Migrazione Dominio Client Windows 7

Prima Esperienza Powershell molto interessante. Necessario PsExec dei PSTolls. Posizionare nella stessa cartella 4 file loop.bat, migra.ps1, pc_list.txt e psexec.exe. inserire uno per riga gli ip dei pc da migrare nel file pc_list.txt. Eseguire cmd.exe con diritti di amministrazione del vecchio dominio da cui si sta migrando (es:old.dir.domain.old). Posisizionarsi nella cartella contenente i file ed eseguire loop.bat

:: loop.bat esegue lo script migra.ps1 tramite psexec nei computer definiti

:: Necessario che ogni riga del file pc_list.txt sia un indirizzo ip e che il file
:: sia nella stessa cartella dello script e che lo script sia lanciato dalla cartella
:: dove si trova con credenziali che abbiano diritti di amministrazione nei pc didestinazione

for /F %%I in (pc_list.txt) do call :azioni %%I
goto :_EOF

:azioni

date /t >> migraLog.txt
time /t >> migraLog.txt

echo %1 >> migraLog.txt

:: ******* = password .\Administrator macchina remota

xcopy migra.ps1 \\%1\C$\admin\ /C /Y >> migraLog.txt
psexec.exe \\%1 -u .\Administrator -p ******* -h PowerShell.exe -ExecutionPolicy Bypass -File "C:\migra.ps1" >> migraLog.txt

goto :_EOF

:_EOF

# migra.ps1 Retrocompatibile Windows PowerShell 1.0 http://technet.microsoft.com/en-us/library/hh848793.aspx

Param(
        [ValidateSet("join","")]
        [String] 
        $Parametro
    ) 

if ($Parametro -eq "join")
    {
        # ******* = password user new.domain.new\domainadmin
        gwmi Win32_ComputerSystem -computername $env:computername | ForEach-Object{$_.JoinDomainOrWorkgroup('new.domain.new','*******','new.domain.new\domainadmin',$null,3)}

        Set-Location -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
        Set-ItemProperty -Path . -Name AutoAdminLogon -Value "0"
        Set-ItemProperty -Path . -Name DefaultUserName -Value "install"
        Remove-ItemProperty -Path . -Name DefaultPassword
        Remove-ItemProperty -Path . -Name ForceAutoLogon
        
        Remove-Item C:\migra.ps1
        
        Start-Sleep -s 2
        
        Restart-Computer -Force
    }
else
    {
        # Unjoin

        $domain = "old.dir.domain.old"
        # ******* = password user $domain\domainadmin
        $result = gwmi Win32_ComputerSystem -computername $env:computername | ForEach-Object{$_.UnjoinDomainOrWorkgroup('*******','$domain\domainadmin')}

        # gwmi abbreviazione di Get-WmiObject http://technet.microsoft.com/en-us/library/ee692685.aspx
        
        switch($result.ReturnValue)
            {       
                0 { Write-Host "Unjoin " $env:computername "on domain " $domain "`n"}
                5  { Write-Host "Unjoin Access is denied" "`n"}
                87 { Write-Host "Unjoin The parameter is incorrect""`n"}
                110 { Write-Host "Unjoin The system cannot open the specified object""`n"}
                1323 { Write-Host "Unjoin Unable to update the password""`n"}
                1326 { Write-Host "Unjoin Logon failure: unknown username or bad password""`n"}
                1355 { Write-Host "Unjoin The specified domain either does not exist or could not be contacted""`n"}
                2224 { Write-Host "Unjoin The account already exists""`n"}
                2691 { Write-Host "Unjoin The machine is already joined to the domain""`n"}
                2692 { Write-Host "Unjoin The machine is not currently joined to a domain""`n"}
            
                default { Write-Host "Error - return value of " $result.ReturnValue }
            }
    
        # Join to WORKGROUP

        $domain = "WORKGROUP"
        $result = gwmi Win32_ComputerSystem -computername $env:computername | ForEach-Object{$_.JoinDomainOrWorkgroup($domain,'','a',$null,$null)}
        switch($result.ReturnValue)
            {       
                0 { Write-Host "Join to WORKGROUP " $env:computername "on domain " $domain"`n"}
                5  { Write-Host "Join to WORKGROUP Access is denied"}
                87 { Write-Host "Join to WORKGROUP The parameter is incorrect""`n"}
                110 { Write-Host "Join to WORKGROUP The system cannot open the specified object""`n"}
                1323 { Write-Host "Join to WORKGROUP Unable to update the password""`n"}
                1326 { Write-Host "Join to WORKGROUP Logon failure: unknown username or bad password""`n"}
                1355 { Write-Host "Join to WORKGROUP The specified domain either does not exist or could not be contacted""`n"}
                2224 { Write-Host "Join to WORKGROUP The account already exists""`n"}
                2691 { Write-Host "Join to WORKGROUP The machine is already joined to the domain""`n"}
                2692 { Write-Host "Join to WORKGROUP The machine is not currently joined to a domain""`n"}
        
                default { Write-Host "Error - return value of " $result.ReturnValue "`n"}
            }

        # change DNS

        $pattern = '^192.168.(\w+)'
        $newDNS = "192.168.0.30","192.168.0.31"
        $DNSSuffixx = "dir.domain.new","new.dir.domain.new","new.domain.new"
        $NICs = gwmi -ComputerName $env:computername Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match $pattern}

        ForEach($NIC in $NICs)
            {
                $x = $NIC.SetDNSServerSearchOrder($newDNS)
                if($x.ReturnValue -eq 0){Write-Host "Successfully Changed DNS Servers on " $env:computername "`n"}
                else{Write-Host "Failed to Change DNS Servers on " $env:computername " Error:" $x.ReturnValue "`n"}
            
                $x = Invoke-WmiMethod -Class Win32_NetworkAdapterConfiguration -Name SetDNSSuffixSearchOrder -Computername $env:computername -ArgumentList @($DNSSuffixx),$null
                if($x.ReturnValue -eq 0){Write-Host "Successfully Insert DNS Suffix on " $env:computername "`n"}
                else{Write-Host "Failed to Change Insert DNS Suffix on " $env:computername " Error:" $x.ReturnValue "`n"}
            
            }

        # Rename
        
        Write-Host "Old Name is " $env:computername "`n"

        $ComputerName = $env:computername -replace "^(\w+)-(\w+)", 'acc-$2'
        
        # ******* = password local Administrator
        
        $result = gwmi Win32_ComputerSystem -computername $env:computername | ForEach-Object{$_.rename($ComputerName,"******","Administrator")}

        # gwmi abbreviazione di Get-WmiObject http://technet.microsoft.com/en-us/library/ee692685.aspx
        
        switch($result.ReturnValue)
            {       
                0 { Write-Host "New Name " $ComputerName "`n"}
                5  { Write-Host "Rename Access is denied" "`n"}
                87 { Write-Host "Rename The parameter is incorrect""`n"}
                110 { Write-Host "Rename The system cannot open the specified object""`n"}
                1323 { Write-Host "Rename Unable to update the password""`n"}
                1326 { Write-Host "Rename Logon failure: unknown username or bad password""`n"}
                1355 { Write-Host "Rename The specified domain either does not exist or could not be contacted""`n"}
                2224 { Write-Host "Rename The account already exists""`n"}
                2691 { Write-Host "Rename The machine is already joined to the domain""`n"}
                2692 { Write-Host "Rename The machine is not currently joined to a domain""`n"}
            
                default { Write-Host "Error Rename - return value of " $result.ReturnValue }
            }
        
        # RunOnce joinDomain

        Set-Location -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
        Set-ItemProperty -Path . -Name joinDomain -Value "C:\WINDOWS\system32\WindowsPowerShell\v1.0\Powershell.exe -ExecutionPolicy Bypass -File C:\admin\migra.ps1 join"
        
        # Autologon
        
        Set-Location -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
        Set-ItemProperty -Path . -Name AutoAdminLogon -Value "1"
        Set-ItemProperty -Path . -Name DefaultUserName -Value "Administrator"
        Set-ItemProperty -Path . -Name DefaultPassword -Value "******"
        Set-ItemProperty -Path . -Name ForceAutoLogon -Value "1"
        
        Start-Sleep -s 2
        
        Restart-Computer -Force
    }

# Riferimenti

# http://timnew.github.io/blog/2012/04/13/powershell-script-to-rename-computer-without-reboot/
# https://gist.github.com/timnew/2373475#file-rename-ps1
# 
# http://technet.microsoft.com/en-us/library/dd315394.aspx
# 
# http://technet.microsoft.com/it-it/magazine/2007.11.powershell.aspx
# http://technet.microsoft.com/en-us/library/hh847880.aspx
# http://technet.microsoft.com/en-us/library/hh847759.aspx
# http://ss64.com/ps/syntax-regex.html
# http://www.regular-expressions.info/powershell.html
# http://blogs.technet.com/b/heyscriptingguy/archive/2011/03/21/use-powershell-to-replace-text-in-strings.aspx
# http://powershell.com/cs/blogs/tobias/archive/2011/10/27/regular-expressions-are-your-friend-part-1.aspx
# http://www.powershelladmin.com/wiki/Powershell_regular_expressions
#
# http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed3f4c9e-1467-4795-b9d1-ae41937b8962/script-to-change-dns-servers-on-remote-server?forum=winserverpowershell
# 
# http://stackoverflow.com/questions/6217799/rename-computer-and-join-to-domain-in-one-step-with-powershell
# 
# http://community.spiceworks.com/scripts/show/1540-join-computer-to-domain-with-powershell-one-click-method
#
# http://ss64.com/ps/syntax-esc.html

Lascia un commento

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...