What is the preferred method to programatically join a windows 7 machine to the domain?
I want to script this so that when a newly imaged machine is booted up it joins the domain. (I don't want to use Sysprep to do it as there are some other checks I want to run at the same time.)
As far as I can see, I can either use NetDom, or computer-add in Powershell.
Both of these theoretically mean I have to install "extra stuff" on the image, though – either RSAT to use netdom (or I could manually copy just that command) or the AD cmdlets for computer-add.
Anyone have any experience of these, or which is the "better" way? I don't really want to leave the end users with admin tools on their machines.
Thanks in advance,
Ben
Best Answer
NETDOM.EXE is all you need. I'd just copy it over and be done with it.
There's no danger in the user having NETDOM.EXE. The same functionality that NETDOM exposes is available in the GUI anyway. So long as the user doesn't have a domain credential with rights to join / disjoin computers from the domain they can't harm your AD with the NETDOM tool. Likewise, if the user isn't a local Administrator of the PC they can't use NETDOM to make the PC believe it's disjoined from the domain any more than using the GUI tools.
Just be sure that you're not leaving credentials on the PC, post-imaging, that could give the user privileged access to the AD.