none
JoinDomainOrWorkgroup Error 5 - While trying to Join remote workgroup computer to domain

    Question

  • Hi, I'm trying to write a script that joins remote workgroup computer to the domain. I setup the DCOM and WMI settings to allow remote connection to WMI objects of the Client system. I'm now able to connect to the WMI object of the remote system(Client System), and when I try to use JoinDomainOrWorkgroup function, I get error -> Access Denied. I'm posting the VBScript here

    Dim Name, Password, UserName, AccountOU, FJoinOptions, Computer
    Dim NetworkObj, ComputerObj
    Dim ReturnValue
    Dim objSWbemLocator
    'NETSETUP bit flags that define Join operation
    Const JOIN_DOMAIN = 1
    Const ACCT_CREATE = 2
    Const WIN9X_UPGRADE = 16
    Const DOMAIN_JOIN_IF_JOINED = 32
    Const JOIN_UNSECURE = 64          
    Const MACHINE_PWD_PASSED = 128
    Const DEFER_SPN_SET = 256
    Const JOIN_DC_ACCOUNT = 512
    Const AMBIGUOUS_DC = 4096
    Const NO_NETLOGON_CACHE = 8192
    Const DONT_CONTROL_SERVICES = 16384
    Const SET_MACHINE_NAME = 32768
    Const FORCE_SPN_SET = 65536
    Const NO_ACCT_REUSE = 131072
    Const IGNORE_UNSUPPORTED_FLAGS = 268435456
    Const NETSETUP_ACCT_DELETE = 2
    Const WbemAuthenticationLevelPktPrivacy = 6
    
    Name = inputBox("Enter Domain Name: ", "Domain Name", "LZ.COM")
    Password = inputBox("Enter Password: ", "Password", "Test@123")
    UserName =  inputBox("Enter User Name: ", "User Name", "administrator")
    AccountOU = NULL
    
    ' Create a new Computer Object and Join to domain
    FJoinOptions = JOIN_DOMAIN + ACCT_CREATE
    
    ' Get the NETBIOS Name of the Computer
    ' Set NetworkObj = CreateObject("WScript.Network")
    ' Computer = NetworkObj.ComputerName
    Computer = "Client2"
    
    MsgBox Computer
    
    
    Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
    Set objWMIService = objSWbemLocator.ConnectServer(Computer, _
                                                         "Root\CIMv2", _
                                                         "Client2\admin", _
                                                         "Test@123")
    objWMIService.Security_.authenticationLevel = WbemAuthenticationLevelPktPrivacy
    
    Set colComputers = objWMIService.ExecQuery _
        ("Select * From Win32_ComputerSystem")
    
    For Each objComputer in colComputers
        ReturnValue = objComputer.JoinDomainOrWorkGroup(Name, _
                                                        Password, _
                                                        Name & "\" & UserName, _
                                                        AccountOU, _
                                                        FJoinOptions) 
        MsgBox ReturnValue
        Next

    Any kind of help would be appreciated.

    Thursday, February 15, 2018 7:59 AM

Answers

  • UAC does NOT affect remote connections.

    Do not use VBScript.  Use PowerShell.  It is more reliable in this case.

    You must supply both admin credentials for the remote PC and for the domain.  The domain credentials must have permission to join a computer and on the target OU.


    \_(ツ)_/

    • Marked as answer by BattleCooper Thursday, February 15, 2018 2:24 PM
    Thursday, February 15, 2018 1:51 PM

All replies

  • Error 5 means access is denied.  You don't have permission.

    Use PowerShell.

    help add-computer -online


    \_(ツ)_/

    Thursday, February 15, 2018 8:48 AM
  • I have not done this in VBScript, but I have used this exact command extensively in PowerShell.  

    In my experience, I also saw error 5 thrown for bad credentials, but I have also seen it at times when it was not happy with the target OU.  To prevent errors, I would always provide the OU, even if the domain had a default OU set.  Also, what are you passing for your FJoinOptions? And does the computer object already exist?  


    Gary Steere MVP: Exchange Server Microsoft Certified Master Microsoft Certified Solutions Master http://IThinkThereforeIEHLO.com

    Thursday, February 15, 2018 11:19 AM
  • FJoinOptions = JOIN_DOMAIN + ACCT_CREATE = 3

    No the computer object does not exist in the AD.

    I'm able to connect to the WMI object of the remote workgroup computer, Im able to retrieve information about the Win32_ComputerSystem object too, but when I try to make changes to it(by executing Rename or JoinDomainOrWorkgroup methods), I get access denied. What should I do? I disabled UAC in the remote workgroup computer too.

    Thursday, February 15, 2018 1:37 PM
  • UAC does NOT affect remote connections.

    Do not use VBScript.  Use PowerShell.  It is more reliable in this case.

    You must supply both admin credentials for the remote PC and for the domain.  The domain credentials must have permission to join a computer and on the target OU.


    \_(ツ)_/

    • Marked as answer by BattleCooper Thursday, February 15, 2018 2:24 PM
    Thursday, February 15, 2018 1:51 PM
  • Thanks @jrv and @GS_MCM

    -ComputerName parameter is available only from Powershell v3.0, is there any alternatives to it in PowerShell v2.0?

    I tried Get-Help Add-Computer -full in Powershell 2.0

    The examples there are applicable to local computers only, can we add remote computers with this command(Add-Computer Powershell 2.0)? 

    Thanks

    Thursday, February 15, 2018 2:11 PM
  • You should no longer be using PS2.  It is out-of-support and considered a security risk.  Upgrade to the latest version of WMF 5.1.


    \_(ツ)_/

    Thursday, February 15, 2018 2:16 PM
  • Thanks @jrv!
    Thursday, February 15, 2018 2:24 PM