Any Way to Automate Adding a New Computer to an AD Group?
-
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
Don't think so. At least these commands work on my workstation and server without RSAT installed.
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
Don't think so. At least these commands work on my workstation and server without RSAT installed.
Hmm. I get unrecognized command or whatever the error is when it doesn't know what it is.
-
This post is deleted! -
@wrx7m said in [Any Way to Automate Adding a New Computer to an AD Group?]
Hmm. I get unrecognized command or whatever the error is when it doesn't know what it is.
Okay. Have you worked on the GPO option yet? Another option is to Create an OU and create a GPO to add computers to a specific group.
Then add a PS command to a startup/logon script to move the computer to a new OU:
Move-ADObject -Identity "CN=wrx7m-PC,OU=Sales,DC=enterprise,DC=com" -TargetPath "CN=Computers,DC=Enterprise,DC=Com -
@JasGot Wouldn't that require me to specify the DN of the computer object every time?
-
Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
You can add new PCs to domain, and change their group membership, you just need to know computer names in advance. -
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot Wouldn't that require me to specify the DN of the computer object every time?
Maybe, can you show an example? Also, if you put the results of the dsquery into an environment variable, it might make it easier. Still need to see what your script needs to look like.
-
You do NOT need RSAT on the end target system to run Powershell scripts on a remote system using PDQ...I used PDQ for years and this is untrue.
However, using Active Directory based commands will require RSAT on whatever has PDQ installed on.You do however need to have the prerequisites enabled for running scripts or commands in general remotely.
Mainly WMI in local client firewalls need opening. -
@kamidon Man I miss PDQ, haven't had the need for it at this place.
But making a tool hasn't been so bad. .
-
@DustinB3403 said in Any Way to Automate Adding a New Computer to an AD Group?:
@kamidon Man I miss PDQ, haven't had the need for it at this place.
But making a tool hasn't been so bad. .
So do I
I'm in a whole different role, a different state and organization now lol. -
@marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:
Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
You can add new PCs to domain, and change their group membership, you just need to know computer names in advance.Which is just a layer on top of Powershell. The Active Directory Powershell module is still required.
-
How is it failing on MDT?
-
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
I want to be able to automatically add new laptops to an AD group that will allow them access to the wifi. I haven't found a way that works.
I tried a PowerShell script in an MDT task sequence during deployment, but couldn't get it to run correctly. I was also going to try to use PowerShell in a PDQ Deploy package, but that requires RSAT to be installed on the target system.
Is there a way to have a GPO add the computer to a group when it is located in a specific OU? Or any other suggestions on how to automate this?
TIASo when you join them to the domain, they should end up in the default computer ou. And you will have a GPO filtered on a computer group you will create.
This command will put the full CN into an environment variable called "FULL-CN"
FOR /F "Tokens=*" %a in ('dsquery computer -name %computername%') DO SET FULL-CN=%aUse double %'s if you use this in a bat file.
Then run this:
dsmod group "CN=test,OU=employee computers, DC=abc,DC=local" -addmbr %FULL-CN%I've tested this in a logon script (using double %'s) and it works. You can use security filtering, WMI filtering or assign scripts by username or computername to run these two command for only the computers you need to.
If I am missing something that makes this not right for you, lets see if we can find and defeat the problem and get it working.
-
@flaxking said in Any Way to Automate Adding a New Computer to an AD Group?:
@marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:
Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
You can add new PCs to domain, and change their group membership, you just need to know computer names in advance.Which is just a layer on top of Powershell. The Active Directory Powershell module is still required.
It's not required, or that module is included already in Windows 10 by default. Because I haven't had to install it on any machine I managed with Ansible.
-
@marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:
@flaxking said in Any Way to Automate Adding a New Computer to an AD Group?:
@marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:
Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
You can add new PCs to domain, and change their group membership, you just need to know computer names in advance.Which is just a layer on top of Powershell. The Active Directory Powershell module is still required.
It's not required, or that module is included already in Windows 10 by default. Because I haven't had to install it on any machine I managed with Ansible.
"win_domain_group_membership requires the ActiveDirectory PS module to be installed"
https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/windows/win_domain_group_membership.ps1They have it in the documentation as well "This must be run on a host that has the ActiveDirectory powershell module installed."
https://docs.ansible.com/ansible/latest/modules/win_domain_group_module.html
