A common task many system administrators do is adding computers to an Active Directory domain. Since Active Directory is embedded in so many organizations, nearly every IT professional is probably familiar with the box below.

This box is the infamous domain-join box that comes up whenever adding a computer to a domain. If you're still adding computers via this method though, you're doing it the hard way. This process requires logging onto a machine, performing about a dozen mouse clicks, rebooting, and waiting. Why not just do this?

Active Directory domain join

Active Directory domain join

This PowerShell snippet above connects remotely to the computer NAMEHERE, attempts to join it to the domain domain.here and then afterward restarts it. No more logging on computers and clicking around. This method not only speeds up joining a domain on a single machine but also can easily extend to multiple devices as well if the computer names are stored somewhere else, like a text file.

$computers = Get-Content -Path C:\Computers.txt
Add-Computer -ComputerName $computers -Domain 'domain.here' -Restart

Using PowerShell is a great start, but chances are you need more flexibility. You may also want to add the computer to a specified organizational unit, ensure that the computer rebooted successfully, and so on.

For some additional actions, the Add-Computer cmdlet provides other parameters. Use help Add-Computer -Detailed to see what it can do. But there are some things that Add-Computer cannot do as well.

For example, I like to verify an organizational unit exists before attempting to add a computer to it. Likewise, I also prefer to get some notification when the computer comes back up after a reboot. Let's build a tool in PowerShell to give us some additional functionality.

To build this tool, we'll first create a "wrapper" function around Add-Computer. This wrapper function will allow us to tack on additional behavior.

function Add-AcmeComputer {
    param(
        [string]$ComputerName
    )

    foreach ($computer in $ComputerName) {
        if (-not (Test-Connection -ComputerName $computer -Quiet -Count 1)) {
            Write-Warning "Could not ping computer [$computer]"
        } else {
            ## Do some more stuff
        }
    }
}

Notice that I've created the start of a tool. I've given it a name similar to Add-Computer yet customized it to my organization and created a few parameters that resemble parameters on Add-Computer. I also added some additional validation already. I'm first pinging the computer to ensure it's online before doing anything else. Why even attempt to join the computer to a domain if it's not even online?

Next, I'll fill in some code in the else block. Here is where I can add anything I need to do before or after joining the computer to the domain. For kicks, let's add some functionality to ensure the computer reboots and comes back up after we join it to a domain. To do this, I'll add a Wait parameter that is not on the Add-Computer command. I'll then add the code necessary to wait for the computer only if I use the Wait parameter.

Subscribe to 4sysops newsletter!

function Add-AcmeComputer {
    param(
        [string[]]$ComputerName,
        [string]$Domain,
        [switch]$Wait
    )

    foreach ($computer in $ComputerName) {
        if (-not (Test-Connection -ComputerName $computer -Quiet -Count 1)) {
            Write-Warning "Could not ping computer [$computer]"
        } else {
            Write-Information "[$computer] is being added to domain [$Domain]..."
            Add-Computer -ComputerName $computer -Domain $Domain -Restart
            if ($Wait.IsPresent) {
                ## Give it some time to go offline
                while (Test-Connection -ComputerName $computer -Quiet -Count 1) {
                    Start-Sleep -Seconds 2
                }

                ## It's now offline, wait for it to come back
                while (-not (Test-Connection -ComputerName $computer -Quiet -Count 1)) {
                    Start-Sleep -Seconds 2
                    Write-Information "[$computer] rebooted and is back!"
                }
            }
            Write-Information "[$computer] was added to domain [$Domain]..."
        }
    }
}

Once you've got the function to this point, adding new functionality is a piece of cake. Your situation will most likely be different from mine, and you will have additional requirements. But now, you have the foundation completed to add more of your own validation or pre- and post-domain-joining tasks.

avataravatar
8 Comments
  1. Albert 5 years ago

    Adam,

    Thanks for sharing the article, How about the Powershell to remove the computer from AD domain, in the event of workstation Trust failure ?

    I assume that the command can be executed remotely from my admin laptop.

    Regards,

    Al

    • Author
      Adam Bertram 5 years ago

      For that, you could just use Remove-AdComputer and provide a credential of a local administrator account.

  2. Adam Rush 5 years ago

    Another useful example I can use, thanks Adam 🙂

    Just wondering if [string]$ComputerName should be [string[]]$ComputerName ?

    Also, should Write-Information “[$computer] rebooted and is back!” be outside the final while loop?

  3. Naor 5 years ago

    the commands on powershell, do I need to do it on DC? or the server I want to join the AD

  4. Shikha Bhatt 4 years ago

    Do i need to import any module for using Add-Computer cmdlet.

    As while executing the above command. i am getting error : The term ‘Add-Computer’  is not recognized as a cmdlet, function, operable program, or script file.

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account