 |
| Image via CrunchBase |
The final join domain script and place computer in proper OU and wrapping it all up.
My final batch script (netdom_join.bat) looks a lot more menacing that it really is but it is actually simple.
TITLE Netdom Join Domain
Color A
::This script adds a computer to the domain and places it in the respective container.
::Computer has a final reboot and is now joined to the domain and production ready.
cd \
cd windows\sysWOW64
::Set variables and paths
Setlocal
Set _DC_paths=DC=GREEN,DC=COM
Set _Domain=green.com
Set _User=bill.bixby
Set _Password=Incred!bleHu1k$
Set _fullnetdom_path=netdom JOIN %computername% /Domain:%_Domain% /userd:%_User% /passwordd:%_Password%
Set _reboot_end=/REBOOT:5
Set _domaincomps=OU=Green Domain Computers
Set _GreenADMIN=OU=GreenAdmin
Set _GreenACOU=OU=GreenAdminComputers
Set _GHOSTCL=OU=GhostClients
Set _GreenAC=/OU:%_GreenACOU%,%_GreenADMIN%,%_DC_paths% %_reboot_end%
Set _USBRES=/OU:"OU=USB Restrict,%_domaincomps%,%_DC_paths%" %_reboot_end%
Set _TESTGHOST=/OU:"OU=Ghost_test,%_domaincomps%,%_DC_paths%" %_reboot_end%
Set _GHOST=/OU:%_GHOSTCL%,%_GreenACOU%,%_GreenADMIN%,%_DC_paths% %_reboot_end%
Set _defaultOU=/OU:"%_domaincomps%,%_DC_paths%" %_reboot_end%
::Find computer names, if string matches, put computer in correct OU. If no match, move to default OU.
echo/%computername%|findstr /B /I /C:"Green" > nul
IF %ERRORLEVEL% EQU 0 goto move_to_defaultOU && exit
echo/%computername%|findstr /B /I /C:"GHOST" > nul
IF %ERRORLEVEL% EQU 0 goto move_to_GHOST && exit
echo/%computername%|findstr /B /I /C:"TEST" > nul
IF %ERRORLEVEL% EQU 0 goto move_to_TESTGHOST && exit
echo/%computername%|findstr /B /I /C:"USB" > nul
IF %ERRORLEVEL% EQU 0 goto move_to_USBRES && exit
echo/%computername%|findstr /B /I /C:"ADMIN" > nul
IF %ERRORLEVEL% EQU 0 goto move_to_GreenAC && exit
::If name does not match any strings, place computer in default container.
echo/%computername%|findstr /V /C:""" > nul
IF %ERRORLEVEL% NEQ 0 goto move_to_defaultOU && exit
::Join domain statements
:move_to_defaultOU
%_fullnetdom_path% %_defaultOU%
:move_to_GHOST
%_fullnetdom_path% %_GHOST%
:move_to_TESTGHOST
%_fullnetdom_path% %_TESTGHOST%
:move_to_USBRES
%_fullnetdom_path% %_USBRES%
:move_to_GreenAC
%_fullnetdom_path% %_GreenAC%
exit
First, almost all the resulting statements are set as some sort of variable. Set(ting) variables here makes for editing the actual statements a heck of a lot easier. This script accomplishes the following:
Sets the domain Organizational Unit (OU) paths, user, password, netdom statement, reboot command, and OU object paths.
Our computer names are pretty standard and as a result, the naming convention can be matched to a certain Active Directory (AD) OU, thus, allowing a computer to be placed in its respective OU once it is joined to the domain.
The echo statement finds the computer’s name from the string then sets it to the defined OU.
Only one file has an account that lists a password which only has join domain capabilities. I have a GPO script that deletes this file, its rename_computer directory and the Sysprep files from both locations to ensure these files would not be used inappropriately or the password become compromised.
Culminating the three series’ steps fully automates my Windows 7 reimaging process by using Symantec Ghost Solutions Suite 2.5, batch scripts, WMIC, a text file, netdom.exe, some registry statements, a properly configured SysPrep and unattend.xml files, and a few cleanup apps.
I hope that these posts can be helpful to anyone who wants to fully automate the imaging of a Windows 7 client but who does not have the luxury of SCCM, ZTI, or using the Ghost console.
A couple of 'gotchas' got me on this script.
Gotcha 1--Clients would not join in the correct container.
Gotcha 1 fix--not really a gotcha but an error on my part. I had the OU paths incorrect. You can get the full OU paths by typing 'netdom query OU'. Test and restest these paths if you use this syntax. Obviously, you can set one variable based on another, but the simpler you keep it, the easier it will be to read and decipher it and, more importantly, less complicated for others to understand.
Gotcha 2--Partly from pseudo-Gotcha 1, I used setlocal enabledelayedexpansion thinking that my parameters were not being parsed to correctly set all the paths. The join statement kept telling me the login account or username was incorrect or the account was locked out. As a result, I started fiddling around with my join domain account (bill.bixby) by doing all kinds of crap in AD ensuring the account was unlocked and had not reached the ten number domain join max.
Gotcha 2 fix--the password contained exclamation (!) characters (changed now) that are used to reference the variables in enabledelayedexpansion. I highly recommend to not use (!) in passwords. Alternatively, using only setlocal
worked without any issues.
That concludes my Windows 7 Re-imaging series! Good luck in your Windows 7 upgrade.
For a recap of the intro and all three steps of this series, click each link:
Preparing My Windows 7 Image Using Symantec GSS
GSS, Batch Scripts and Windows 7 Reimaging Step 1
GSS, Batch Scripts and Windows 7 Reimaging Step 2
GSS, Batch Scripts and Windows 7 Reimaging Step 3
Comments
Post a Comment