can you please help me in solving the Issue here i tried may ways but could not able to figure out the method to join the domain if it is already exists.
when ever we take a snapshot from aws we need to unjoin machine from domain first and take snapshot and again rejoin the machine to domain , i could able to perform the unjoin task by action : leave and when i am trying to join the same machine to domain it says the account is already exist and chef is unable to join the machine to domain.
Below is the images when i try to join the machine which is already exists but running the recipie after unjoing it from domain
please advise how to rejoin the when it is already got registered and unjoin is performed
We actually don’t use the :leave action, that was contributed by another user. Instead we have an external powershell script that removes the record from active directory and then syncs replicas. You might be able to modify this script as part of your cookbook.
function Destroy-ActiveDirectory {
param(
[Parameter(mandatory=$true)][String]$VMName,
[Parameter(mandatory=$true)][String]$ADServer,
[Parameter(mandatory=$true)][Bool]$Replicate
)
#find the AD server to talk to
Write-Host "Removing $VMName from Domain, if exists"
try{
$ADComputer = Get-ADComputer -Server $ADServer -Identity $VMName
if ($ADComputer){
$ADComputer | Remove-ADObject -Recursive -Confirm:$false
}
}
catch{
Write-Warning "Failed to remove $VMName from Active Directory, manual cleanup may be required, or the server was not joined to the domain."
}
if ($ADComputer -and $Replicate) {
$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers
ForEach ($dc in $Domain) {
#replicate the change just made to this server out to all servers in the domain
if ($ADServer -eq $dc.Name.Split('.')[0]){
ForEach ($part in $dc.Partitions) {
Write-Host "$dcName - Syncing replicas from all servers for partition '$part'"
$dc.SyncReplicaFromAllServers($part, @('PushChangeOutward','CrossSite'))
}
}
}
}
}
Only problem with your code is it assumes the ActiveDirectory module is present. Many of my Windows nodes do not have this module installed, especially at build time. Sure I can install it as part of the cookbook, but I’m instead using ADSI to check and see if the object is in AD already and if it is I delete it using ADSI again.