Join a computer to a domain’s OU

A computer is placed in a default OU when joining the domain. You should move it to the correct OU to apply the necessary group policies. No big deal except when you just implemented a VDI environment where a desktop is destroyed when the user logs out and a new one is created.

A VMware Guest Customization Specification is applied to a virtual machine template which allows the automation of the following Windows tasks:

  • Configure the Windows Registration Information
  • Configure the unique Windows Computer Name
  • Configure the Administrator password
  • Configure the IP, DNS, WINS and other network configuration settings
  • Join a newly created virtual machine to the Windows Domain of choice
  • Configure the Windows virtual machine to obtain a new unique Windows Security Identifier (SID)
  • Configure the Windows Product Key
  • Configure the desired Time Zone
  • Configure any custom scripts to be run upon first time login

You can join the virtual machine to a Windows Domain, but you cannot specify the Organizational Units. Luckily you have the option to run a custom script (or command) upon first login. In XP you can use NETDOM to join the domain, Windows 7 instead provides the PowerShell cmdlet Add-Computer.

Another option is to use WMIC.EXE, which is included with Windows XP and above.

I spent days trying to figure out how to use wmic.exe to join the domain. The biggest key was figuring out the syntax as there are a couple of different ways to do it. Importantly, if you specify the AccountOU, you must use the DN as mentioned above. What it fails to mention is that WMIC uses commas (,) to separate paramaters and will cause WMIC to fail. You must use semicolons (;) in your DN instead.

Example: “OU=testOU; DC=domain; DC=Domain; DC=com”

Command Line examples

1. wmic.exe /interactive:off ComputerSystem Where “name = ‘%computername%’” call JoinDomainOrWorkgroup AccountOU=”OU=XP Workstations;DC=my;DC=domain;DC=com” FJoinOptions=1 Name=”my.domain.com” Password=”xyz” UserName=”admin@my.domain.com”

2. wmic.exe /interactive:off ComputerSystem Where “name = ‘%computername%’” call JoinDomainOrWorkgroup “OU=XP Workstations;DC=my;DC=domain;DC=com”, 1, “my.domain.com”, “xyz”, “admin@my.domain.com”

Both work, but the first one is easier to edit and the parameters can be in a different order.

About these ads

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: