none
Rename computer and join to domain in one step with PowerShell

Answers

  • I'm pretty sure this isn't a limitation within PowerShell so much as it's a requirement for Windows to reassociate internal aspects of itself to accept the new name after a reboot.  AFAIK -- you CANNOT accomplish joining a renamed computer to the domain without a reboot, just as the computer isn't really "on the domain" until after the reboot. 

    renaming a computer = 1 reboot
    joining to the domain = 1 reboot

    total of 2 required reboots

    • Marked as answer by Brett Rogers Thursday, June 02, 2011 7:32 PM
    Thursday, June 02, 2011 6:37 PM

All replies

  • I'm pretty sure this isn't a limitation within PowerShell so much as it's a requirement for Windows to reassociate internal aspects of itself to accept the new name after a reboot.  AFAIK -- you CANNOT accomplish joining a renamed computer to the domain without a reboot, just as the computer isn't really "on the domain" until after the reboot. 

    renaming a computer = 1 reboot
    joining to the domain = 1 reboot

    total of 2 required reboots

    • Marked as answer by Brett Rogers Thursday, June 02, 2011 7:32 PM
    Thursday, June 02, 2011 6:37 PM
  • I tend to agree with you. When I posted this, I thought that you could accomplish this via the GUI, but after I just tested it, I found that it's not the case.

    If you do the following with the GUI:

    1. Open System Properties
    2. Go to Computer Name tab
    3. Click Change button
    4. Enter new value for Computer name
    5. Click Domain radio button and enter domain value
    6. Enter domain credentials
    7. Click OK
    8. Click Close (triggers restart)

    Then it appears to work just fine, i.e., it doesn't warn you about anything. This is what I had done before and believed that both changes had stuck. But after the reboot I found that the result was the same as my script - domain joined, computer name not changed. When I tried this previously, I didn't notice that the name didn't change.

    If you do the GUI steps above in 2 steps, i.e., change computer name, close System Properties dialog (without rebooting), then go back into System Properties and try to change the domain, the domain/workgroup area is disabled/greyed out. 
    Thursday, June 02, 2011 7:03 PM
  • yeah i can't find any technet articles covering the topic but i know that this question has come up about every 2 years in my IT career -- I run into someone who claims you can rename a computer and join it to the domain all in the same reboot.  i tell them to prove it to me and one of two things happens:

    1) the computer reboots and is not renamed but joined to the domain with the old name
    2) the computer is on the domain but reports back that there is trust problem between the domain and computer account

    in both cases, they have to go back and delete the added computer object (if it wasn't prestaged) and do the two reboot method anyways.

    if anyone has the actual technical definition as to what parts require the reboot, i'd love to add them to my library.

    Thursday, June 02, 2011 7:23 PM
  • Gave you credit for the answer here and will do the same on StackOverflow if you have an account there and care to post an answer there as well. If not, I'll answer my own question there and credit you as best I can. 
    Thursday, June 02, 2011 7:40 PM
  • thanx for the offer -- I do have an SO account but i'm not fussed about it as I didn't really give a cited answer.  i'd still love to see an official (hopefully technet) article describing what technical reason exists to require a reboot between the two if anyone knows or has the time.
    Thursday, June 02, 2011 8:23 PM
  • Brett, I can confirm that it does not work in Windows 2008 R2 and Windows 7.
    Did not test Vista/Server 2008.
    But I have used this method over years with Windows XP and still use it successfully.
    And that even with one more step in the process (all with 1 reboot only).
    To be more precise, the rough steps are:
    1. Unjoin Computer from domain "A" via WMI (WIN32_ComputerSystem => method "UnjoinDomainOrWorkgroup")
    2. Rename Computer via WMI (WIN32_ComputerSystem => method "Rename")
    3. Join Computer to domain "B" via WMI (WIN32_ComputerSystem => method "JoinDomainOrWorkgroup")
    4. Reboot

    I know this does not help with you issue, but the fact that this has been working in earlier OS might be useful,
    e.g. in discussions with MS.
    I will post any update if I find a solution or a workaround which we really need for a toolset that has to be adapted to WIN 7.


    Patrick
    Wednesday, June 15, 2011 8:41 AM
  • consolidating 3 reboots into one?  i'd be interested to see what the SID looks like throughout this entire process.  and if your description is accurate, it's not just the OS version that doesn't apply.  in the majority of the cases i've run into the scenario you proposed is different as well.  It should be, disjoin A, rename, rejoin A.  But in yours, you have disjoin A, rename, join B.  I don't know if this is a typo or just an example of what you've done in the past. 
    Wednesday, June 15, 2011 11:10 AM
  • no typo, a real life scenario for migrating machines from one domain into another while adapting machine names to
    follow naming conventions of each domain.
    For only a rename within the same domain there is no need to disjoin before the rename and to join after the rename.
    The simple rename via WMI will just be sufficient here (both, XP and WIN 7).

    But the common denominator of your originally described scenario and mine is the "rename + domain join" operation.
    Which definately works in XP in one 1 step with 1 final reboot.
    WIN 7 instead will ignore the rename. It only works with a reboot between rename and domainjoin, just as you described too.

    Unfortunately the XP behavior this is rather an undocumented feature, nowhere officially described. Therefore I don't see great chances to have this reworked in WIN 7...

    Concerning your SID question:
    SID as well as objectGUID will be a new one after the domain migration.
    In between these steps, there is no domain object (because of the "unjoin" first ) and therefore no SID.


    Patrick
    Wednesday, June 15, 2011 1:52 PM
  • I was able to accomplish both tasks with one reboot using the following method and it worked with the following JoinDomainOrWorkGroup flags. This was a new build and using Windows 2008 R2 Enterprise. I verified that it does create the computer account as well in AD with the new name.

    1 (0x1) Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup

    32 (0x20) Allows a join to a new domain, even if the computer is already joined to a domain

    =========================

    $comp=gwmi win32_computersystem

    $cred=get-credential

    $newname="newcomputername"

    $domain="domainname"

    $OU="OU=Servers, DC=domain, DC=Domain, DC=com"

    $comp.JoinDomainOrWorkGroup($domain ,($cred.getnetworkcredential()).password, $cred.username, $OU, 33)

    $comp.rename($newname,$cred.getnetworkcredential()).password,$cred.username)

    Monday, February 27, 2012 9:16 PM