Adding Computer to AD Group Without AD Installed (ADSI, etc)

I am having a hard time finding a way to add a computer to an AD group with ADSI while specifying credentials. I am able to add the computer to the group WITHOUT specifying credentials via the following method, but I need to be able to specify credentials for what I’m doing.

$group = [adsi]"LDAP://$DC/$GroupDN"

I have tried playing around with System.DirectoryServices.DirectoryEntry and am able to make the connection with credentials, but not sure how to grab the group name from there and add the computer. Any suggestions are appreciated.

$objDomain = New-Object System.DirectoryServices.DirectoryEntry('LDAP://$domain/$OU',$username,$password)

What is the purpose of trying to add a computer to a group with AD? You can create a JEA (Just Enough Administration) endpoint and use it to add a computer to a group. Unless there is another purpose for using the method you are describing.


I am writing a script to migrate a computer from one domain to another within the same forest (or in some cases from a workgroup to the new domain). After it’s added to the new domain, the computer needs to be added to an AD group for certificate auto-enrollment. It can’t be added ahead of time because it will receive the cert for their old domain. I am using stored creds in the script and using ps2exe to save as exe file. Just trying to find easiest way to add to a group and now also delete the computer from AD (all within local script).