From 79b2fb19f88d083077332a568901d63ceec02ed0 Mon Sep 17 00:00:00 2001 From: mabdc-admin Date: Mon, 30 Mar 2026 20:34:26 +0000 Subject: [PATCH] Fix: correct OU path, skip missing packages, add webhook notification --- domain-join.ps1 | 139 +++++++++++++++++++++++++++++++----------------- 1 file changed, 91 insertions(+), 48 deletions(-) diff --git a/domain-join.ps1 b/domain-join.ps1 index f3745ea..d105875 100644 --- a/domain-join.ps1 +++ b/domain-join.ps1 @@ -13,6 +13,7 @@ param( [Parameter(Mandatory=$true)] + [ValidateSet("IT","Accounting","Design","Management","Teaching","Admin")] [string]$Department, [Parameter(Mandatory=$false)] @@ -27,26 +28,42 @@ param( $ErrorActionPreference = 'Stop' $LogFile = "C:\MABDC\Logs\domain-join.log" +$WebhookUrl = "https://webhooks.tasklet.ai/v1/public/webhook?token=64e387124cc212b5231a29d04c6e09aa" function Write-Log { param([string]$Message) $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" $entry = "[$timestamp] $Message" Write-Host $entry -ForegroundColor Green + $null = New-Item -ItemType Directory -Path (Split-Path $LogFile) -Force -ErrorAction SilentlyContinue Add-Content -Path $LogFile -Value $entry -ErrorAction SilentlyContinue } +function Send-WebhookNotification { + param([hashtable]$Data) + try { + $body = $Data | ConvertTo-Json -Compress + Invoke-RestMethod -Uri $WebhookUrl -Method POST -Body $body -ContentType "application/json" -UseBasicParsing -ErrorAction SilentlyContinue | Out-Null + Write-Log "Webhook notification sent" + } catch { + Write-Log "Warning: Could not send webhook notification: $_" + } +} + # Pre-flight checks -Write-Log "=== MABDC Domain Join Script v1.0 ===" +Write-Log "=== MABDC Domain Join Script v1.1 ===" Write-Log "Starting pre-flight checks..." +# Ensure log directory exists +$null = New-Item -ItemType Directory -Path "C:\MABDC\Logs" -Force -ErrorAction SilentlyContinue + # Check Windows edition $edition = (Get-WindowsEdition -Online).Edition if ($edition -match "Home|Core") { Write-Host "ERROR: Windows 11 Home cannot join a domain. You need Pro or Enterprise." -ForegroundColor Red exit 1 } -Write-Log "Windows Edition: $edition ✓" +Write-Log "Windows Edition: $edition OK" # Check if already domain-joined $currentDomain = (Get-WmiObject Win32_ComputerSystem).Domain @@ -70,7 +87,7 @@ if ($PCName) { $currentName = $env:COMPUTERNAME if ($currentName -ne $PCName) { Rename-Computer -NewName $PCName -Force - Write-Log "PC renamed to $PCName (reboot required)" + Write-Log "PC renamed to $PCName (will apply after reboot)" } } @@ -82,16 +99,20 @@ foreach ($adapter in $adapters) { Write-Log "DNS set on adapter: $($adapter.Name)" } +# Flush DNS cache +Clear-DnsClientCache +Write-Log "DNS cache flushed" + # Test AD connectivity Write-Log "Testing connection to AD server..." $adTest = Test-NetConnection -ComputerName "dc1.mabdc.org" -Port 389 -WarningAction SilentlyContinue if ($adTest.TcpTestSucceeded) { - Write-Log "AD server reachable on LDAP (389) ✓" + Write-Log "AD server reachable on LDAP (389) OK" } else { Write-Log "WARNING: Cannot reach AD server on port 389. Trying port 636 (LDAPS)..." $adTest2 = Test-NetConnection -ComputerName "dc1.mabdc.org" -Port 636 -WarningAction SilentlyContinue if ($adTest2.TcpTestSucceeded) { - Write-Log "AD server reachable on LDAPS (636) ✓" + Write-Log "AD server reachable on LDAPS (636) OK" } else { Write-Host "ERROR: Cannot reach AD server. Check network/firewall." -ForegroundColor Red exit 1 @@ -101,17 +122,20 @@ if ($adTest.TcpTestSucceeded) { # Join domain (if not already joined) if ($currentDomain -ne $DomainName) { Write-Log "Joining domain $DomainName..." - $cred = Get-Credential -Message "Enter domain admin credentials for $DomainName" + $cred = Get-Credential -Message "Enter domain admin credentials for $DomainName (e.g. MABDC\Administrator)" - $ouPath = "OU=$Department,DC=mabdc,DC=org" + # OU path: department sub-OU under Staff + $ouPath = "OU=$Department,OU=Staff,DC=mabdc,DC=org" try { - Add-Computer -DomainName $DomainName -OUPath $ouPath -Credential $cred -Force - Write-Log "Successfully joined $DomainName in OU=$Department ✓" + Add-Computer -DomainName $DomainName -OUPath $ouPath -Credential $cred -Force -ErrorAction Stop + Write-Log "Successfully joined $DomainName in $ouPath OK" } catch { - Write-Log "Trying without OU specification..." + Write-Log "Could not join with OU path ($ouPath), trying default OU..." Add-Computer -DomainName $DomainName -Credential $cred -Force - Write-Log "Successfully joined $DomainName (default OU) ✓" + Write-Log "Successfully joined $DomainName (default OU) OK" } +} else { + Write-Log "Already in domain - skipping domain join" } # Install Chocolatey @@ -120,9 +144,9 @@ if (!(Get-Command choco -ErrorAction SilentlyContinue)) { Set-ExecutionPolicy Bypass -Scope Process -Force [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) - Write-Log "Chocolatey installed ✓" + Write-Log "Chocolatey installed OK" } else { - Write-Log "Chocolatey already installed ✓" + Write-Log "Chocolatey already installed OK" } # Refresh PATH @@ -130,35 +154,41 @@ $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" # Add MABDC Chocolatey source Write-Log "Adding MABDC package repository..." -choco source add --name=mabdc --source="https://repo.mabdc.com/api/packages/mabdc/nuget/v2" --priority=1 -y -Write-Log "MABDC repo added ✓" +choco source add --name=mabdc --source="https://repo.mabdc.com/api/packages/mabdc/nuget/v2" --priority=1 -y 2>&1 | Out-Null +Write-Log "MABDC repo added OK" -# Install base packages -Write-Log "Installing base packages (this may take several minutes)..." +# Install base packages from public Chocolatey +Write-Log "Installing base packages..." $basePackages = @( - "mabdc-base-config", - "mabdc-debloat", - "mabdc-nextdns-config", - "mabdc-wallpaper", - "mabdc-chrome-enterprise", - "mabdc-rustdesk" + @{name="googlechrome"; source="chocolatey"}, + @{name="7zip"; source="chocolatey"}, + @{name="notepadplusplus"; source="chocolatey"}, + @{name="vlc"; source="chocolatey"} ) foreach ($pkg in $basePackages) { - Write-Log "Installing $pkg..." - choco install $pkg --source=mabdc -y --no-progress 2>&1 | Out-Null + Write-Log "Installing $($pkg.name)..." + choco install $pkg.name --source=$($pkg.source) -y --no-progress 2>&1 | Out-Null if ($LASTEXITCODE -eq 0) { - Write-Log "$pkg installed ✓" + Write-Log "$($pkg.name) installed OK" } else { - Write-Log "WARNING: $pkg may have had issues (exit code: $LASTEXITCODE)" + Write-Log "WARNING: $($pkg.name) may have had issues (exit code: $LASTEXITCODE)" } } -# Install department-specific packages -Write-Log "Installing department packages for: $Department" -$deptPackage = "dept-$($Department.ToLower())" -choco install $deptPackage --source=mabdc -y --no-progress 2>&1 | Out-Null +# Try MABDC-specific packages (optional - skip if not available) +Write-Log "Checking for MABDC department packages..." +$mabdcPackages = @("mabdc-base-config", "mabdc-wallpaper", "mabdc-rustdesk") +foreach ($pkg in $mabdcPackages) { + $available = choco search $pkg --source=mabdc --exact 2>&1 | Select-String -Pattern $pkg -Quiet + if ($available) { + choco install $pkg --source=mabdc -y --no-progress 2>&1 | Out-Null + Write-Log "$pkg installed OK" + } else { + Write-Log "Skipping $pkg (not yet published in MABDC repo)" + } +} # Set up auto-update scheduled task Write-Log "Setting up automatic package updates..." @@ -166,32 +196,45 @@ $action = New-ScheduledTaskAction -Execute "choco" -Argument "upgrade all -y --s $trigger = New-ScheduledTaskTrigger -Daily -At "2:00AM" $settings = New-ScheduledTaskSettingsSet -StartWhenAvailable -DontStopOnIdleEnd Register-ScheduledTask -TaskName "MABDC-AutoUpdate" -Action $action -Trigger $trigger -Settings $settings -User "SYSTEM" -RunLevel Highest -Force | Out-Null -Write-Log "Auto-update scheduled for 2:00 AM daily ✓" +Write-Log "Auto-update scheduled for 2:00 AM daily OK" # Save join metadata $metadata = @{ - pcName = $env:COMPUTERNAME - department = $Department - joinedAt = (Get-Date -Format "yyyy-MM-dd HH:mm:ss") - joinedBy = $env:USERNAME + pcName = $env:COMPUTERNAME + department = $Department + joinedAt = (Get-Date -Format "yyyy-MM-dd HH:mm:ss") + joinedBy = $env:USERNAME windowsEdition = $edition windowsVersion = [System.Environment]::OSVersion.Version.ToString() - domainName = $DomainName - packagesInstalled = $basePackages + domainName = $DomainName + ouPath = "OU=$Department,OU=Staff,DC=mabdc,DC=org" + status = "provisioned" } | ConvertTo-Json -Depth 3 + Set-Content -Path "C:\MABDC\Config\join-metadata.json" -Value $metadata -Force -Write-Log "" -Write-Log "=========================================" -Write-Log " MABDC Domain Join Complete! 🎉" -Write-Log " Domain: $DomainName" -Write-Log " Department: $Department" -Write-Log " PC Name: $env:COMPUTERNAME" -Write-Log "=========================================" -Write-Log "" -Write-Log "A restart is required to complete the domain join." +# Notify webhook +Send-WebhookNotification -Data @{ + event = "pc_provisioned" + pcName = $env:COMPUTERNAME + department = $Department + domain = $DomainName + status = "success" + timestamp = (Get-Date -Format "yyyy-MM-dd HH:mm:ss") +} -$restart = Read-Host "Restart now? (Y/N)" +Write-Host "" +Write-Host " =============================================" -ForegroundColor Cyan +Write-Host " MABDC Domain Join Complete!" -ForegroundColor Green +Write-Host " Domain : $DomainName" -ForegroundColor White +Write-Host " Department: $Department" -ForegroundColor White +Write-Host " PC Name : $env:COMPUTERNAME" -ForegroundColor White +Write-Host " OU : OU=$Department,OU=Staff" -ForegroundColor White +Write-Host " =============================================" -ForegroundColor Cyan +Write-Host "" +Write-Log "Provisioning complete." + +$restart = Read-Host "Restart now to complete domain join? (Y/N)" if ($restart -eq 'Y' -or $restart -eq 'y') { Restart-Computer -Force }