There are several ways that you can change IP and join a VM into a domain in VMware.
In automatic VM provisioning, customization specifications can add the VM into domain after VM has been created.
However, the customization wouldn’t work if the DNS and network environment are complicated or not controlled by Sys Admins.
By using PowerCLI, I am able to manipulate VMs on the VMware level included changing IP and joining to the domain.
Tested environments:
- VMware vSphere PowerCLI 6.3 Release 1
- Windows Server 2012 R2
- Powershell 5.0
- VMware vCenter 5.5
Change IP
After the VM has been created by New-VM command, the first thing to do is changing the IP address.
Here is the script:
Add-PSSnapin VMware*
$hostname = "VMs Name"
$newIP = "10.10.10.10"
$newGateWay = $newIP.Split(".")[0]+"."+$newIP.Split(".")[1]+"."+$newIP.Split(".")[2]+".1"
$cmdIP = "netsh interface ipv4 set address name=`"Ethernet 2`" static $newIP 255.255.255.0 $newGateWay"
$cmdDNS1 = "netsh interface ipv4 set dns name=`"Ethernet 2`" static 8.8.8.8"
$cmdDNS2 = "netsh interface ip add dns name=`"Ethernet 2`" 8.8.4.4 index=2"
$vm = Get-VM $hostname
$cred = Get-Credential Administrator
Invoke-VMScript -VM $vm -ScriptType Bat -ScriptText $cmdIP -Verbose -GuestCredential $cred
Invoke-VMScript -VM $vm -ScriptType Bat -ScriptText $cmdDNS1 -Verbose -GuestCredential $cred
Invoke-VMScript -VM $vm -ScriptType Bat -ScriptText $cmdDNS2 -Verbose -GuestCredential $cred
The hostname is the VM`s name on VMware. The script also adds default gateway and DNS names.
You will need to pass the local administrator password into the Invoke-VMScript command. The Admin password can be changed by the customization specifications.
Join Domain
To join the VM to the domain, we will need two credentials, local and domain.
Below is the script:
Add-PSSnapin VMware* $hostname = "VMs Name" $vm = Get-VM $hostname $cred = Get-Credential Administrator # Run the script as a domain account $userID = whoami $domain = "YourDomain.com" $OU = "OU=yourOU;DC=yourDomain;DC=com" # Domain account passowrd $DomainAccountPWD = (Get-Credential $userID -Message "Please Enter your Domain account password.").GetNetworkCredential().Password $cmd = "wmic.exe /interactive:off ComputerSystem Where name=`"%computername%`" call JoinDomainOrWorkgroup FJoinOptions=1 Name=`"$domain`" UserName=`"$userID`" Password=`"$pwd`" AccountOU=`"$OU`"" Invoke-VMScript -VM $vm -ScriptType Bat -ScriptText $cmd -Verbose -GuestCredential $cred
You will get two prompts, the first one is for local admin password. This is for the Invoke-VMScript.
The second one is for the command which will be executed on the OS level. The credential will need the privilege to join the domain. I assume that you run this script by a domain account, so “whoami” will get your domain user ID.
The tricky part is that the password needs to be plaintext. Line 12 converts the password into plaintext and save in the $cmd variable.
For security concern, you can pack the script into EXE file or close the PowerShell session to clean the memory after the task is done.
Update 04/04/2017
PowerShell Method to join domain:
Add-PSSnapin VMware* $hostname = "VMs Name" $vm = Get-VM $hostname $cred = Get-Credential Administrator # Run the script as a domain account $userID = whoami # Domain account passowrd $DomainAccountPWD = (Get-Credential $userID -Message "Please Enter your Domain account password.").GetNetworkCredential().Password $cmd = @" `$domain = "YourDomain.com" `$password = "$pwd" | ConvertTo-SecureString -asPlainText -force; `$username = "$userID"; `$credential = New-Object System.Management.Automation.PSCredential(`$username, `$password); Add-computer -DomainName `$domain -Credential `$credential "@ Invoke-VMScript -VM $vm -ScriptText $cmd -Verbose -GuestCredential $cred