PowerCLI

We have a test group that at anytime has about a hundred test servers. When they move to a new platform, they typically present a gold image of a Windows server, and request that the VMware admins turn it into a template and push out a hundred machines, which are then manually joined to the domain. I am trying to automate the process (especially of joining to the domain), and this is a new concept for me, any ideas/suggestions?

Use a vCenter customization spec which has the domain information as well as account embedded. When you deploy from that template, select the customization spec and it will automatically join the domain.

thanks for the response, would you mind sharing a screenshot of a typical customization template as you described? 

There is a great example in How to change IP and join a VM into domain by PowerCLI in VMware.
It doesn't require you to use OSCustomizationSPec.

thanks I will be looking at the link you provided

Hey,

is it possible to use the script without entering the password again for $DomainAccountPWD

Because if the Script is already running with domainadminrights, i want to pass the pwd direct in the invoke command.

Do you mean to use the credentials from the account under which the script is running?
If yes, I don't think it is possible to retrieve the user/password for the current user to pass along.

You will at least need to enter credentials once in the script.

You could consider storing the credentials locally via the New-VICredentialStoreItem cmdlet, and then retrieving them via the Get-VICredentailstoreItem cmdlet.

That way you could a prompt for credentials

Yes, I wanted to avoind typing the pw twice... but ok..

maybe you can help me here. This is not wokring, I want to joing a VM via script invoke command. I´m not sure about the @"

And how could I join the computer to a certain OU?

# Domain account passowrd

$vm = testvm1

$userid = whoami

$DomainAccountPWD = Get-Credential $userID | ConvertTo-SecureString -asPlainText -force

$cmd = @"

$domain = mydomain.local

$password = $DomainAccountPWD # | ConvertTo-SecureString -asPlainText -force

$username = $userID

$credential = New-Object System.Management.Automation.PSCredential($username,$password)

Add-computer -DomainName $domain -Credential $credential

"@

Invoke-VMScript -VM $vm -ScriptText $cmd -Verbose -GuestUser $GuestUserName -GuestPassword $GuestPassword

VERBOSE: 9/27/2019 6:34:54 PM Invoke-VMScript Finished execution

ScriptOutput

-----------------------------------------------------------------------------------------------------------------------| At line:4 char:72

| + ... ew-Object System.Management.Automation.PSCredential

| + ~

| Missing argument in parameter list.

| At line:5 char:72

| + ... ew-Object System.Management.Automation.PSCredential(

| + ~

| Missing argument in parameter list.

| + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException

| + FullyQualifiedErrorId : MissingArgument

|

|

-----------------------------------------------------------------------------------------------------------------------

without # of course-> # | ConvertTo-SecureString -asPlainText -force

Try escaping (with a back-tick) the variables you don't want to be substituted in the here-string

Thanks LucD so far,

but still not working, the script hangs on, nothing happens, any idea?

Microsoft Windows [Version 10.0.14393]

(c) 2016 Microsoft Corporation. All rights reserved.

## Domain account passowrd

$userid = whoami

$DomainAccountPWD = Get-Credential $userID | ConvertTo-SecureString -asPlainText -force

cmd = @"

`$domain = $domain

`$password = $DomainAccountPWD | ConvertTo-SecureString -asPlainText -force

`$username = $userID

`$DomainCredential = New-Object System.Management.Automation.PSCredential(`$username,`$password)

Add-computer -DomainName `$domain -DomainCredential `$credential

"@

Write-Host "Invoke Script"

Invoke-VMScript -VM $vm -ScriptText $cmd -Verbose -GuestUser $GuestUserName -GuestPassword $GuestPassword

sleep -Seconds 5

Restart-VM -VM $VM -Confirm:$false

sleep -Seconds 5

Do you initialise the $domain variable somewhere?

I still suspect the script might be hanging on the UAC prompt.

sure $domain is set

UAC is off on the VM... the VM is 2016win.

I noticed you did the ConvertTo-SecureString twice.

Can you try like this?

no, still same problem

Is there maybe a other option like netdom?

##

$userid = whoami

$DomainAccountPWD = Get-Credential $userID | ConvertTo-SecureString -asPlainText -force

$vm = get-vm -Name vmtest

$domain = 'my.domain'

cmd = @"

`$domain = $domain

`$password = $DomainAccountPWD

`$username = $userID

`$credential = New-Object System.Management.Automation.PSCredential(`$username,`$password)

Add-computer -DomainName `$domain -Credential `$credential

"@

Write-Host "Invoke Script"

Invoke-VMScript -VM $vm -ScriptType Powershell -ScriptText $cmd -Verbose -GuestUser $GuestUserName -GuestPassword $GuestPassword

sleep -Seconds 5

Restart-VM -VM $VM -Confirm:$false

  sleep -Seconds 5

##reboot and wait until vm is back 

Wait-Tools -VM $vm

if I run only this, it will not complete do not go on...

cmd = @"

`$domain = $domain

`$password = $DomainAccountPWD

`$username = $userID

`$credential = New-Object System.Management.Automation.PSCredential(`$username,`$password)

Add-computer -DomainName `$domain -Credential `$credential

"@

That is not the code I posted in my previous reply.
You still have the ConvetTo-SecureString in there, when assigning $DomainAccountPWD

If i run your script with my var,

its asking fo a values

cmdlet Get-Credential at command pipeline position 1

Supply values for the following parameters:

Message:

$DomainAccountPWD = (Get-Credential -UserName $userID).GetNetworkCredential().Password    -> is not asking for a password, just text??

Seems you need to provide a Message when using UserId

better, but till not running. and the join is not working as well I dont get it:-(

on all Variables i get this message

not recognized as the name of a cmdlet,

|  function, script file, or operable program. Check the spelling of the name, or

|  if a path was included, verify that the path is correct and try again.

|  At line:2 char:11

is there an other way instead of @"

maybe something like that?

$userid = whoami

$DomainAccountPWD = Get-Credential $userID | ConvertTo-SecureString -asPlainText -force

$vm = get-vm -Name testvm

$domain = 'my.domain'

$credential = New-Object System.Management.Automation.PSCredential($userid,$DomainAccountPWD)

$cmd = 'Add-Computer -DomainName ' + $domain + ' -Credential ' + $credential

#Invoke-VMScript -VM $vm -ScriptType Powershell -ScriptText $cmd -Verbose -GuestUser $GuestUserName -GuestPassword $GuestPassword

Write-Host "Invoke Script"

Invoke-VMScript -VM $vm -ScriptType Powershell -ScriptText $cmd -Verbose -GuestUser $GuestUserName -GuestPassword $GuestPassword

sleep -Seconds 5

Could you share the exact error message you are getting back?

It looks like something is wrong inside the VM

I´m using a script to set the ip inside the VM as well, but there is a problem, i have 2 networkadapter called Ethernet and the ip route is not set correctly. Let me fix that first, maybe thats the reason why the join is not working.

Hi  Luc,

I did a workaround with the the netdom command, this works better, I don know the thing with @´ is not working at all

first question. I need to do a password trick to get it back in plaintext, otherwise the invoke command has problems to get the password

$DomainAccountPWD = Get-Credential $userID | ConvertTo-SecureString -asPlainText -force is not working, $DomainAccountPWD will not be correct transferd in the invoke command. Is there a better way to do it? or i use the plaintext trick

second question

reboot and wait-tools is not working reliable, mostly the script is running over.. whats wrong?

thanks

#######################################

#

cls

$userid = whoami

#$DomainAccountPWD = Get-Credential $userID | ConvertTo-SecureString -asPlainText -force   ### not working

$domain = 'mydomain'

Param(

    $DomainAccountPWD = (Read-Host "Dein Domain Admin Password für den Join" -AsSecureString)

)

Write-Host "Encrypted Password: $(ConvertFrom-SecureString $DomainAccountPWD)"

$ADpass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($DomainAccountPWD))

#VM Inventory names to match

$matchVMs = "VMTEST01"

#Guest Credentials - Must have required permissions to change IP address

$GuestUserName = "Administrator"

$GuestPassword = "localpassword!"

##############NO CHANGES BEYOND THIS POINT##############

#List of VMs (vCenter Inventory Names) to change

Write-Host "Getting list of VMs from Inventory where Inventory Name contains $matchVMs"

$VM = (get-vm | where {$_.Name -match $matchVMs -and $_.PowerState -eq "PoweredOn"}).Name

$netdom = "netdom join $vm /domain:$domain /userd:$userID /passwordd:$ADpass"

Invoke-VMScript -vm $vm -scriptType bat -ScriptText $netdom -GuestUser $GuestUserName -GuestPassword $GuestPassword

##reboot and wait until vm is back 

Restart-VMguest -VM $VM -Confirm:$false | out-null

sleep -Seconds 5

write-host $vm "VM is rebooting"

Wait-Tools -VM $vm

write-host $vm "VM is online again"

$VMs

write-host " VM Domain Join done"

1) You have to remember that the here-string uses variable substitution in a string.
So you can't use composite objects, only simple types like string, int...

So yes, you will have to use the plaintext,

2) Correct Wait-Tools is not reliable to know when you can launch an Invoke-VMScript.

That is why I'm using the GuestOperationsReady property.

Something like this

In fact, after the Restart-VMGuest, you first have to wait till the VM is powered off, and then use the above loop.

ok thanks

and how could i fetch this two stati? How can i do the -or ?

Write-Host “Waiting for VM Tools to Start on $VM”

do {

Set-Variable -name ToolsStatus -Value (Get-VM $VM).extensiondata.Guest.ToolsStatus

Write-Host $toolsStatus

sleep 3

}

until ($toolsStatus -eq ‘toolsOk’ -or ‘toolsOld’ )

Sorry, not following.
I was talking about the GuestOperationsReady property.

The restart and wait to launch Invoke-VMScript could look like this

Running vCenter 6.5 U3.  Noticed guest customization specific settings is deprecated now?

Moved from the clunky 5.5 thick client vCenter.  Guest customization had specific network/machine name settings during deploy. 

Is running this script the only way now to add specific static IP settings to the machine during clone/template deploys? 

Where did you see that deprecated message?

I only see add new or modify existing...  the thick client had an option to specify custom settings without creating a new customization. 

That was only when you clone a VM or deploy from a Template, afaik.
And that is still there.

And you can assign an OSCustomizationSpec to an existing VM with Set-VM.

Hi luc,

if I run the loop, an it never end.... I was waiting about 10 min and nothing happend. VM was restartet less than a minute. Am I doing something wrong?

Restart-VMGuest -VM $vm -Confirm:$false | Out-Null

while ($vm.PowerState -ne 'PoweredOff')

{

    Start-Sleep 1

    $vm = Get-VM -Name $vm.Name

}

while (-not $vm.ExtensionData.Guest.GuestOperationsReady)

{

    Start-Sleep 2

    $vm.ExtensionData.UpdateViewData('Guest.GuestOperationsReady')

}

No, that looks ok.

Try to determine in which loop it gets stuck.

Preferably with a debugger, but you can also add some Write-Host lines in the code.