95 lines
3.1 KiB
PowerShell
95 lines
3.1 KiB
PowerShell
#Requires -RunAsAdministrator
|
|
|
|
param(
|
|
[Parameter(Mandatory=$true)]
|
|
[string]$Domain,
|
|
|
|
[Parameter(Mandatory=$false)]
|
|
[string]$ComputerName
|
|
)
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
# Verify running as Administrator
|
|
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
|
|
$principal = [Security.Principal.WindowsPrincipal]$identity
|
|
if (-not $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
|
Write-Error "This script must be run as a machine Administrator."
|
|
exit 1
|
|
}
|
|
|
|
# Verify Nebula service is running
|
|
$nebulaSvc = Get-Service -Name "nebula" -ErrorAction SilentlyContinue
|
|
if (-not $nebulaSvc -or $nebulaSvc.Status -ne "Running") {
|
|
Write-Error "Nebula service is not running. Run install-nebula.ps1 first."
|
|
exit 1
|
|
}
|
|
|
|
# Validate computer name if provided
|
|
if ($ComputerName) {
|
|
if ($ComputerName.Length -gt 15) {
|
|
Write-Error "Computer name '$ComputerName' exceeds 15 character limit."
|
|
exit 1
|
|
}
|
|
if ($ComputerName -notmatch '^[a-zA-Z0-9-]+$') {
|
|
Write-Error "Computer name '$ComputerName' contains invalid characters. Use only letters, numbers, and hyphens."
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
# Check if already joined to this domain
|
|
$cs = Get-WmiObject Win32_ComputerSystem
|
|
$alreadyJoined = $cs.PartOfDomain -and $cs.Domain -eq $Domain
|
|
if ($alreadyJoined) {
|
|
Write-Host "This machine is already joined to '$Domain'. No changes needed."
|
|
exit 0
|
|
}
|
|
|
|
# Verify DNS can resolve the domain (i.e. DC is reachable)
|
|
try {
|
|
$resolved = Resolve-DnsName $Domain -ErrorAction Stop
|
|
Write-Host "Resolved $Domain to $($resolved[0].IPAddress)"
|
|
} catch {
|
|
Write-Error "Cannot resolve domain '$Domain'. Ensure DNS is pointed at the domain controller (run set-dns.ps1 first)."
|
|
exit 1
|
|
}
|
|
|
|
# Prompt for domain credentials
|
|
Write-Host "Enter credentials for a domain account with permission to join machines to '$Domain':"
|
|
$credential = Get-Credential -Message "Domain join credentials for $Domain"
|
|
if (-not $credential) {
|
|
Write-Error "No credentials provided."
|
|
exit 1
|
|
}
|
|
|
|
# Warn if computer name doesn't match expected name
|
|
if ($ComputerName -and $env:COMPUTERNAME -ne $ComputerName.ToUpper()) {
|
|
Write-Warning "Current computer name '$env:COMPUTERNAME' does not match '$ComputerName'."
|
|
Write-Warning "If you have a pre-staged AD object for '$ComputerName', rename this machine first and reboot before running this script."
|
|
Write-Warning "Proceeding with domain join as '$env:COMPUTERNAME'..."
|
|
}
|
|
|
|
# Join the domain under the machine's current name
|
|
Write-Host "Joining '$Domain' as '$env:COMPUTERNAME'..."
|
|
try {
|
|
Add-Computer -DomainName $Domain -Credential $credential -Force
|
|
} catch {
|
|
Write-Error "Failed to join domain: $_"
|
|
exit 1
|
|
}
|
|
|
|
# Verify the join succeeded
|
|
$cs = Get-WmiObject Win32_ComputerSystem
|
|
if ($cs.PartOfDomain -and $cs.Domain -eq $Domain) {
|
|
Write-Host "Successfully joined '$Domain' as '$env:COMPUTERNAME'."
|
|
Write-Host ""
|
|
Write-Host "A restart is required for changes to take effect."
|
|
$restart = Read-Host "Restart now? (y/n)"
|
|
if ($restart -eq "y") {
|
|
Restart-Computer -Force
|
|
}
|
|
} else {
|
|
Write-Error "Domain join could not be verified."
|
|
exit 1
|
|
}
|