Join Computer to Domain Using PowerShell

by Robert Allen

In this tutorial, you’ll learn how to join a computer to the domain using PowerShell.

I will provide step by step instructions for adding a single computer and multiple computers to the domain.

Also, I’ll show you how to move the computer to an OU once it’s been added to the domain.

Let’s get started.

Join Single Computer To Domain with Powershell

Important Tip: You may need to run PowerShell as Administrator to avoid access denied errors. To do this just right-click the PowerShell icon and select “Run as Administrator”.

Open Powershell and run the following command. Change YourDomainName to your Active Directory domain name.

add-computer –domainname "YourDomainName"  -restart

Example picture below running on my domain ad.activedirectorypro.com

You will get prompted to enter your credentials. This will need to be a Domain Administrator account or a user that has been delegated rights to join computers to the domain.

The computer should automatically restart and be joined to the domain.

Tip: Run help add-computer to see all the command line options (syntax)

Join Multiple Computers to the Domain From a Text File

To Join multiple computers to the domain you just need to create a text file and add the computer names to it.

In this example, I’ve created a text file called computers.txt and added PC2 and PC3 to it.

I’ve saved the text file to c:\it\computers.txt

With the text file setup I’ll run the following commands:

$computers = Get-Content -Path c:\it\computers.txt
Add-Computer -ComputerName $computers -Domain "YourDomainName" -Restart

Example picture below running on my domain ad.activedirectorypro.com

The first line sets up a variable ($computers), which stores the values of the text file. The 2nd line is similar to the previous examples, now I just added the -ComputerName and the $computers variable.

This command will go through every computer listed in the text file and join them to the domain.

Pretty cool right? This will defiantly speed up the process of joining multiple computers to the domain.

Join Computer to Domain and specify OU Path With PowerShell

When you join a computer to the domain it will by default go the computers folder. It is best practice to move the computers from the default folder to a different OU.

Thankfully we can automate this with PowerShell when we join the computers to the domain.

Run this command to join a computer to the domain and specify the OU path.

Add-Computer -DomainName "Domain02" -OUPath "OU=testOU,DC=domain,DC=Domain,DC=com"

In the following example, I’ll be adding computers to the domain that go to the sales department. I have an OU setup called sales so I want the computers to automatically be moved to that OU.

The PowerShell command requires the distinguished name of the OU. The easiest way to get this is by navigating to the OU in Active Directory Users and Computers and opening the properties of the OU. Then click the Attribute Editor and copy the value of distinguishedName.

Now add this path to the command, below is the command for my domain. This will add the computer to the Sales OU in my Active Directory.

Add-Computer -DomainName "ad.activedirectorypro.com" -OUPath "OU=Sales,OU=ADPRO Computers,DC=ad,DC=activedirectorypro,DC=com"

I’ve just walked through three examples of using PowerShell to join computers to the domain. Now you can forget about logging into each computer and manually adding them to the domain. With PowerShell you can quickly add single or multiple computers at a time.

Try out these commands and let me know how they work by leaving a comment below.

Related: Huge List of PowerShell Commands for Active Directory 

Recommended Tools

  • AD Cleanup Tool - Find stale and inactive user and computer accounts in Active Directory. Export, disable, move or delete the stale accounts to increase security.
  • AD User Creation Tool - Bulk import or update Active Directory user accounts. Add users to groups, import into OUs, set multiple attributes and more.
  • NTFS Permissions Tool - Scan and audit NTFS folder permissions. See which users and groups have access to what.
  • AD Reporting Tool - Over 200 reports on users, computers, groups, OUs and more. Customize reports or create your own reports with the report builder.

12 thoughts on “Join Computer to Domain Using PowerShell”

  1. We are part of a larger domain where each site has an OU with its own OU admins with rights to add objects. I am trying to use a script to add multiple computer accounts to the domain in our OU, When they are created manually using ADUC, we change the default User or Group to our local OU Admins group from Domain Admins. this allows us to actually join the systems to the domain when they get deployed. How can I set this when I create the object using powershell. having a hard time finding this.

    Thanks!

    Reply
  2. HI
    I cant join multicomputers to domain with powershell:
    Add-Computer : Cannot establish the WMI connection to the computer ‘pc7’ with the following error message: Access is
    denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
    At line:1 char:1
    + Add-Computer -ComputerName $computers -Domain “microsoft.net” -Restart
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OperationStopped: (pc7:String) [Add-Computer], InvalidOperationException
    + FullyQualifiedErrorId : AddComputerException,Microsoft.PowerShell.Commands.AddComputerCommand

    Reply
  3. In your command –
    Add-Computer -DomainName “Domain02” -OUPath “OU=testOU,DC=domain,DC=Domain,DC=com”
    there is an extra DC=Domain

    Reply
    • If using a subdomain which is an MS best practice then it is correct. My domain is ad.activedirectorypro.com

      DC=ad
      DC=activedirectorypro,DC=com

      OU=Accounting,OU=ADPRO Computers,DC=ad,DC=activedirectorypro,DC=com

      Reply
  4. Dumb question: how would you join two or more computers in a domain using a single command, issued from one single machine, in one batch, as long as this command does not run within the context of those yet unjoined machines and how those machines will know that they have been joined?
    Or “Add-Computer” used on multiple host names as described above is just a simple creation of some objects inside AD, with no real connection with the machines themselves? Because if so, then I would not call this a real AD join…

    Reply
      • You can use the -LocalCredential parameter to specify credentials to talk to the workstation.

        Alternatively, if Windows computers set up in a workgroup have an (administrative) account with a common username and password, it will probably work.

        For example, let’s say your workstation imaging process sets the password for the local ‘Administrator’ account so that it is the same on all machines.

        If you were to log on to one of the machines using the Administrator account, you can normally access shared folders on the other machines the same as you would if it were on a domain (e.g. using \\computer\share) without being prompted for credentials. In theory this would likely work for using the Add-Computer cmdlet.

        I’ve yet to actually test this theory since I’ve no need for it, but thought I’d share in case it was helpful.

        Reply
  5. That is cool, I did not know you could join multiple computers at once like that.

    The way that I get the distinguished name of the OU is from a simple PowerShell one-liner

    Get-ADOrganizationalUnit -Filter ‘Name -like “*”‘ | Format-Table Name, DistinguishedName -AutoSize

    Reply

Leave a Comment