Join Domain when account already exists with Powershell

I am using Powershell Script to join our Domain. It works fine except when the computer account already exists. I want to be able to join the domain with the account already existing. We use to do this with .vbs script but I can not find a way to do this with powershell. I work at a college and we re-image our PC's every semester or 2. We never delete the accounts when using .vbs script. We just join the domain on top the existing account.

Here is my Join Domain script. I am using it with an answer file.

$credential = New-Object System.Management.Automation.PsCredential("adminusername", (ConvertTo-SecureString "password" -AsPlainText -Force))
Add-Computer -domainname "ad.hccs.edu" -credential $credential -OUPath "OU=TestJoinDomain,OU=CE-Instructional-Computers,OU=CE-Computers,OU=CE,OU=Colleges,DC=ad,DC=hccs,DC=edu" -passthru;restart-computer;Remove-Item c:\joindomain.ps1

I only want powershell solutions. I know how to do this with .vbs script but I am trying to get away from .vbs script and use only powershell.

Does anyone have a good solution for this?

 

October 21st, 2010 2:09pm

Hi. I belive you must use the -force option at the end of the command.

OHM
www.moe.am

Free Windows Admin Tool Kit Click here and download it now
November 10th, 2010 11:20pm

O.K. I have finally figured this out. If I specify the OU path and the account already exists the PC will not join the domain. If I take out the OU path and the account already exists then the PC joins the domain. So if I want to re-image 20 PC's in the same OU my script should look like this if the accounts aready exist:

$credential = New-Object System.Management.Automation.PsCredential("adminusername", (ConvertTo-SecureString "password" -AsPlainText -Force)) Add-Computer -domainname "ad.hccs.edu" -credential $credential -passthru;restart-computer;Remove-Item c:\joindomain.ps1

I guess powershell searches for an existing account. If it is there the PC will join on top of the existing account. If I specify an OU then the PC joins a workgroup.

 

November 12th, 2010 8:07pm

@whitesnake123

Howdy,

can you point me to the vbs script that can join the domain with an existing account?

Thanks,

Arnold

Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 10:21pm

I have a very similar situation Whitesnake and will try your solution.  If there's no Computer Object, then the computer will join the domain and create the account based on it's IP subnet.  If there is already an account, it will just rejoin the domain and use the existing Computer Object, no matter what OU it's in.  Thanks for the work, I'll give it a shot.

$cred is similar to your u/p part of the script too.  No reason to add it.

$searcher = [adsisearcher][adsi]""
$searcher.filter ="(cn=$ComputerName)"
$searchparm = $searcher.FindOne()
if (!($searchparm)){
$IP = [system.net.dns]::GetHostAddresses($env:computername)|?{$_.IPAddresstostring -like '192.168.*'}
if ($ip -like '192.168.1.*'){add-computer -domain MyDom -Credential $cred -OUPath "OU=HQ,OU=WORKSTATIONS,DC=MyDom,DC=lcl"}
if ($ip -like '192.168.2.*'){add-computer -domain MyDom -Credential $cred -OUPath "OU=Site1,OU=WORKSTATIONS,DC=MyDom,DC=lcl"}
}else{add-computer -domain MyDom -Credential $cred}

February 13th, 2013 5:36am

Cobbled this together without really knowing what I'm doing, from various sources. The main thing is, it seems to work. I can see that there may be superfluous code in there (pass creds twice) but as I said, I don't know what I'm doing :P

$credential = New-Object System.Management.Automation.PsCredential("[DOMAIN\JoinUser]", (ConvertTo-SecureString "[password]" -AsPlainText -Force))
$domaininfo = New-Object DirectoryServices.DirectoryEntry(LDAP://[DOMAIN_CONTROLLER_IP_ADDRESS]/[domain root path e.g. dc=mydomain,dc=local],"[DOMAIN\ReadOnlyUser]","[password]")
$ComputerName = gc env:computername
$searcher = New-Object System.DirectoryServices.DirectorySearcher($domaininfo)
$searcher.filter = "(cn=$ComputerName)"
$searchparm = $searcher.FindOne()
if (!($searchparm))
{
Add-Computer -DomainName "[domain name e.g. mydomain.local]" -Credential $credential -OUPath ("[Distinguished Name of OU e.g. OU=Desktops,OU=Workstations,OU=Site,OU=Company,DC=mydomain,DC=local]")
}
else
{
Add-Computer -DomainName "[domain name]" -Credential $credential
}

Free Windows Admin Tool Kit Click here and download it now
March 31st, 2014 9:39am

very good script.

Please note that FindOne() has been replaced by FindOne starting with .NET 3.5. If you don't delete the parenthesis you will get credential errors on this script.

September 8th, 2015 3:50am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics