locked
Access Denied when adding computer to domain through powershell RRS feed

  • Question

  • Hello,

    I am trying to add a computer to our domain using powershell.  With the script below:

    $DomName = "domain.local"
    $strAdmin = read-host "Authorized user for this operation"
    $NewCompName = Read-Host -Prompt "Enter the New Computer Name"

    Add-Computer -DomainName domain.local -ComputerName $env:computername -newname $NewCompName -oupath "OU=Computers,OU=Corporate,DC=DOMAIN,DC=LOCAL" -DomainCredential $strAdmin

    However, when I run this script I am getting the following error:

    Add-Computer : Computer 'COMPUTERNAME' failed to join domain 'domain.local' from its current workgroup 'WORKGROUP' with following error message:  Access is denied

    I'm not sure what I am missing.  I have tried single quotes, double quotes, various version of the domain\username combo, even typed them in differently when I added them.

    Thanks for the help!

    Thursday, December 7, 2017 12:12 AM

All replies

  • Are you a domain admin and are you logged into the target computer as a local admin?

    \_(ツ)_/

    Thursday, December 7, 2017 12:27 AM
  • Hi,

    I agree with jrv. Also, I'd like to explain that you may need to use Get-Credential to pass a credential. The following script for your reference, hope it is helpful  to you:
    $param = @{
        DomainName = 'domain.local'
        ComputerName = $env:COMPUTERNAME
        NewName = Read-Host -Prompt 'Please Enter New Computer Name'
        DomainCredential = Get-Credential -Message 'Please Enter Domain Credential'
        OUPath = 'OU=Computers,OU=Corporate,DC=domain,DC=local'
    }
    
    Add-Computer @param

    If you need further help, please feel free to let us know.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 7, 2017 6:03 AM
  • It is not really necessary to use Get-Credential.  If you pass a domain account id the CmdLet will prompt for the password.

    Add-Computer -DomainCredential mydummyaccount

    Try it.  It will prompt even if you use a "splat".


    \_(ツ)_/

    Thursday, December 7, 2017 6:38 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Does the script work?

    Please let us know if you would like further assistance.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 11, 2017 10:47 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Appreciate for your feedback.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, December 13, 2017 7:37 AM