Jump to content

Adding domain users during O.S. installation


Recommended Posts

All, In the Winnt.sif file i can create and add a limited number of users to the local system during setting up. What i want to know is if there is a way to automatically add domain accounts to a local machine security group during O.S. install and configuration (or shortly thereafter). I have been reviewing the use of NETDOM and Net User as possible solutions but have been unable to determine whether or not those commands can accomplish the task. Thanks in advance.

Link to comment
Share on other sites

i do it after the pc is booted with a few batch and vbs files. you will notice below that i'm using variables which are part of a HUGE set of files that prompt the tech for the user name, pw, and group info... store that info in an encrypted text file, then backup the data to a server. afterward, we reimage the orginal system or image a new one, run the restore batch files which asks the tech "who is this user", then changes the pc name to what it was before (and also prompts you to change it if needed), adds it to the domain, adds the proper users and groups to the admins, and then restores the data from the server.

it's been a "work in progress" for the last several months. Anyway, here are a few parts of it:

exe\netdom join %computername% /domain:MYDOMAIN /ou:"ou=sales workstations,ou=oh,ou=cinci,dc=oh,dc=mydomain,dc=net" /userd:%tech% /passwordd:%techpw%

then it uses a "shutdown" command to reboot. next it runs:

net localgroup administrators tl\USER-AD-NAME-GOES-HERE /add

once again, it reboots and then adds some other global groups to the local admins. the text below is the contents from a vbs file:

On Error Resume Next

'get main objects/variables

Set ws = WScript.CreateObject ( "WScript.Shell" )

compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )

Set adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )

'add domain groups to local admin group

adGrp.Add ( "WinNT://TL/_OH Help Desk,group" )

adGrp.Add ( "WinNT://TL/_OH Micro Support,group" )

'handle errors

If (Err.Number <> 0) Then

strError = "AddAdmins.vbs was unable to add the specified groups to the local Administrators group."

strError = strError & vbCrLf & vbCrLf

strError = strError & "Error #: " & Err.Number & vbCrLf

strError = strError & "Source: " & Err.Source & vbCrLf

strError = strError & "Description: " & Err.Description & vbCrLf

ws.LogEvent 1, strError


ws.LogEvent 0, "The local Administrators group was successfully updated."

End If

i found a ton of info on this site as well as experts-exchange.

Edited by viperz2000
Link to comment
Share on other sites

once again, it reboots and then adds some other global groups to the local admins.

This can be done by configuring a GPO: Computer Configuration / Windows Settings / Security Settings / Restricted Groups. Much easier, more flexible and no need for scripting.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...