I work in an enterprise environment, where I manage a lab of 75 computers. I use Ghost to image and then I walk the computers afterwards to change the PC names and SIDs.
I am implementing a script to automatically add the computers to the domain but I am new to PowerShell and would really appreciate the help. Here's the script I'm using, 1.ps1:
Param (
[String]$User = $(Throw "MYDOMAINUSERINFO"),
[String]$Domain = "MYDOMAININFO",
[String]$PathToCred = "C:\OMC\AutoPost"
)
#Make sure our path string has a trailing backslash
If ($PathToCred[$PathToCred.Length - 1] -ne "\")
{ $PathToCred += "\"
}
#Now create file string
$File = $PathToCred + "JoinDomain-$User.crd"
#And find out if it's there, if not create it
If (-not (Test-Path $File))
{ (Get-Credential).Password | ConvertFrom-SecureString | Set-Content $File
}
#Load the credential file
$Password = Get-Content $File | ConvertTo-SecureString
$Credential = New-Object System.Management.Automation.PsCredential($User,$Password)
#Add the computer to the domain
Add-Computer -DomainName $Domain -Credential $CredentialI run this script using a batch file that I place in the startup folder.
Powershell.exe -ExecutionPolicy Bypass C:\OMC\AutoPost\1.ps1 -User MYDOMAINUSERINFO -Domain MYDOMAININFO -PathToCred C:\OMC\AutoPost\Running this script works normally, it creates a credential file, reads the credential file, and joins the domain. Running this script after ghosting and walking does not work, I get the error:
Key not valid for use in specified state.I think this is because the computer knows that something has changed. I am using the same user account to add to the domain as I built the credentials with initially, so I believe that the computer is rejecting these credentials because the SID has changed.
I read online that I can use [-key Byte[]] to set a standard encryption key, which will allow me to get around this error. I'm too new at PowerShell to know how to use this, can anyone help me out?
Other recent topics
