Streamline DJOIN with a Powershell Script

This script facilitates admin work for DJOIN tasks.

It does the following:

  1. Script asks for the FQDN/PC Name
  2. Provisions machine in AD
  3. Automatically creates two files in C:\OfflineJoinBlobs\$FQDN
    1. Blob File
    2. Batch file for user to run
  4. You then zip up the output in C:\OfflineJoinBlobs\$FQDN and send to user for them to run

Powershell Script:

$newComputers = Read-Host “What is the FQDN”
$saveLocation = “c:\OfflineJoinBlobs\$newComputers”

$Result = test-path -path $saveLocation
if (-not $Result) {
New-Item $saveLocation -type directory
}

foreach ($computer in $newComputers) {
$cmdString = “djoin /provision /downlevel /domain domain.local /machine ” + $computer + ” /savefile  ” +  $saveLocation + “\$computer.txt”
cmd.exe /c $cmdString
}

$x = @”
:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
@echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================

:checkPrivileges
NET FILE 1>NUL 2>NUL
if ‘%errorlevel%’ == ‘0’ ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
if ‘%1’==’ELEV’ (shift & goto gotPrivileges)
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

setlocal DisableDelayedExpansion
set “batchPath=%~0”
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^(“Shell.Application”^) > “%temp%\OEgetPrivileges.vbs”
ECHO UAC.ShellExecute “!batchPath!”, “ELEV”, “”, “runas”, 1 >> “%temp%\OEgetPrivileges.vbs”
“%temp%\OEgetPrivileges.vbs”
exit /B

:gotPrivileges
::::::::::::::::::::::::::::
:START
::::::::::::::::::::::::::::
setlocal & pushd .

cls
pushd “%CD%”
CD /D “%~dp0”

djoin.exe /requestODJ /loadfile $newComputers.txt /windowspath %SystemRoot% /localos

popd

pause
“@

$x | Out-File $saveLocation\$newComputers.bat -encoding ASCII

Make sure that to facilitate things further, you initiate the PowerShell script from a batch file so that you can elevate yourself to Domain Admin.

In notepad, enter the following and save as .bat:

RunAs /user:domain\domainadmin /savecred “powershell -executionpolicy bypass -file Path\djoin.ps1”

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s