Thursday, July 12, 2012

Join a domain and rename in one reboot using WMI

If you don't take special care in your script, then renaming a machine and then joining it to a Windows domain will join it using the old name. Apparently there's an undocumented flag 0x400 on JoinDomainOrWorkGroup. At least I think it started working when I added that flag... Here's a PowerShell snippet that's working for me now:
$computer = Get-WmiObject Win32_ComputerSystem
$cred = Get-Credential
$computer.Rename("newmachinename", $NULL, $NULL)
$computer.JoinDomainOrWorkGroup( `
 "mydomain", `
 ($cred.GetNetworkCredential()).Password, `
 $cred.UserName, `
 $NULL, `
 0x1 + 0x2 + 0x20 + 0x400)

9 comments:

  1. I was just passing by due to a Google search and decided to comment on this post in case anyone happened upon it.

    Here is the documentation for the JoinDomainOrWorkGroup method:

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa392154(v=vs.85).aspx.

    Your flag calculation is weird. There is no 400 or 20 flag, but after adding up all your flags you get 423 which does equal the sum of some of the flags from that method: 256 + 128 + 32 + 4 + 2 + 1.

    According the documentation and your flag calculation, you told the computer to deffer naming the computer account until after the rename, allow rejoining, allow joining to an existing name or create a new name, and to join a domain not a workgroup.

    ReplyDelete
  2. Thanks for your input. Note that the flags given above are in hex (because they start with "0x"), so the sum is 0x423, or 1059 in decimal (0x1 + 0x2 + 0x20 + 0x400 in hex is 1 + 2 + 32 + 1024 in decimal). 0x20 is correct (from the MSDN link you sent: "Allows a join to a new domain, even if the computer is already joined to a domain."). However, it does seem very likely that there's something I'm missing, since there seems to be no mention of this 0x400 flag :-)

    ReplyDelete
    Replies
    1. Ah yes. My inexperience with hex....

      In any case there is the flag 256 (0x100) which says

      "Writing SPN and DnsHostName attributes on the computer object should be deferred until the rename that follows the join."

      Have you tried this flag? I'm interested to see if it works as expected because of your undocumented findings.

      Delete
  3. It's a while ago now, so unfortunately I don't remember. That flag 0x100 does sound promising, but as far as I remember I tried all the flags on that page without success. I'm sorry I didn't save the link to the page where I found the hint about the 0x400 flags (I think it was buried deep in an example on a expert-exchange.com thread, or something). Unfortunately I don't have the VM's I was using to experiment any more, so I can't test this at the moment, but I'd be very interested in hearing what you conclude. Thanks!

    ReplyDelete
    Replies
    1. Found it!!

      http://msdn.microsoft.com/en-us/library/windows/desktop/aa370433(v=vs.85).aspx

      That is the underlying DLL that is called when you invoke that WMI method. It has references to all the flags you can set.

      Here's my path:
      Googled JoinDomainOrWorkgroup 0x400 and found http://p0w3rsh3ll.wordpress.com/2013/06/04/2013-scripting-games-event-6/

      Googled NETSETUP_JOIN_WITH_NEW_NAME and found http://msdn.microsoft.com/en-us/library/windows/desktop/aa370433(v=vs.85).aspx

      Gotta love Google.

      Delete
  4. Fantastic, so we can no longer call it an undocumented flag :-) Thanks!

    ReplyDelete
  5. Good! Thank you Allan
    That's what I look for!
    You helped me a lot!
    Respect!

    ReplyDelete
  6. Thanks Alan, this was very helpful, I have been searching all over the net and couldn't find anything that worked with renaming the computer at the same time as joining the domain.

    ReplyDelete
  7. Thank you Allan, this was very helpful. Other things that I tried which was mostly variations on Rename-Computer and Add-Computer, even with the -JoinWithNewName parameter, simply did not work and always resulted in errors. This was the first approach that worked and I'll be using it in my scripts.

    ReplyDelete