Powershell script to fully automate joining the domain

I'm trying to create a script to completely automate joining the domain to use during a wds image deployment. I don't want to use the WAIK option because the password is stored in plain text in the xml file. So I've found some powershell scripts online that look like they could work.

This is the command I used to create my encrypted file which contains the password.

read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt

Here's the script I'm using.

$domain = "MYDOMAIN.COM"
$password = cat C:\securestring.txt | ConvertTo-SecureString -Force
$username = "$domain\MYUSERNAME"
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
Add-Computer -DomainName $domain -Credential $credential

Here's the error I'm getting.

C:\>powershell
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.
PS C:\> $domain = "MYDOMAIN.COM"
PS C:\> $password = cat C:\securestring.txt | ConvertTo-Secure
String -Force
ConvertTo-SecureString : Cannot process argument because the value of argument
"input" is invalid. Change the value of the "input" argument and run the operat
ion again.
At line:1 char:66
+ $password = cat C:\securestring.txt | ConvertTo-SecureString <<<< -Force
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], P
SArgumentException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument,Microsoft.Pow
erShell.Commands.ConvertToSecureStringCommand

2 Answers

Secure strings only work for the user that created them. If you are creating C:\securestring.txt as one user and then trying to read it with a different user it won't work. Try creating the file with the same user that is going to read it.

Instead of using a text file to store your password, why don't you ask for a user input. It's never advisable to store Domain Admin passwords in Text files. You might as well, not even bother with the Txt file and just declare the password directly in the script.

Example 1: Requesting user to input the password
$domain = "MYDOMAIN.COM"
$password = Read-Host -Prompt "Enter password for $user" -AsSecureString
$username = "$domain\MYUSERNAME"
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
Add-Computer -DomainName $domain -Credential $credential
Example 2: Declare the password instead of point to a text file
$domain = "myDomain"
$password = "Pa$$w0rd123" | ConvertTo-SecureString -asPlainText -Force
$username = "$domain\myUserAccount"
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
Add-Computer -DomainName $domain -Credential $credential