This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Automate domain join, move ou and add description

Question
0

Sign in to vote

Hello all, i have been researching a script that will automate the following process. We are due to pre build 100 machines with Windows 10 which will have the computer name pre populated which will be a prefix of PC followed by the serial number of the machine.

The script would ideally;

Join to xxx.local domain

Move to xxx OU < This OU will have group policies that will enable Bitlocker etc.

Set computer description as: Bitlocker Pin: PCSERIALNUMBER

I have found singular formats of doing this but compiling them is not ending well, very new to PS so have probably picked a bigger task especially if I cannot find public documentation on this strung together.

Any help is greatly appreciated. Thanks

Monday, January 21, 2019 10:00 AM

All replies

0

Sign in to vote
How to ask questions in a technical forum

Please carefully review the following links to set your expectation for posting in technical forums.

This Forum is for Scripting Questions Rather than script requests

Script Gallery.
Forum for Script requests

Microsoft Virtual Academy - Getting Started with Microsoft PowerShell
PowerShell Documentation
PowerShell Style Guidelines

How to ask questions in a technical forum
Rubber duck problem solving
How to write a bad forum post
Help Vampires: A Spotter's Guide
This forum is for scripting questions rather than script requests
\_(ツ)_/
Monday, January 21, 2019 10:31 AM
0

Sign in to vote
You can use below command to join machine to domain.

add-computer –domainname domianname -Credential AD\adminuser -restart –force

This you need to run on local machine.

You can add this to startup script on machine and delete it when task is complete.

To Move server to particular OU you need to install Active Directory PowerShell module.

You can first add these servers to domain then using single script you can move them to particular OU.
- Edited by Singh Harinderpal Monday, January 21, 2019 10:34 AM
Monday, January 21, 2019 10:34 AM
0

Sign in to vote
Thanks Singh, I believe this is all already installed at domain level ADPSM so the struggle now is the script required to run after the domain join reboot. Thanks
- Proposed as answer by Singh Harinderpal Monday, January 21, 2019 10:43 AM
Monday, January 21, 2019 10:38 AM
0

Sign in to vote

Not a good solution for a mass deployment.

The answer can be automated using MDT and it will be robust and targeted.

Microsoft Deployment Tool

\_(ツ)_/

Monday, January 21, 2019 10:39 AM
0

Sign in to vote

Although I cannot help you with the task, I would like to discourage you from entering the bitlocker PIN in the computer description in AD since the description is viewable by all users of the domain.

Monday, January 21, 2019 10:42 AM
0

Sign in to vote

Thanks Singh, I believe this is all already installed at domain level ADPSM so the struggle now is the script required to run after the domain join reboot. Thanks

Most of your answer can be solved easily with a combination of MDT and Group Policy. This is not something we do with a script solution.

Also note that this forum is not a place to ask for free consulting or script writing. If you have a question about a script you have written then as a specific question.

For MDT and Group Policy post in those forums.

\_(ツ)_/

Monday, January 21, 2019 10:42 AM
0

Sign in to vote

When joining to a domain you can specify the target OU in the join command.

help add-computer -online

Everything else you ask can be done through correct installation image (MDT) and via Group Policy.

It is critical that you learn and completely understand the deployment technology and how to correctly set up systems in a domain. If you do it wrong it will make future management and change much more difficult. For a large deployment I strongly recommend studying the deployment technologies available and contacting a consultant to help you do this correctly.

\_(ツ)_/

Monday, January 21, 2019 10:49 AM
0

Sign in to vote

Although I cannot help you with the task, I would like to discourage you from entering the bitlocker PIN in the computer description in AD since the description is viewable by all users of the domain.

Also - using the pc serial number as a PIN also exposes the key to everyone.

\_(ツ)_/

Monday, January 21, 2019 10:50 AM
0

Sign in to vote
Bitlocker setup using MDT: https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker
\_(ツ)_/
- Proposed as answer by LeeSeenLiMicrosoft contingent staff Tuesday, January 22, 2019 5:47 AM
Monday, January 21, 2019 10:57 AM