Add a computer to an Active Directory domain with PowerShell
A common task many system administrators do is adding computers to an Active Directory domain. Since Active Directory is embedded in so many organizations, nearly every IT professional is probably familiar with the box below.
Active Directory domain join
This PowerShell snippet above connects remotely to the computer NAMEHERE, attempts to join it to the domain domain.here and then afterward restarts it. No more logging on computers and clicking around. This method not only speeds up joining a domain on a single machine but also can easily extend to multiple devices as well if the computer names are stored somewhere else, like a text file.
|
1
2
|
$computers = Get–Content –Path C:\Computers.txt
Add–Computer –ComputerName $computers –Domain ‘domain.here’ –Restart
|
Using PowerShell is a great start, but chances are you need more flexibility. You may also want to add the computer to a specified organizational unit, ensure that the computer rebooted successfully, and so on.
For some additional actions, the Add-Computer cmdlet provides other parameters. Use help Add-Computer -Detailed to see what it can do. But there are some things that Add-Computer cannot do as well.
For example, I like to verify an organizational unit exists before attempting to add a computer to it. Likewise, I also prefer to get some notification when the computer comes back up after a reboot. Let’s build a tool in PowerShell to give us some additional functionality.
To build this tool, we’ll first create a “wrapper” function around Add-Computer. This wrapper function will allow us to tack on additional behavior.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
function Add–AcmeComputer {
param(
[string]$ComputerName
)
foreach ($computer in $ComputerName) {
if (–not (Test–Connection –ComputerName $computer –Quiet –Count 1)) {
Write–Warning “Could not ping computer [$computer]”
} else {
## Do some more stuff
}
}
}
|
Notice that I’ve created the start of a tool. I’ve given it a name similar to Add-Computer yet customized it to my organization and created a few parameters that resemble parameters on Add-Computer. I also added some additional validation already. I’m first pinging the computer to ensure it’s online before doing anything else. Why even attempt to join the computer to a domain if it’s not even online?
Next, I’ll fill in some code in the else block. Here is where I can add anything I need to do before or after joining the computer to the domain. For kicks, let’s add some functionality to ensure the computer reboots and comes back up after we join it to a domain. To do this, I’ll add a Wait parameter that is not on the Add-Computer command. I’ll then add the code necessary to wait for the computer only if I use the Wait parameter.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
function Add–AcmeComputer {
param(
[string[]]$ComputerName,
[string]$Domain,
[switch]$Wait
)
foreach ($computer in $ComputerName) {
if (–not (Test–Connection –ComputerName $computer –Quiet –Count 1)) {
Write–Warning “Could not ping computer [$computer]”
} else {
Write–Information “[$computer] is being added to domain [$Domain]…”
Add–Computer –ComputerName $computer –Domain $Domain –Restart
if ($Wait.IsPresent) {
## Give it some time to go offline
while (Test–Connection –ComputerName $computer –Quiet –Count 1) {
Start–Sleep –Seconds 2
}
## It’s now offline, wait for it to come back
while (–not (Test–Connection –ComputerName $computer –Quiet –Count 1)) {
Start–Sleep –Seconds 2
Write–Information “[$computer] rebooted and is back!”
}
}
Write–Information “[$computer] was added to domain [$Domain]…”
}
}
}
|
Once you’ve got the function to this point, adding new functionality is a piece of cake. Your situation will most likely be different from mine, and you will have additional requirements. But now, you have the foundation completed to add more of your own validation or pre- and post-domain-joining tasks.