Any Way to Automate Adding a New Computer to an AD Group?
-
Net localgroup DomainLaptopsWiFi %computername%$ /add /DOMAINLiterally using the word "DOMAIN" is what is needed to get it to connect to the domain controllers, as it shows that it connected to the DC for my domain. However, I am still getting the local group does not exist error.
The request will be processed at a domain controller for domain mydomain.local. System error 1376 has occurred. The specified local group does not exist. -
Using
Add-ADGroupMemberdoesn't work? -
@black3dynamite said in Any Way to Automate Adding a New Computer to an AD Group?:
Using
Add-ADGroupMemberdoesn't work?It does, if I want to manually run it from my workstation. Add-ADGroupmember requires RSAT to be installed on the system running the command.
-
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
net localgroup "DomainLaptopsWiFi" %computername%$ /add /domain -
@black3dynamite said in Any Way to Automate Adding a New Computer to an AD Group?:
net localgroup "DomainLaptopsWiFi" %computername%$ /add /domain
Same error.
-
@wrx7m My apologies, it's the dsmod command for computers against groups.
Just tested this:
I added a new group called "test" in the Employee Computers OU and then ran.
dsmod group "CN=test,OU=employee computers, DC=abc,DC=local" -addmbr "CN=jason-i7,OU=Employee Computers,DC=abc,DC=local" dsmod succeeded:CN=test,OU=employee computers,DC=abc,DC=local -
And this will get you the full CN name:
dsquery computer domainroot -name %computername%returns
"CN=JASON-I7,OU=Employee Computers,DC=abc,DC=local" -
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
And this will get you the full CN name:
dsquery computer domainroot -name %computername%returns
"CN=JASON-I7,OU=Employee Computers,DC=abc,DC=local"Thanks. I will work on stringing these together.
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
-
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
Don't think so. At least these commands work on my workstation and server without RSAT installed.
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
Don't think so. At least these commands work on my workstation and server without RSAT installed.
Hmm. I get unrecognized command or whatever the error is when it doesn't know what it is.
-
This post is deleted! -
@wrx7m said in [Any Way to Automate Adding a New Computer to an AD Group?]
Hmm. I get unrecognized command or whatever the error is when it doesn't know what it is.
Okay. Have you worked on the GPO option yet? Another option is to Create an OU and create a GPO to add computers to a specific group.
Then add a PS command to a startup/logon script to move the computer to a new OU:
Move-ADObject -Identity "CN=wrx7m-PC,OU=Sales,DC=enterprise,DC=com" -TargetPath "CN=Computers,DC=Enterprise,DC=Com -
@JasGot Wouldn't that require me to specify the DN of the computer object every time?
-
Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
You can add new PCs to domain, and change their group membership, you just need to know computer names in advance. -
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot Wouldn't that require me to specify the DN of the computer object every time?
Maybe, can you show an example? Also, if you put the results of the dsquery into an environment variable, it might make it easier. Still need to see what your script needs to look like.
-
You do NOT need RSAT on the end target system to run Powershell scripts on a remote system using PDQ...I used PDQ for years and this is untrue.
However, using Active Directory based commands will require RSAT on whatever has PDQ installed on.You do however need to have the prerequisites enabled for running scripts or commands in general remotely.
Mainly WMI in local client firewalls need opening. -
@kamidon Man I miss PDQ, haven't had the need for it at this place.
But making a tool hasn't been so bad. .
-
@DustinB3403 said in Any Way to Automate Adding a New Computer to an AD Group?:
@kamidon Man I miss PDQ, haven't had the need for it at this place.
But making a tool hasn't been so bad. .
So do I
I'm in a whole different role, a different state and organization now lol. -
@marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:
Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
You can add new PCs to domain, and change their group membership, you just need to know computer names in advance.Which is just a layer on top of Powershell. The Active Directory Powershell module is still required.
