AWS EC2 Instances using SSM for Domain Join

I have been trying to use the Add-Computer Cmdlet to take and newly generated Windows 2019 and 2016 EC2 Instance, which starts with a randomly generated hostname, and set the hostname, and join it to the domain. So far, I have not been able to get this to work without having two steps and two reboots. I have to Rename-Computer, reboot, and Add-Computer and reboot.

I have tried so many things, I have lost track, but here is one example:
Add-Computer -DomainName $domain -OUPath $ouPath -Credential $credential -NewName $($nameValue.Split(".")[0]) -Force –Options JoinWithNewName,AccountCreate -ErrorAction Stop -Restart\n

Does anyone have tested and proven method for changing the name of a Windows Server and Joining it to the domain with only one reboot? I have tried add-computer -newname, it doesn’t work.

I have done this many times manually, I just ignore the first reboot prompt. I assume your -Restart\n is intended to perform the same action? I am not familiar with that syntax. If that is not the case, what happens if you leave off the -Restart and simply try the second task, then reboot?

PS C:\Users\Administrator> $NName = 'comcomp3'
PS C:\Users\Administrator> $username = 'aname'
PS C:\Users\Administrator> $pw = 'apassword'
PS C:\Users\Administrator> $pwss = (ConvertTo-SecureString $pw -AsPlainText -Force)
PS C:\Users\Administrator> $creds = New-Object System.Management.Automation.PSCredential($username, $pwss)
PS C:\Users\Administrator>   Rename-Computer -NewName $NName -PassThru

HasSucceeded OldComputerName           NewComputerName
------------ ---------------           ---------------
True         EC2AMAZ-2PQ4DC7           comcomp3
WARNING: The changes will take effect after you restart the computer EC2AMAZ-2PQ4DC7.


PS C:\Users\Administrator>   Start-Sleep -Seconds 10
PS C:\Users\Administrator> $OU = 'OU=AN-OU-PATH'
PS C:\Users\Administrator> Add-Computer -DomainName "ourdomain.com" -OUPath $OU -Credential $creds -Options JoinWithNewName  -Restart
Add-Computer : Computer 'EC2AMAZ-2PQ4DC7' failed to join domain 'ourdomain.com' from its current
workgroup 'WORKGROUP' with following error message: No mapping between account names and security IDs was done.
At line:1 char:1
+ Add-Computer -DomainName "ourdomain.com" -OUPath $OU - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (EC2AMAZ-2PQ4DC7:String) [Add-Computer], InvalidOperationException
    + FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand

If I run it without the -Options JoinWithNewName, it joins, but the name is not changed.

Does $creds have the permission to join the system to the domain? It looks like it does not.

Yes, it did. The workaround was so complicated, that I decided to just go with the reboot. Eventually, change the standard and our AWS server just take the hostname AWS gives it. This raised another problem with the way we did service accounts, but that is another story.