this, (which never returned):

$myscript = @"

  

$cred = New-Object System.Management.Automation.PsCredential("domain\user", (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force))

Add-Computer -DomainName "mydomain" -Credential $cred -ComputerName mywindowsserver

Restart-Computer

"@

Invoke-VMScript -ScriptText $myscript -vm mywindowsserver -GuestUser administrator -GuestPassword 'P@ssw0rd' -ScriptType Powershell

Thanks,

Mike

Reply
0 Kudos
jpsider
Expert
Expert

how about something like this

$vmLocalUser = "$VMName\ LOCAL USER NAME HERE"

$vmLocalPWord = ConvertTo-SecureString -String "LOCAL PASSWORD HERE" -AsPlainText -Force

$vmLocalCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $vmLocalUser, $vmLocalPWord

# This Scriptblock is used to add new VMs to the newly created domain by first defining the domain creds on the machine and then using Add-Computer

$JoinNewDomain = '$DomainUser = "TESTDOMAIN\Administrator";

                  $DomainPWord = ConvertTo-SecureString -String "Password01" -AsPlainText -Force;

                  $DomainCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DomainUser, $DomainPWord;

                  Add-Computer -DomainName TestDomain.lcl -Credential $DomainCredential;

                  Start-Sleep -Seconds 20;

                  Shutdown /r /t 0'

  

Invoke-VMScript -ScriptText $JoinNewDomain -VM $VMName -GuestCredential $vmLocalCredential

ScottDriver42
Enthusiast
Enthusiast

I've been using the below snippets in my scripts pretty successfully for some time.

Hope this helps!

The variable $machine is set to the machine name

### get Domain Admin credentials and validate them before moving on

$i=0

do {

    do {

        $cred=$host.ui.PromptForCredential("Enter Domain Admin credentials", "Please enter your Domain Admin user (domainname\username) and password for domain: '$domain'", "", "")

    }until ($cred.username.contains("\"))

    add-Type -AssemblyName System.DirectoryServices.AccountManagement

     $ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain

     $pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ct,$Domain

     $i+=1

     if ($i -eq 3){

         write-host "You've entered your credentials incorrectly three times. This script will now exit to prevent you from locking your account out."

         exit

     }

     #$i

} until ($pc.ValidateCredentials($(if($cred.UserName.Contains("\")) {@($cred.username.Split("\"))[1]}else{$cred.UserName}),$($cred.GetNetworkCredential().password)))

### get local admin credentials

$localcreds=$host.ui.PromptForCredential("Need credentials", "Please enter the local administrator username and password for '$DC'", "$machine\administrator", "")

###add to domain

write-host "Joining to the domain and moving to correct OU" -BackgroundColor Green -ForegroundColor Black

Connect-QADService $domain -Credential $cred

sleep 10

if ((Get-qadcomputer $machine) -eq $null) {

    $ad="netdom join /d:$domain $machine /ud:$($cred.UserName) /pd:$($cred.GetNetworkCredential().password)"

    sleep 20

    invoke-vmscript -vm $machine -scripttext $ad -scripttype bat -guestcredential $localcreds

    sleep 20

    invoke-vmscript -vm $machine -scripttext "restart-computer -force" -scripttype powershell -guestcredential $localcreds -ea SilentlyContinue

    write-host "Note, the 'restart-computer' script often fails. This is actually ok as it means the VM joined the dmain and is already rebooting."

}

I am newly active to this community, so if you've found this to be helpful I'd appreciate you clicking the like button.

Cheers!

Blog: https://virtualvt.wordpress.com/ | Twitter: VTsnowboarder42
MikeErter
Enthusiast
Enthusiast

Thanks, I'll try it out in my environment :smileycool:

Reply
0 Kudos
MikeErter
Enthusiast
Enthusiast

Thanks ScottDriver42‌, I'll try it out Smiley Happy

faf1967
Contributor
Contributor

So for my dumb question, I'm new to this. Where do I point it to the VM I am trying to join the domain?

Reply
0 Kudos
faf1967
Contributor
Contributor

I put ScottDriver42 script  in a Join_Domain.ps1 file and ran  Join_Domain.ps1 VM1

I enter my domain and local credentials and I received the error below. Any suggestions would be greatly appreciated.

PS C:\!Powershell> .\Join_Domain.ps1 VM1

Joining to the domain and moving to correct OU

Connect-QADService : The term 'Connect-QADService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the

path is correct and try again.

At C:\!Powershell\Join_Domain.ps1:53 char:1

+ Connect-QADService $domain -Credential $cred

+ ~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : ObjectNotFound: (Connect-QADService:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

Get-qadcomputer : The term 'Get-qadcomputer' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path

is correct and try again.

At C:\!Powershell\Join_Domain.ps1:59 char:6

+ if ((Get-qadcomputer $machine) -eq $null) {

+      ~~~~~~~~~~~~~~~

    + CategoryInfo          : ObjectNotFound: (Get-qadcomputer:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

Reply
0 Kudos
ScottDriver42
Enthusiast
Enthusiast

Sorry, the qad cmdlets are from quest which was bought by dell. I’m not sure if they are stil available or not, but I’ve always found them to be more user friendly than built in ad Cmdlets.

If you can’t find them, DM me and I’ll send you a copy.

Sorry for the difficulties.

Blog: https://virtualvt.wordpress.com/ | Twitter: VTsnowboarder42
Reply
0 Kudos