RE: Remotely adding a machine to a domain

Fri, 30 Aug 2002 12:58:00 -0700 

Specifically netdom.exe found at:

ftp://ftp.microsoft.com/reskit/nt4/x86/netdom_x86.exe

allows you to add NT workstations to the domain.

For example you could feed a bunch of workstations into a script that took 
each box as $host and run the following line from the domain controller.  I 
would highly recommend testing this ... disclaimer ... etc.

system("c:\\netdom\.exe member \\\\$host /joindomain");


>From: "Craig Dayton" <[EMAIL PROTECTED]>
>To: "'Puckett, Richard'" <[EMAIL PROTECTED]>,  "'henry isham'" 
><[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: RE: Remotely adding a machine to a domain
>Date: Thu, 29 Aug 2002 20:08:13 -0700
>
>
>Don't overlook the possibility of just executing some of the utilities 
>found in the Windows Resource Kit.  Some of the utilities are distributed 
>freely and others may require  purchasing the Windows Resource Kit.
>
>-Craig
>
>-----Original Message-----
>From: [EMAIL PROTECTED] 
>[mailto:[EMAIL PROTECTED]] On Behalf Of 
>Puckett, Richard
>Sent: Thursday, August 29, 2002 2:29 PM
>To: 'henry isham'; [EMAIL PROTECTED]
>Subject: RE: Remotely adding a machine to a domain
>
>
>
>
>Henry,
>
>There are two ways that I know of.  In Windows 2000, there is a new Net32 
>API called 'NetJoinDomain' that you can call with Win32::API.  It basically 
>has the capability of doing remote computer joins, but it doesn’t take 
>care of additional registry edits on the target host that identify the new 
>Domain.  You'll find that it's better to prepopulate some of this data 
>(like Winlogon's DomainCache, CachePrimaryDomain and DefaultDomainName 
>parameters, and TCPIP's Domain and NV Domain parameters).  The upside of 
>this API is that it's a single call, the downside of this API is that it 
>can be sensitive to latency and - because it wraps approximately 13 
>separate API calls to both the target domain and host - it can leave you 
>with less control over the individual
>API calls (for things like troubleshooting).
>
>The second method you might use is with the existing LSA and Net32 APIs and 
>possibly the ADSI COM object (for AD environments).  You'd need to first 
>create a computer object in your target Domain (using ADSI or Net32 APIs) 
>and retrieve (among other things) the Domain SID and/or GUID (depending on 
>the domain type), then connect to the target host (with local 
>administrator-equivalency), use an LsaOpenPolicy call, then call 
>LsaSetInformationPolicy and LsaStorePrivateData (to set the default machine 
>account password - the $machine.acc value) to reset the target's secure 
>session channel to the new domain.  Depending on the Domain type you are 
>setting up, you'll need to use either the POLICY_DNS_DOMAIN_INFO (for 
>Active Directory) or POLICY_PRIMARY_DOMAIN_INFO (for NT4 Domains) with your 
>LsaSetInformationPolicy call.  If you want to mirror the method that MSFT 
>uses, you're also going to need to remotely add Domain Users to local 
>Users, and Domain Admins to local Admins, and again, you've got the 
>registry settings to do as well.  Additionally, there are issues if the 
>host has never been joined to a domain before, so you'll need to remotely 
>check and set the Netlogon registry service START parameter to make sure 
>it's set to 0x2 (automatic startup).
>
>Finally there's all of the remote error-handling.  Also, you might consider 
>creating a temporary local administrative account on the target host, just 
>in case the remote join fails midstream and you have to logon locally to 
>get the box back on net.  You can always delete it after you've 
>successfully moved the box.
>
>Regards,
>Richard
>
>
>
> > -----Original Message-----
> > From: henry isham [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 29, 2002 3:13 PM
> > To: [EMAIL PROTECTED]
> > Subject: Remotely adding a machine to a domain
> >
> >
> > Hi all,
> >
> > Is there a way to remotely add a machine into a domain? I
> > have all the necessary id's and passwords (admin on the
> > domain, and admin on the remote machine). I'm just trying to
> > save my self a trip to a whole bunch of machines. I've
> > already looked at Win32:NetAdmin and Win32:Lanman, but
> > nothing jumped out at me.
> > Any hints would be greatly appreciated. Thanks.
> >
> > -Henry
> > =
> > Z)  fyXXh'`)Ŋlzry+Z(:.˛
> > mmඟ+-1bjoj)fj˛
> >
>_______________________________________________
>Perl-Win32-Admin mailing list [EMAIL PROTECTED]
>To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
>
>_______________________________________________
>Perl-Win32-Admin mailing list
>[EMAIL PROTECTED]
>To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Reply via email to