In this Tutorial we are going to optimize a simple task that in larger environments may take some time from the service desk/operations team which is the process to join a server/workstation to a domain.
The first step is to create a scenario where such script can be helpful, let’s imagine a domain that has several regions and each one has their own Group Policies, Scripts and etc.
By default, when we use the regular tasks to add a server/workstation to the domain (right-click on the Computer, system properties, click change, then type in the domain, type in the credentials, wait for the welcome dialog box, click okay and then restart the computer), and if you do that the computer account will show up in the Computers container, and in environments that we have GPOs being applied differently on regions that may be an issue since the first logon of the new server/workstation will not get the region’s GPOs. So long story short, you spent at least 10 clicks besides of the manual task to move the server/workstation the right OU afterwards.
In order to address this issue, we will use the same scenario as we can see on the figure below where we have two regions (Brazil and Canada), and on each one we have an OU for Servers and on those each location have their own GPOs to manage their servers, and a team is delegated to manage each region.
Automating the process with a simple Script…
We are going to see the script in action first, and then we go over the details. The service desk/operator has to connect in a mapped drive letter and run our script (we named it as Join-Domain.ps1) and the script accepts a single parameter which is the country code for the site, in the example below we are saying that we want to add this server in the Canada by specifying CA.
The script will inform the service desk/operator that the local server (in this Tutorial the server is torsrv01) and the OU (Organization Unit) that the server will be placed. The script will also ask for confirmation, as soon as the end-user types Y and hit <enter> a credential pop-up will come up with the domain portion already filled out. Then, the end-user just need to type in its username and password and hit OK.
The script will add the computer to the domain and inform that a restart is required (we can add the restart process in the script afterwards).
The results of the script can be seen in the Active Directory Users and Computers where the server was placed in the proper OU and in its very first login it will be getting the right information and there was no additional steps for the service desk/operations team.
How it works…
The first step to get this script working is to create a baseline file with all locations (Sites) and the OU path for the Servers and Clients (thinking ahead here), and for any process to work properly we need consistency, so make sure that your environment has all regions and locations properly defined.
The file below will be read when we run the script and the file is defined in the variable $yLocation in the first lines of the script.
The script itself is pretty simple and self-explanatory, it will check to see if the site entered by the user exist on the baseline file, and if that exist then the OU specified will be used. If the location cannot be found, then the default location will be used which is Computers container.
In order to save some time we provide some information to the principal cmdlet which is the Add-Computer such as NetBIOS and OU (when we find one) for the new computer account.
In this Tutorial we went over a simple script to automate the task to join a computer in the domain using PowerShell.