Jump to content

fellow IT Admins need your advice


Recommended Posts

Posted

so i am currently temporarily head of a small IT department that is part of a larger one and right now we have 200+ machines, xp,7 and mac and we need to go through and rename ALL of them, now i have to go to the machine itself to do it,

 

but was wondering if anyone know of any apps for ipad that would make adding the new machine name to AD easier so i would not have remote into my desktop at the office to do it,

 

also wondering if there is some sort of script i can run that would unjoin said machine from domain, reboot, login, rename, reboot, login, rejoin, reboot.

 

any a advice would be awesome, so far everything has been smooth

Posted

The Netdom.exe command will do what you need on the windows PC's. It may not be installed on the XP boxes, but you can download it from MS and just copy it to each PC. Use Google to find the commands.

 

I'm a big fan of PowerShell, but It would likely need to be installed on the XP boxes as well. The Remove-Computer and Add-Computer cmdlets are what you are looking for. You can find info about them here:    https://technet.microsoft.com/en-us/library/hh849816.aspx

 

I found this bit of code on that page that looks like it might remove all of the Windows machines at once:

 

Remove-Computer -ComputerName (Get-Content OldComputers.txt) -LocalCredential Domain01\Admin01 -UnJoinDomainCredential Domain01\Admin01 -WorkgroupName Legacy -Force -Restart

 

For that to work, you'll want to create a text file named OldComputers.txt and put all of the machine names in it, each one on a new line. Modify both of the entries that say Domain01\Admin01 to your own domain name and user account. Change "Legacy" if you want a different workgroup name, but that won't really matter since it will only be temporary.

 

If that doesn't work, you can run these commands from each workstation:

 

#Remove Machine From Domain

 

#Modify the domain and user fields to match your environment

$domain = "myDomain" 
$user = "myUserAccount"
#Don't edit below this point 
$password = Read-Host -Prompt "Enter password for $user" -AsSecureString 
$username = "$domain\$user" 
$credential = New-Object System.Management.Automation.PSCredential($username,$password) 
Remove-Computer -UnjoinDomaincredential $credential -Passthru -Verbose -Restart

and after the reboot

 

#Add Machine to Domain

 

#Modify the domain and user fields to match your environment

$domain = "myDomain" 
$user = "myUserAccount"
#Don't edit below this point 
$password = Read-Host -Prompt "Enter password for $user" -AsSecureString 
$username = "$domain\$user" 
$credential = New-Object System.Management.Automation.PSCredential($username,$password) 
Add-Computer -DomainName $domain -Credential $credential

 

Save each of those last two bits of code into a text file named UnjoinPC.ps1 and JoinPC.ps1 and then run them from a PowerShell window. If the very first one-liner works, you wouldn't need to run the #Remove Machine From Domain script, but you will need to run the #Add Machine to Domain script on each PC.

 

One word of caution: you better know the local admin password on each PC, otherwise you will have no way of logging into the pc after the unjoin process and it reboots. I would try the commands above one one sacrificial PC first just to make sure it all works.

 

 

Good Luck

  • Like 1
Posted
I wish I could do all at once but I can't I have to retag them aswell and I can't remote into every PC but thanks for that I will keep looking


Sent from my iPhone using Tapatalk
Posted

You need some management software if you are managing 200+ boxes by yourself. Have you ever heard of labtech? I use it for multiple clients and it is pre-loaded with a boat load of scripts including stuff like you are describing.

  • Like 2
Posted
analog hit it on the head, we did about 15k systems 2 years ago and had to get every system on 7 before that script would work. If any bombed out during the process, we just ran the dart CD on them and got in this way.

Honestly if you're not sure on how to get this going, you could probably do 200 computers manually before getting this sorted out with your setup With just a couple of people.
  • Like 1
Posted

analog hit it on the head, we did about 15k systems 2 years ago and had to get every system on 7 before that script would work. If any bombed out during the process, we just ran the dart CD on them and got in this way.

Honestly if you're not sure on how to get this going, you could probably do 200 computers manually before getting this sorted out with your setup With just a couple of people.

only issue is that it's really only me due to the guy I'm working won't be here long so he does not have badge access and won't be getting it, but good thing is I get to work 10 hour every day during the week and work Saturdays till the end of February to get it done


Sent from my iPad using Tapatalk
Posted

Digging a little deeper, it looks like there may be a PowerShell command to remotely rename a PC from the comfort of your office. You may need to install PowerShell 4 on your workstation / server. I read somewhere that this cmdlet is in PowerShell 2 and 4, but not 3. Open whatever PowerShell you currently have and type "Help Rename-Computer" to see if it exists for you. It will definitely be in version 4, so just be safe and install that.

 

Try this command on a sacrificial Windows PC and see what happens:

 

 

Rename-computer –computername “oldcomputer” –newname “newcomputername” –domaincredential domain\user –force –restart

 

Replace "OldComputername" and "NewComputerName" with the names you are actually using. Replace "domain\user" with your actual domain name and an account that has admin rights on the PC and in AD. Making yourself a Domain Admin is cheating, but being in that group will get the job done.

 

You'll want to verify that the PC reboots, and comes back with the new name. Also verify in AD that the name has been changed. You may want to look at DNS too and see if it's changed there as well.

 

If it works, you could probably knock them all out in an evening. You could get fancy and write a script using "get-content" and have it read all the old and new computernames from a text file, then sit back and let PS do all the work. Or you could copy / paste that line 200 times and edit the computernames, then run that as a simple script.

 

PowerShell is awesome. If you're going to be a server admin, I highly encourage you to at least learn some basic commands. There are a ton of web pages out there with sample scripts. Most of us don't write any original code, we just google / copy / paste / modify what's already out there.

 

Also, this command should work for Windows PC's, I'm not a MAC guy, so you are on your own there  :cool:

Posted (edited)

None of it will work on a Mac at all, those are a completely different monster.  Even using Centrify to manage the Mac's, just about everything has to be done manually like this because the policies and commands won't translate properly.

Edited by Sam1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

TRADING POST NOTICE

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions.

TGO makes no claims, guarantees or assurances regarding any such transactions.

THE FINE PRINT

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

TNGunOwners.com (TGO) is not a lobbying organization and has no affiliation with any lobbying organizations.  Beware of scammers using the Tennessee Gun Owners name, purporting to be Pro-2A lobbying organizations!

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines
 
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.