Join Domain Workflow for Orchestrator

Hi There

Well finally getting to the pointy end here. VMware broke the sysprep process in version 5.1 such that a guest would not join the domain. So for my environment I needed to create a workflow that did this process for me.

The workflow shown here can be used within a larger workflow to provision a Windows guest.

So you need to have prepared your Template as stated in here.

You need to have created a similar script as stated here to join the guest to the domain.

Then you need to configure your workflow like this:

joinDomain workflow

So the first section highlighted in yellow basically checks for the existence of powershell directories on your guest. It first checks for c:\windows\system32\windowspowershell\v2.0 if found, sets the path for version 2 of powershell. If the check fails, it checks for c:\windows\system32\windowspowershell\v1.0 if found, sets the path for version 1 of powershell. If the check fails, it sets the error status and exits.

The second section highlighted in green checks the workingDirectory (c:\bin) exists. If not found Exits (probably should set the error state). If it is found, it then copies the script joinDomain.ps1 to the workingDirectory. If the copy fails, Exits (probably should set the error state on this too). If the copy is successful, then continue.

The third section highlighted in light blue, gets the environment variables from the server, then executes the joinDomain.ps1 script on the guest. It then wait until there is a return code for that process to finish. It then checks to see if the process exited successfully. If it did not exit with return code 0 then the script Exits (hmmm need to set the error state here). If it did exit with return code 0 then waits for the fully qualified name of the server to show up in vmtools. Sets the error code to success and exits.

I have included the documentation for this workflow here. All sub workflows are default library workflows found in Orchestrator.

Hope this helps.

Join Domain Script without stored credentials

Hi

Well here I am for another instalment  a script to join a server to the domain without storing any credentials on the server.

Why I might hear you ask? Well in a VMware environment, storing one of these scripts in your Windows Template will make it easy for you to execute it remotely so that it could be completed by a workflow.

Everyone stores their scripts differently. When I have scripts that I need to store on a host, my Unix background comes out as I normally have a folder located at c:\bin on a server to hold them.

As systems get smarter and you can store scripts in a script repository centrally, I still use the c:\bin folder as the execution folder for these centrally stored scripts.

For this script to run, you need to have set the executionpolicy mode to unrestricted in your powershell console (both 32bit and 64bit). If you have issues with this, I have posted an article here.

The script takes advantage of the Add-Computer powershell command found here.

As you can see in the referenced document, you could modify this script to place the computer into an OU within the domain and a lot of other options.

joinDomain.ps1

 param([string]$domain, [string]$adminUser, [string]$password)  
 $credential = New-Object System.Management.Automation.PsCredential($adminUser, (ConvertTo-SecureSTring $password -AsPlainText -Force))  
 Add-Computer -DomainName $domain -Credential $credential -passthru  

This script takes three arguments, The Domain you want to join, The Administrative User (in DOMAIN\USERNAME format) and The Administrative User Password.

All arguments are passed in as plain text.

I am not going into detail of the script as the document referenced earlier explains the functions used quite well.

Okay so I am off for now, see you in the next snippet.