Any Way to Automate Adding a New Computer to an AD Group?
-
@JasGot said in Any Way to Automate Adding a Computer to an AD Group?:
Net localgroup <group> <domain name><computer name>$ /ADD
Localgroup does not imply the local group on the workstation, that is determined by whether you have a domain name\ in front of the computer name
Thanks. I will try that out.
-
@wrx7m We use Net and NetDom to automate most tasks like this.
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
@wrx7m We use Net and NetDom to automate most tasks like this.
Any idea on how to get it to query the system for the hostname and use it? Otherwise, it looks like I would have to run this manually.
-
@wrx7m %computername%
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
@wrx7m %computername%
lol - Don't know why I didn't think of that. Over-complicating it, I guess. Thanks
-
I get "The specified local group does not exist." when I try to run
Net localgroup DomainLaptopsWiFi domain.local %computername%$ /ADD
or
Net localgroup DomainLaptopsWiFi domain.local\%computername%$ /ADD
-
Net localgroup DomainLaptopsWiFi %computername%$ /add /DOMAIN
Literally using the word "DOMAIN" is what is needed to get it to connect to the domain controllers, as it shows that it connected to the DC for my domain. However, I am still getting the local group does not exist error.
The request will be processed at a domain controller for domain mydomain.local. System error 1376 has occurred. The specified local group does not exist.
-
Using
Add-ADGroupMember
doesn't work? -
@black3dynamite said in Any Way to Automate Adding a New Computer to an AD Group?:
Using
Add-ADGroupMember
doesn't work?It does, if I want to manually run it from my workstation. Add-ADGroupmember requires RSAT to be installed on the system running the command.
-
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
net localgroup "DomainLaptopsWiFi" %computername%$ /add /domain
-
@black3dynamite said in Any Way to Automate Adding a New Computer to an AD Group?:
net localgroup "DomainLaptopsWiFi" %computername%$ /add /domain
Same error.
-
@wrx7m My apologies, it's the dsmod command for computers against groups.
Just tested this:
I added a new group called "test" in the Employee Computers OU and then ran.
dsmod group "CN=test,OU=employee computers, DC=abc,DC=local" -addmbr "CN=jason-i7,OU=Employee Computers,DC=abc,DC=local" dsmod succeeded:CN=test,OU=employee computers,DC=abc,DC=local
-
And this will get you the full CN name:
dsquery computer domainroot -name %computername%
returns
"CN=JASON-I7,OU=Employee Computers,DC=abc,DC=local"
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
And this will get you the full CN name:
dsquery computer domainroot -name %computername%
returns
"CN=JASON-I7,OU=Employee Computers,DC=abc,DC=local"
Thanks. I will work on stringing these together.
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
-
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
Don't think so. At least these commands work on my workstation and server without RSAT installed.
-
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
@wrx7m said in Any Way to Automate Adding a New Computer to an AD Group?:
@JasGot said in Any Way to Automate Adding a New Computer to an AD Group?:
dsmod group
Looks like this requires RSAT too.
Don't think so. At least these commands work on my workstation and server without RSAT installed.
Hmm. I get unrecognized command or whatever the error is when it doesn't know what it is.
-
This post is deleted! -
@wrx7m said in [Any Way to Automate Adding a New Computer to an AD Group?]
Hmm. I get unrecognized command or whatever the error is when it doesn't know what it is.
Okay. Have you worked on the GPO option yet? Another option is to Create an OU and create a GPO to add computers to a specific group.
Then add a PS command to a startup/logon script to move the computer to a new OU:
Move-ADObject -Identity "CN=wrx7m-PC,OU=Sales,DC=enterprise,DC=com" -TargetPath "CN=Computers,DC=Enterprise,DC=Com
-
@JasGot Wouldn't that require me to specify the DN of the computer object every time?