Join Windows 7 to Domain with PowerShell

So I just got an interesting email from my school (I work in IT). Officially, we don’t support Windows 7 32-bit on campus in the sense that we don’t have a supported “campus built image” for it. However, either due to hardware manufacturers not providing 64 bit drivers or some software manufacturers refusing to support 64-bit OSes, we end up with random 32-bit machines that we can’t join to the domain because our automated script only runs on 64-bit Windows. The email was also saying that the computers they joined via the GUI weren’t being placed in the proper OU containers…it’s just a big mess. Anyway, if they would have just come and asked me (yeah right), I would have told them about a simple PowerShell command that will manipulate a computer’s domain membership. Here’s the cmdlet’s syntax.

Add-Computer [-DomainName] <string> [-Credential <PSCredential>] [-OUPath <string>] [-PassThru] [-Server <string>] [-Unsecure][-Confirm] [-WhatIf] [<CommonParameters>]

Add-Computer [-WorkGroupName] <string> [-Credential <PSCredential>] [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]

As you can see, there are two modes for the command to run in. The first one joins a workgroup machine to a domain, and the second one joins a domain machine to a workgroup. Let’s go through what each of the parameters does.

-Credential <PSCredential>

Specifies a user account that has permission to perform this action. The default is the current user.

Type a user name, such as “User01” or “Domain01User01”, or enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password.

-DomainName <string>

Specifies a domain for the computer account. This parameter is required.

-OUPath <string>

Specifies an organizational unit (OU) for the domain account. Enter the full distinguished name of the OU in quotation marks. The default value is the default OU for machine objects in the domain.


Returns the results of the command. By default, this cmdlet does not generate any output.

-Server <string>

Specifies the name of a domain controller that adds the computer to the domain. Enter the name in DomainNameComputerName format. The default is the local computer.


Performs an unsecure join.

-WorkGroupName <string>

Specifies the name of a work group for the computer. If you omit this parameter, the computer is joined to a domain.


Prompts you for confirmation before executing the command.


Describes what would happen if you executed the command without actually executing the command.


This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, OutBuffer, OutVariable, WarningAction, and WarningVariable. For more information, see about_CommonParameters.

As you can see, the only required parameter is the -DomainName parameter. If -DomainName is not specified, then you must specify -WorkGroupName.  Regardless of the case, the -DomainName parameter (or -WorkGroupName) must be defined before any other parameters. Here is an example that would work for my school.

Add-Computer -DomainName -Credential JEPOWELLadmin -OUPath “OU=Win7-x64-Desktop,OU=Windows,OU=Workstations,DC=jepowell,DC=net” -PassThru -Server -Confirm

Let me know in the comments if you have any questions. I hope this helps!

By: Jason Powell

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s