In this tutorial, you’ll learn how to join a computer to the domain using PowerShell.
I will provide step by step instructions for adding a single computer and multiple computers to the domain.
Also, I’ll show you how to move the computer to an OU once it’s been added to the domain.
Let’s get started.
Join Single Computer To Domain with Powershell
Important Tip: You may need to run PowerShell as Administrator to avoid access denied errors. To do this just right-click the PowerShell icon and select “Run as Administrator”.
Open Powershell and run the following command. Change YourDomainName to your Active Directory domain name.
add-computer –domainname "YourDomainName" -restart
Example picture below running on my domain ad.activedirectorypro.com
You will get prompted to enter your credentials. This will need to be a Domain Administrator account or a user that has been delegated rights to join computers to the domain.
The computer should automatically restart and be joined to the domain.
Tip: Run help add-computer to see all the command line options (syntax)
Join Multiple Computers to the Domain From a Text File
To Join multiple computers to the domain you just need to create a text file and add the computer names to it.
In this example, I’ve created a text file called computers.txt and added PC2 and PC3 to it.
I’ve saved the text file to c:\it\computers.txt
With the text file setup I’ll run the following commands:
$computers = Get-Content -Path c:\it\computers.txt Add-Computer -ComputerName $computers -Domain "YourDomainName" -Restart
Example picture below running on my domain ad.activedirectorypro.com
The first line sets up a variable ($computers), which stores the values of the text file. The 2nd line is similar to the previous examples, now I just added the -ComputerName and the $computers variable.
This command will go through every computer listed in the text file and join them to the domain.
Pretty cool right? This will defiantly speed up the process of joining multiple computers to the domain.
Join Computer to Domain and specify OU Path With PowerShell
When you join a computer to the domain it will by default go the computers folder. It is best practice to move the computers from the default folder to a different OU.
Thankfully we can automate this with PowerShell when we join the computers to the domain.
Run this command to join a computer to the domain and specify the OU path.
Add-Computer -DomainName "Domain02" -OUPath "OU=testOU,DC=domain,DC=Domain,DC=com"
In the following example, I’ll be adding computers to the domain that go to the sales department. I have an OU setup called sales so I want the computers to automatically be moved to that OU.
The PowerShell command requires the distinguished name of the OU. The easiest way to get this is by navigating to the OU in Active Directory Users and Computers and opening the properties of the OU. Then click the Attribute Editor and copy the value of distinguishedName.
Now add this path to the command, below is the command for my domain. This will add the computer to the Sales OU in my Active Directory.
Add-Computer -DomainName "ad.activedirectorypro.com" -OUPath "OU=Sales,OU=ADPRO Computers,DC=ad,DC=activedirectorypro,DC=com"
I’ve just walked through three examples of using PowerShell to join computers to the domain. Now you can forget about logging into each computer and manually adding them to the domain. With PowerShell you can quickly add single or multiple computers at a time.
Try out these commands and let me know how they work by leaving a comment below.
Related: Huge List of PowerShell Commands for Active Directory
How to actually do it using powershell? This assumes some GUI
PowerShell command
add-computer –domainname “YourDomainName” -restart
We are part of a larger domain where each site has an OU with its own OU admins with rights to add objects. I am trying to use a script to add multiple computer accounts to the domain in our OU, When they are created manually using ADUC, we change the default User or Group to our local OU Admins group from Domain Admins. this allows us to actually join the systems to the domain when they get deployed. How can I set this when I create the object using powershell. having a hard time finding this.
Thanks!
HI
I cant join multicomputers to domain with powershell:
Add-Computer : Cannot establish the WMI connection to the computer ‘pc7’ with the following error message: Access is
denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
At line:1 char:1
+ Add-Computer -ComputerName $computers -Domain “microsoft.net” -Restart
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (pc7:String) [Add-Computer], InvalidOperationException
+ FullyQualifiedErrorId : AddComputerException,Microsoft.PowerShell.Commands.AddComputerCommand
In your command –
Add-Computer -DomainName “Domain02” -OUPath “OU=testOU,DC=domain,DC=Domain,DC=com”
there is an extra DC=Domain
If using a subdomain which is an MS best practice then it is correct. My domain is ad.activedirectorypro.com
DC=ad
DC=activedirectorypro,DC=com
OU=Accounting,OU=ADPRO Computers,DC=ad,DC=activedirectorypro,DC=com
Dumb question: how would you join two or more computers in a domain using a single command, issued from one single machine, in one batch, as long as this command does not run within the context of those yet unjoined machines and how those machines will know that they have been joined?
Or “Add-Computer” used on multiple host names as described above is just a simple creation of some objects inside AD, with no real connection with the machines themselves? Because if so, then I would not call this a real AD join…
Same question here…not following their logic with the join multiple PCs
This ^
You can use the -LocalCredential parameter to specify credentials to talk to the workstation.
Alternatively, if Windows computers set up in a workgroup have an (administrative) account with a common username and password, it will probably work.
For example, let’s say your workstation imaging process sets the password for the local ‘Administrator’ account so that it is the same on all machines.
If you were to log on to one of the machines using the Administrator account, you can normally access shared folders on the other machines the same as you would if it were on a domain (e.g. using \\computer\share) without being prompted for credentials. In theory this would likely work for using the Add-Computer cmdlet.
I’ve yet to actually test this theory since I’ve no need for it, but thought I’d share in case it was helpful.
can we do it automatically
That is cool, I did not know you could join multiple computers at once like that.
The way that I get the distinguished name of the OU is from a simple PowerShell one-liner
Get-ADOrganizationalUnit -Filter ‘Name -like “*”‘ | Format-Table Name, DistinguishedName -AutoSize