Join Domain and Rename Computer with PowerShell

   Below is a script that we use to join computers to a domain.  We use this as part of a task sequence in SCCM and feed a system name into the launching of the script.  We do not restart the computer using the script though - otherwise the task sequence would fail. 

Tested with Windows 7
Type: PowerShell 3.0 << Powershell 3.0 found here:
 http://www.microsoft.com/en-us/download/details.aspx?id=34595

# Script Usage:

# <ScriptName.ps1 MyNewComputerName>

param

([Parameter(Position=0,mandatory=$true)]

[string]$newname) # Required Parameter, script will fail without it 
# === Set the Variables ===
$domain = "Domain"          # NETBIOS name of your domain
$DNSDomain = 'domain.local' # FQDN of your domain
$domainUserroot = 'ADUser'  # An AD user with permissions to join workstations to the domain
$domainpass = 'supersecret' # The password for the above user$domainUser = $domain+'\'+$domainUserroot $securePass = ConvertTo-SecureString –String $domainpass -AsPlainText –force $domaincred = New-Object System.Management.Automation.PSCredential` $domainUser,$securePass
$OU = "OU=Computers-Win7,DC=domain,DC=local" # Target OU
# === Start of Commands ===# Add the computer to the domain
Add-Computer -DomainName $dnsdomain -Credential $domaincred -OUPath $OU 
# Rename the Computer - Requires Domain Credentials
Rename-Computer -NewName $newname -DomainCredential $domaincred # Rename Computer

Restart-Computer # Reboot the Computer

A note about the password:  Due to the nature of PSH, passing credentials is rather difficult, especially if you want to encrypt them.  I found it easier to create an AD user and lock that user account down so that it is allowed to join workstations to the specific container, rather than the former.
 

Enable/Disable AutoAdminLogon with PowerShell

     Since the company I work for is finally upgrading to Windows 7 and replacing about 1500 desktops this year, I'm working on a sequence where the system from the manufacterer comes in and detects that it can see the domain, then proceeds through several configuration tasks so that our deployment staff spend less time at each system.
Gone are the days when they had to follow a page of instructions for configuring each system.

     My first script is to enable AutoAdminLogon in the registry and give it the user and password required.

For Windows 7
Type: PowerShell  

$Regkey= "HKLM:\Software\Microsoft\Windows NT\Currentversion\WinLogon"

 
$DefaultUserName = 'Administrator'
$DefaultPassword = 'P@ssword'

# This function just gets $true or $false
function Test-RegistryValue($path, $name)
{
$key = Get-Item -LiteralPath $path -ErrorAction SilentlyContinue
$key -and $null -ne $key.GetValue($name, $null)
}

# Gets the specified registry value or $null if it is missing
function Get-RegistryValue($path, $name)
{
$key = Get-Item -LiteralPath $path -ErrorAction SilentlyContinue
if ($key) {$key.GetValue($name, $null)}
}

#AutoAdminLogon Value
$AALRegValExist = Test-RegistryValue $Regkey AutoAdminLogon
$AALRegVal = Get-RegistryValue $RegKey AutoAdminLogon

if ($AALRegValExist -eq $null) { New-ItemProperty -Path $Regkey -Name AutoAdminLogon -Value 1 }

elseif ($AALRegVal -ne 1) { Set-ItemProperty -Path $Regkey -Name AutoAdminLogon -Value 1 }

#DefaultUserName Value
$DUNRegValExist = Test-RegistryValue $Regkey DefaultUserName
$DUNRegVal = Get-RegistryValue $RegKey DefaultUserName

if ($DUNRegValExist -eq $null) { New-ItemProperty -Path $Regkey -Name DefaultUserName -Value $DefaultUserName }

elseif ($DUNRegVal -ne $DefaultUserName) { Set-ItemProperty -Path $Regkey -Name DefaultUserName -Value $DefaultUserName }

#DefaultPassword Value
$DPRegValExist = Test-RegistryValue $Regkey DefaultPassword
$DPRegVal = Get-RegistryValue $RegKey DefaultPassword

if ($DPRegValExist -eq $null) { New-ItemProperty -Path $Regkey -Name DefaultPassword -Value $DefaultPassword }

elseif ($DPRegVal -ne $DefaultPassword) { Set-ItemProperty -Path $Regkey -Name DefaultPassword -Value $DefaultPassword }

Give the Default Username and Password, and execute with PS. 

The reason that there is a registry value test is that powershell has two different commands for creating a new registry value (New-ItemProperty) and changing on (Set-ItemProperty)

The following script is for disabling the AutoAdminLogon.  The user and password is cleared, and the AutoAdminLogon registry value is changed to 0.

$Regkey= "HKLM:\Software\Microsoft\Windows NT\Currentversion\WinLogon"

 
$DefaultUserName = ''
$DefaultPassword = ''

# This function just gets $true or $false
function Test-RegistryValue($path, $name)
{
$key = Get-Item -LiteralPath $path -ErrorAction SilentlyContinue
$key -and $null -ne $key.GetValue($name, $null)
}

# Gets the specified registry value or $null if it is missing
function Get-RegistryValue($path, $name)
{
$key = Get-Item -LiteralPath $path -ErrorAction SilentlyContinue
if ($key) {$key.GetValue($name, $null)}
}

#AutoAdminLogon Value
$AALRegValExist = Test-RegistryValue $Regkey AutoAdminLogon
$AALRegVal = Get-RegistryValue $RegKey AutoAdminLogon

if ($AALRegValExist -eq $null) { New-ItemProperty -Path $Regkey -Name AutoAdminLogon -Value 0 }

elseif ($AALRegVal -ne 0) { Set-ItemProperty -Path $Regkey -Name AutoAdminLogon -Value 0 }

#DefaultUserName Value
$DUNRegValExist = Test-RegistryValue $Regkey DefaultUserName
$DUNRegVal = Get-RegistryValue $RegKey DefaultUserName

if ($DUNRegValExist -eq $null) { New-ItemProperty -Path $Regkey -Name DefaultUserName -Value $DefaultUserName }

elseif ($DUNRegVal -ne $DefaultUserName) { Set-ItemProperty -Path $Regkey -Name DefaultUserName -Value $DefaultUserName }

#DefaultPassword Value
$DPRegValExist = Test-RegistryValue $Regkey DefaultPassword
$DPRegVal = Get-RegistryValue $RegKey DefaultPassword

if ($DPRegValExist -eq $null) { New-ItemProperty -Path $Regkey -Name DefaultPassword -Value $DefaultPassword }

elseif ($DPRegVal -ne $DefaultPassword) { Set-ItemProperty -Path $Regkey -Name DefaultPassword -Value $DefaultPassword }