Add-Computer Authentication Method

joseph-monarch · October 28, 2020, 11:37am

All,

I am in the process of creating a script to migrate our workstations from our legacy domain to the our new domain. I can disjoin the legacy domain but I am having issues joining the new domain.

Here is what I am using

$joincred = New-Object pscredential -ArgumentList ([pscustomobject]@{
Username = ‘Username’

Password = (ConvertTo-SecureString -String ‘password’ -AsPlainText -Force)[0]

})

Add-Computer -DomainName ‘Name’ -Credential $joincred

The issue arising from this is, “corporate” and their infinite wisdom, has completely blocked NTLM authentication, which is what the above is trying to use. Is there a way I can force the use of Kerberos with this command or is there a different method of doing this. I am wanting this to be as automated as possible.

andysvints · October 28, 2020, 12:33pm

Hello Joseph,

One of the options would be to Add a computer to a domain using predefined computer credentials

New-ADComputer -Name "Server02" -AccountPassword (ConvertTo-SecureString -String 'TempJoinPA$$' -AsPlainText -Force)

# Then this command is run from Server02 which is not yet domain-joined:

$joinCred = New-Object pscredential -ArgumentList ([pscustomobject]@{
    UserName = $null
    Password = (ConvertTo-SecureString -String 'TempJoinPA$$' -AsPlainText -Force)[0]
})
Add-Computer -Domain "Domain03" -Options UnsecuredJoin,PasswordPass -Credential $joinCred

Reference: Add-Computer Documentation

Hope that helps.

rob-simmers · October 28, 2020, 12:40pm

This is being executed on a non-joined domain computer? How is the user name formed? Domain\User or user@domain.com. Are you getting a error?

joseph-monarch · October 29, 2020, 3:32am

This worked. I was unsure about this process when I originally read it. This will cause some more pre-work before I run the full script, but that is ok.

[quote quote=266579]Hello Joseph,

One of the options would be to Add a computer to a domain using predefined computer credentials

1

2

3

New-ADComputer -Name "Server02" -AccountPassword (ConvertTo-SecureString -String 'TempJoinPA$$' -AsPlainText -Force)

# Then this command is run from [crayon-5f9aaf533de5c354344174 inline="true" ]Server02

which is not yet domain-joined: $joinCred = New-Object pscredential -ArgumentList ([pscustomobject]@{ UserName = $null Password = (ConvertTo-SecureString -String 'TempJoinPA$$' -AsPlainText -Force)[0] }) Add-Computer -Domain "Domain03" -Options UnsecuredJoin,PasswordPass -Credential $joinCred[/crayon] Reference: Add-Computer Documentation

Hope that helps.

[/quote]

Topic		Replies	Views
Passing AD credentials to add-computer PowerShell Help	4	188	March 4, 2014
Joining System to Domain with Workflow PowerShell Help	3	158	January 6, 2018
Powershell script for joing a domain instead of workgroup PowerShell Help	2	258	July 2, 2021
Merging Remove-Computer, New-Object, and ConverTo-SecureString PowerShell Help	8	176	August 19, 2022
Error In Powershell Execution for removal a domain computer from Domain PowerShell Help	3	143	August 29, 2022

Add-Computer Authentication Method

Related Topics