1

I have the following code, it's a simple script to add a new computer to our domain. It works when executed locally using Read-Host for credentials and Organizational unit name

$domainName = "mydomain.live"

# Manually provide the username and password for joining the domain
$adminUsername = Read-Host "Enter the domain admin username"
$adminPassword = Read-Host -AsSecureString "Enter the domain admin password"

# Create a PSCredential object with the provided username and password
$credential = New-Object System.Management.Automation.PSCredential ($adminUsername, $adminPassword)

# Get the local computer name
$computerName = $env:COMPUTERNAME

# Prompt for the OU name where the computer should be added
$ouName = Read-Host "Enter the name of the parent Organizational Unit (OU)"
$childOUName = Read-Host "Enter the name of the child Organizational Unit (OU)"

# Join the computer to the domain and specify the target OU
Add-Computer -DomainName $domainName -Credential $credential -ComputerName $computerName -OUPath " OU=$childOUName,OU=$ouName, DC=mydomain, DC=live"  -Restart

Now I've modified the code above to support Atera's custom script variables. These function similar to the read-host prompt and output a System:string when verified with getType(). However something is causing an access denied error when done through the RMM

$domainName = 'mydomain.live'

# Manually provide the username and password for joining the domain
$adminUsername = [string]"{[adminUsername]}"
$adminPassword = [string]"{[adminPassword]}"

$encrypted = convertto-securestring $adminPassword -AsPlainText -Force


# Create a PSCredential object with the provided username and password
$credential = New-Object System.Management.Automation.PSCredential ($adminUsername, $encrypted)

# Get the local computer name
$computerName = $env:COMPUTERNAME

# Prompt for the OU name where the computer should be added
$ouName = [string]"{[ouName]}"
$childOUName = [string]"{[childOUName]}"

# Join the computer to the domain and specify the target OU
Add-Computer -DomainName $domainName -Credential $credential -ComputerName $computerName -OUPath "OU=$childOUName,OU=$ouName, DC=mydomain, DC=live"  -Restart

When this is run (as user) from atera, I get the following error:

Computer RH009 could not join domain MyDomain from WORKGROUP, access refused.
+ CategoryInfo          : OperationStopped: (MyDomain-RH009:String) [Add-Computer], InvalidOperationException
+ FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand

Any lead or advice is appreciated

Filip Godin
  • 11
  • 3
  • How are you executing the script with Atera though. Do you not need to `import-module` first but can you show full Atera logic or a link to which script you are referring? The "access refused" implies the credential is NOT correct per the way you are executing it but try making the script `write-output` and work out if the password string is as desired once you execute with Atera. The credential isn't authenticating to the domain to join the machine per the Altera execution method basically would be my intuitive guess. – Bitcoin Murderous Maniac Jun 21 '23 at 01:49
  • I guess it is not your domain account that is refused but your local account ([`-localcredential`](https://learn.microsoft.com/powershell/module/microsoft.powershell.management/add-computer#-localcredential)) that isn't allowed to join the computer. – iRon Jun 21 '23 at 06:39

0 Answers0