AD Re-Join?



  • So I have a lab full of machines that were added to the domain, via FOG, a while back that suddenly, “fell” off the domain. I was told to re-add each machine individually. Is their any way to automate this?

    0_1472068641920_20160824_114801.jpg



  • @Joe-Gill said in AD Re-Join?:

    Basically it’s caused by NOT sysprepping machines. Hence the reason you’ve never seen it before… This lab was NOT sysprepped… Ugh!!

    We don’t sysprep. 4,500+ machines.

    Sounds like the image isn’t clean, to me.

    When I make images - they absolutely never are allowed to be on the domain. If they accidentally get put on the domain by fog or us - we start over. Our images are absolutely clean. We always start with a clean slate.

    The issue could also be that - your image was joined to the domain during capture.



  • @Wayne-Workman

    Well I’ve discovered lots…

    This post on Spiceworks says tons!!
    https://community.spiceworks.com/topic/504924-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed?page=1

    Basically it’s caused by NOT sysprepping machines. Hence the reason you’ve never seen it before… This lab was NOT sysprepped… Ugh!!

    That said, the easy fix is to run the following powershell command using Powershell 3.0. Which in my case I had to download…

    reset-computermachinepassword
    

    Run this locally and it will do the job! Now… In my case it did not! I’m guessing because my PID was not unique because of the lack of Sysprep… The DC does not recognize the machine as being unique. The only work around aside from re-imaging the entire lab, is to go in and rejoin the domain by changing from mydomain.com to mydomain. This seems to do the trick with a reboot. I could have FOG do it but it’s the same amount of steps…

    Thanks!

    I can’t wait to fix our DC let me tell you!

    Cheers,

    Joe



  • @Wayne-Workman I haven’t yet!! But I’m still forging away!



  • @Joe-Gill Did you get it working with local credentials? I suppose that way would be more valuable to some (like me). Can we get a copy of the final product so it’s not lost in the abyss of the Internet? No telling when the-it-blog.co.uk will just vanish. Remove sensitive passwords of course.



  • @Wayne-Workman

    So I was trying to debug a script this evening and discovered this…(Look at screenshot below) I find it scary and comical at the same time. All I have to say is “WOW”! This mess is more screwed up than I thought!!!

    For those looking for a good script to remove computers from your domain from one single script, look no further…

    Check this link out – >
    http://blog.the-it-blog.co.uk/2013/08/01/how-to-remove-a-pc-from-a-domain-and-join-it-using-powershell/

    I will warn you, I had some bugs to work through. Most will be very simple for you to figure out.

    What killed my script was what’s pictured below. When you have ip addresses on your network that represent several different machine names you have bigger issues… UGH!

    I did find several variations of this script. Most were written to be ran on your local admin PC. This one is nice because you can create a CSV file of PC names to be removed. Their is also a script on this page to re-add the machines. Both are handy to have!

    Anyhow, check out my misfortune. LOL!

    0_1472094329945_upload-6cb660d4-2762-4c57-b3bc-dd64587ba84d



  • @Wayne-Workman The command seems simple but I can’t figure it out for the life of me. I seriously need to study up on scripting let me tell you.

    The command is remove-computer. But I can’t get the syntax right.



  • @Wayne-Workman Will do! I’ve been fighting with it all afternoon. Working on it from home right now. LOL!



  • @Joe-Gill Share your script once you get it going?



  • @Wayne-Workman Sadly I understand what you’re saying. The funny thing is, when I was doing a search for a script, I found some other poor soul who experiences this same issue. I’m betting he has things all messed up, much like we do here. It’ll change here though. Give me 6 more months and I’ll get this place turned around. We only barely have 400 machines. Small potatoes in the grand scheme of things!

    Thanks for the support!



  • @Joe-Gill I was being sort-of serious. Nobody is having this issue except for you. The FOG Client is widely used. We have it managing AD joining at work on like 4500 machines. We don’t have this issue. Others have larger setups, they don’t have this issue.



  • @Wayne-Workman LMAO! I’m working on it! It’s been a tough road though. Discovered a lot of things that weren’t very Kosher. One thing at a time. At least our images have been sysprepped and KMS keys installed. Oh and I shouldn’t forget FOG! Boy what would I do without FOG?! I’m moving up in the world!

    Thanks again!



  • You probably can script removing them from the domain, deploy that as a snapin - and include a reboot for the snapin options in the web UI. Then the fog client will put them back on. Also, sounds like someone needs to lose AD privileges.


 

448
Online

41.8k
Users

12.4k
Topics

116.6k
Posts