I work in an enterprise environment, where I manage a lab of 75 computers. I use Ghost to image and then I walk the computers afterwards to change the PC names and SIDs.
I am implementing a script to automatically add the computers to the domain but I am new to PowerShell and would really appreciate the help. Here's the script I'm using, 1.ps1:
Param (
[String]$User = $(Throw "MYDOMAINUSERINFO"),
[String]$Domain = "MYDOMAININFO",
[String]$PathToCred = "C:\OMC\AutoPost"
)
#Make sure our path string has a trailing backslash
If ($PathToCred[$PathToCred.Length - 1] -ne "\")
{ $PathToCred += "\"
}
#Now create file string
$File = $PathToCred + "JoinDomain-$User.crd"
#And find out if it's there, if not create it
If (-not (Test-Path $File))
{ (Get-Credential).Password | ConvertFrom-SecureString | Set-Content $File
}
#Load the credential file
$Password = Get-Content $File | ConvertTo-SecureString
$Credential = New-Object System.Management.Automation.PsCredential($User,$Password)
#Add the computer to the domain
Add-Computer -DomainName $Domain -Credential $Credential
I run this script using a batch file that I place in the startup folder.
Powershell.exe -ExecutionPolicy Bypass C:\OMC\AutoPost\1.ps1 -User MYDOMAINUSERINFO -Domain MYDOMAININFO -PathToCred C:\OMC\AutoPost\
Running this script works normally, it creates a credential file, reads the credential file, and joins the domain. Running this script after ghosting and walking does not work, I get the error:
Key not valid for use in specified state.
I think this is because the computer knows that something has changed. I am using the same user account to add to the domain as I built the credentials with initially, so I believe that the computer is rejecting these credentials because the SID has changed.
I read online that I can use [-key Byte[]] to set a standard encryption key, which will allow me to get around this error. I'm too new at PowerShell to know how to use this, can anyone help me out?