none
problem with powershell add-computer to specific OU

    Question

  • Hi, please help me with this.

    The script is :

    $username = "domain\Admin"
    $password = ConvertTo-SecureString "password" -AsPlainText -Force
    $myCred = New-Object System.Management.Automation.PSCredential $username, $password

    Add-Computer -DomainName domain.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=domain,DC=com”

    Output 2 (intentionally made a computer account in AD to check FQDN) skip to Output 1 below:

    PS C:\Windows\system32> C:\addcomputer.ps1
    Add-Computer : This command cannot be executed on target computer('PC-TEMP2') due to following error: The account already exists.
    At C:\addcomputer.ps1:5 char:13
    + Add-Computer <<<<  -DomainName domain.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=domain,DC=com”
        + CategoryInfo          : InvalidOperation: (PC-TEMP2:String) [Add-Computer], InvalidOperationException
        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.AddComputerCommand

    Output 1 (actual problem) with error : The system cannot find the file specified. what does this mean? note that I changed the PC name, replication is a Bi*** here!

    PS C:\Windows\system32> C:\addcomputer.ps1
    Add-Computer : This command cannot be executed on target computer('PC-TEMP3') due to following error: The system cannot find the file specified.
    At C:\addcomputer.ps1:5 char:13
    + Add-Computer <<<<  -DomainName domain.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=domain,DC=com”
        + CategoryInfo          : InvalidOperation: (PC-TEMP3:String) [Add-Computer], InvalidOperationException
        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.AddComputerCommand

    any thoughts?



    • Edited by eisenactual Monday, February 20, 2012 6:24 PM spell
    Monday, February 20, 2012 3:37 PM

Answers

  • got error :P so I did DSquery to confirm the DN path and turns out I was missing an OU name in the OUpath string Oops!

    It works like a charm :)  thanks for all the help and being patience jrv.

    • Marked as answer by eisenactual Tuesday, February 21, 2012 6:43 PM
    Tuesday, February 21, 2012 6:43 PM

All replies

  • Hi, please help me with this.

    The script is :

    $username = "domain\Admin"
    $password = ConvertTo-SecureString "password" -AsPlainText -Force
    $myCred = New-Object System.Management.Automation.PSCredential $username, $password

    Add-Computer -DomainName domain.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=domain,DC=com”

    Output 2 (intentionally made a computer account in AD to check FQDN) skip to Output 1 below:

    PS C:\Windows\system32> C:\addcomputer.ps1
    Add-Computer : This command cannot be executed on target computer('PC-TEMP2') due to following error: The account already exists.
    At C:\addcomputer.ps1:5 char:13
    + Add-Computer <<<<  -DomainName domain.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=domain,DC=com”
        + CategoryInfo          : InvalidOperation: (PC-TEMP2:String) [Add-Computer], InvalidOperationException
        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.AddComputerCommand

    Output 1 (actual problem) with error : The system cannot find the file specified. what does this mean? note that I changed the PC name, replication is a Bi*** here!

    PS C:\Windows\system32> C:\addcomputer.ps1
    Add-Computer : This command cannot be executed on target computer('PC-TEMP3') due to following error: The system cannot find the file specified.
    At C:\addcomputer.ps1:5 char:13
    + Add-Computer <<<<  -DomainName domain.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=domain,DC=com”
        + CategoryInfo          : InvalidOperation: (PC-TEMP3:String) [Add-Computer], InvalidOperationException
        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.AddComputerCommand

    any thoughts?

     

    You are getting errors.  What is it you are trying to do.  It appears that you are try9ing to add teh current computer to the domain.  Is your firewall set up correctly and are you runing PowerSHell as an elevated administrator. Joining a domain requires both of these things.  Creating an object in AD only requires Domain Admin credentials.


    ¯\_(ツ)_/¯

    Monday, February 20, 2012 7:07 PM
  • Yes adding current computer name to domain, running powershell as a administrator, with unrestricted ExecutionPolicy. The Output 2 would suggest that there is no firewall issue here because it can see the existing account.

    Background:

    This is for Win7 deployment and the script runs at first logon in specialise pass in unattennd.xml after sysprep (only computer name is requested during sysprep).

    Without the -oupath syntax it will add the machine to domain to an existing computer account but I do not want to pre-create accounts in AD. Testing the addcomputer.ps1 manually with the -OUpath syntax and I get The system cannot find the file specified.






    • Edited by eisenactual Monday, February 20, 2012 7:45 PM added firewall line
    Monday, February 20, 2012 7:27 PM
  • Yes adding current computer name to domain, running powershell as a administrator, with unrestricted ExecutionPolicy. The Output 2 would suggest that there is no firewall issue here because it can see the existing account.

    Background:

    This is for Win7 deployment and the script runs at first logon in specialise pass in unattennd.xml after sysprep (only computer name is requested during sysprep).

    Without the -oupath syntax it will add the machine to domain to an existing computer account but I do not want to pre-create accounts in AD. Testing the addcomputer.ps1 manually with the -OUpath syntax and I get The system cannot find the file specified.






    You must run from an elevated prompt. The firewall on teh WIn7 machine must be altered to allow management ports to be open.

    To test this temporarily disable the Win 7 firewall.

    Be sure to start powershell from an elevated prompt.

    Also place you script in a folder not at the root of the C drive.

    The Output2 only proves that you can create a computer account on the DC.  It soes not tell you if you can alster the local computer.  Joining a domain alters the local computer.  The default firewall is noramlly closed to many remote requests until you have joined a domian.

    Start by running from an elevated prompt. If you have not played with teh installation settings or network or firewall then Add-COMputer should open the firewall ports.  ALl of this will fell if you are not running as an elevated user.


    ¯\_(ツ)_/¯

    Monday, February 20, 2012 7:52 PM
  • Oh! not tried that, will give these suggestions a go at work tomorrow morning and will let you kow how it goes, jrv please subscribe/alert to this thread. And here I thought there was no hope and the -OUpath syntax was broken :P you did  read the part where I said

    Without the -oupath syntax it will add the machine to domain to an existing computer account but I do not want to pre-create accounts in AD. Testing the addcomputer.ps1 manually with the -OUpath syntax and I get The system cannot find the file specified.

    ??
    • Edited by eisenactual Monday, February 20, 2012 8:10 PM
    Monday, February 20, 2012 8:06 PM
  • You must run from an elevated prompt. The firewall on teh WIn7 machine must be altered to allow management ports to be open.

    To test this temporarily disable the Win 7 firewall.

    Be sure to start powershell from an elevated prompt.

    Also place you script in a folder not at the root of the C drive.

    The Output2 only proves that you can create a computer account on the DC.  It soes not tell you if you can alster the local computer.  Joining a domain alters the local computer.  The default firewall is noramlly closed to many remote requests until you have joined a domian.

    Start by running from an elevated prompt. If you have not played with teh installation settings or network or firewall then Add-COMputer should open the firewall ports.  ALl of this will fell if you are not running as an elevated user.


    ¯\_(ツ)_/¯

    1. Started with clean Win7 install:
    2. Turned off Firewall and UAC
    3. Placed script in subfolder
    4. Powershell, Run as administrator.
    5. Still get Output 1 :(

    Why is the -OUpath string not working, if I dont use -OUpath string the computer does join the Domain, but the computer account has to be pre-created in AD. Surely this string has worked for someone out there? This is supposed to create the computer account in AD if there is not one in there!

    The domain server is 2003R2 SP2 and the client is Win7SP1 if that helps?
    • Edited by eisenactual Tuesday, February 21, 2012 2:05 PM step 5
    Tuesday, February 21, 2012 12:49 PM
  • Can you just post the exact script and the exact error without any refernce to output1, output2 etc.

    Either we are mising something in your script or you do not have permissions on the target OU.

    Also - can you move a computer or any other object into the target OU using ADUC from the sam account you are using to join the domain.


    ¯\_(ツ)_/¯

    Tuesday, February 21, 2012 1:19 PM
  • Can you just post the exact script and the exact error without any refernce to output1, output2 etc.

    Either we are mising something in your script or you do not have permissions on the target OU.

    Also - can you move a computer or any other object into the target OU using ADUC from the sam account you are using to join the domain.


    ¯\_(ツ)_/¯

    (last post edited, correction) Yes, can move etc... I created the target OU with the same account 'domainAdmin' posted script below, what I dont get is what field can it not find that is specified at line 5 chr 13 which is -Domain, if thats what it means at all?

    $username = "uk\domainAdmin"
    $password = ConvertTo-SecureString "fakepassword" -AsPlainText -Force
    $myCred = New-Object System.Management.Automation.PSCredential $username, $password

    Add-Computer -DomainName uk.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=uk,DC=com”

    PS C:\Windows\system32> C:\addcomputer.ps1
    Add-Computer : This command cannot be executed on target computer('PC-TEMP3') due to following error: The system cannot find the file specified.
    At C:\addcomputer.ps1:5 char:13
    + Add-Computer <<<<  -DomainName uk.com -Credential $mycred -OUPath “OU=OUtest-VMs,OU=OUComputers,DC=uk,DC=com”
        + CategoryInfo          : InvalidOperation: (PC-TEMP3:String) [Add-Computer], InvalidOperationException
        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.AddComputerCommand

    Tuesday, February 21, 2012 2:14 PM
  • I am going to say this again.  Yur local firewall is blocking you because you are not running PowerShell a an elevated user.

    Start powershell by right clicking on the powershell icon and select 'Run As Administrator' then just type in teh following command.

    Add-Computer -DomainName uk.com -Credential domain/adminaccount

    Supply the password when prompted.

    Does this work?  If not what is the exact error message.

    DO not use a script just type in teh command to prove that yu can actually join the computer to the network.  If this won't work it will tell you wht in a more usable way.


    ¯\_(ツ)_/¯

    Tuesday, February 21, 2012 2:21 PM
  • I am going to say this again.  Yur local firewall is blocking you because you are not running PowerShell a an elevated user.

    Start powershell by right clicking on the powershell icon and select 'Run As Administrator' then just type in teh following command.

    Add-Computer -DomainName uk.com -Credential domain/adminaccount

    Supply the password when prompted.

    Does this work?  If not what is the exact error message.

    DO not use a script just type in teh command to prove that yu can actually join the computer to the network.  If this won't work it will tell you wht in a more usable way.


    ¯\_(ツ)_/¯

     Ok I got prompted for password and computer needs to be restarted for changes to take effect, No errors and I can see the computer has joined the domain.

    What about -OUpath?

    Tuesday, February 21, 2012 2:31 PM
  • Now do exactly trhe same thing but do this first before you unjoin the computer.

    $oupath='OU=OUtest-VMs,OU=OUComputers,DC=uk,DC=com'
    [adsi]"LDAP://$oupath"

    Execute those two lines.  Yu cannot get an error or there is somethingwrong with you ou path string..

    If that works then run this command after you unfoing and restart teh computer.  Be sure the ou string is correct:

    $oupath='OU=OUtest-VMs,OU=OUComputers,DC=uk,DC=com'
    Add-Computer -DomainName uk.com -Credential domain/adminaccount  -oupath $oupath


    ¯\_(ツ)_/¯

    Tuesday, February 21, 2012 2:58 PM
  • got error :P so I did DSquery to confirm the DN path and turns out I was missing an OU name in the OUpath string Oops!

    It works like a charm :)  thanks for all the help and being patience jrv.

    • Marked as answer by eisenactual Tuesday, February 21, 2012 6:43 PM
    Tuesday, February 21, 2012 6:43 PM
  • got error :P so I did DSquery to confirm the DN path and turns out I was missing an OU name in the OUpath string Oops!

    It works like a charm :)  thanks for all the help and being patience jrv.

    I was pretty certian that it was the OU but wanted to show you how to debug these kinds of errors.  Test each component at its simpleset level.


    ¯\_(ツ)_/¯

    Tuesday, February 21, 2012 8:52 PM
  • got error :P so I did DSquery to confirm the DN path and turns out I was missing an OU name in the OUpath string Oops!

    It works like a charm :)  thanks for all the help and being patience jrv.

    I was pretty certian that it was the OU but wanted to show you how to debug these kinds of errors.  Test each component at its simpleset level.


    ¯\_(ツ)_/¯

    I love it when things work! I can see how you walked me through troubleshooting and narrowing down the cause :)
    Tuesday, February 21, 2012 11:38 PM