Add a Windows server to a domain

Hewlett Packard Enterprise provides two scripts that can be used for adding a server to a Windows domain. One is used for adding to the domain at OS installation time, and the other is used for adding to the domain once the server is already installed. The two methods for adding a Windows server to a domain are described in the following sections.

To add the server to a domain during OS installation:

Use the Hewlett Packard Enterprise provided script Inject Windows Domain or Workgroup Personalization Settings as part of an OS deployment job.

This method also injects Windows active directory domain or workgroup related configuration into the Windows unattend file and is supported only on Windows Server 2008 and later.

Save a copy of a Hewlett Packard Enterprise provided Windows OS Build Plan, changing its name to reflect the Windows functionality being installed.
After the Inject Personalization Settings step in the OS Build Plan, add the Hewlett Packard Enterprise provided script Inject Windows Domain or Workgroup Personalization Settings.

Create DomainName, DomainUser, DomainPassword, Workgroup custom attributes, as shown in the following examples:

Category	Example
DomainName	mydomain.net # FQDN of your domain
DomainUser	Aduser # An AD user with permissions to join workstations to the domain
DomainPassword	supersecret #Password for DomainUser
Workgroup	(optional)

To add a server to a domain after the OS is installed:

Use the Hewlett Packard Enterprise provided script Add Windows Server to Domain as part of an OS deployment job.


	NOTE: This script uses PowerShell commands. To run on Windows 2008, PowerShell 2.0 must be installed.

This step can be used as part of its own Build Plan or can be added at the end of an OS Build Plan. The benefit of using this step is that your domain password can be encrypted, and will not show up in clear text. Use the following instructions for adding this step to the end of an OS installation.

Save a copy of a Hewlett Packard Enterprise provided Windows OS Build Plan, changing its name to reflect the Windows functionality being installed.
At the end of the OS Build Plan, after the last Wait for HP SA Agent step, add the Hewlett Packard Enterprise provided script Add Windows Server to Domain.

Create DomainFQDN, DomainPassword or EncryptedDomainPassword, DomainUser, DomainName, and Key custom attributes, as shown in the following examples:

Category	Example
DomainFQDN	mydomain.net # FQDN of your domain
DomainName	# NETBIOS name of your domain
DomainUser	Aduser # An AD user with permissions to join workstations to the domain
DomainPassword	supersecret #Password for DomainUser
EncryptedDomainPassword	76492d1116743f042341 #Encrypted password
Key	supersecretpasswordworks #Key used to generate above password


	NOTE: Either DomainPassword or combination of EncryptedDomainPassword with Key custom attributes need to be provided. DomainPassword is stored as a plain text. You can delete it on completion of the Build Plan. EncryptedDomainPassword stores the encrypted password generated using the Key specified in the Key Custom attribute.

To generate an encrypted password:

Use the following steps, on a separate Windows system, to generate an encrypted password using power shell:

$key=”supersecretpasswordworks”
$password=read-host –assecurestring
<Type Password>
$encrypt=convertfrom-securestring $password -key $key.ToCharArray()
$encrypt | set-content c:\encrypted.txt #save password to file


	NOTE: The valid key can be any of 128/192/256 bits that is a byte array of 16/24/32 digits. In the preceding example, byte array to 24 digits is used. You must specify some key value in the Key custom attribute field to generate an encrypted password.

prev	up	next
Include your own packages in an OS Build Plan	home	Create a Windows scripted install OS Build Plan that installs Windows without a product key