Run a script when joining a domain

windows group-policy startup-scripts

I have a Microsoft domain (mostly 2008r2\7).
I looking for a way to run a script immediately after (the restart after) joining a domain (without requiring user login), and so far I've failed.

Also, I want it to run only once, so scheduling a repeated task is not an option.
It just seem to me a waste to let it run over and over again.

I've tried a GPO with startup script, but when the computer receives the GPO it's way after the startup.
I've also tried a GPO with a scheduled task (with different triggers), but they didn't work too:
"At startup" trigger fails same as the startup script.
"At Task creation" fails, I guess because it's not created the usual way.
"At schedule" is irrelevant, because I need it to run right after joining (and setting a date that had already passed didn't work).
Couldn't find any relevant registry keys, but I assume they would have the same problem as the GPO startup script.

The only idea that might do what I need is attaching a task to the relevant event on the DCs, and run the script remotely.

Any better suggestions?

--Edit--
By the answers (which are great, but doesn't quite cut it), I have a few points to add:
1. The question applies to both servers (2008r2\2012\2012r2), though I've tested only on 2012r2.
2. I'm looking for a more runonce-like solution, meaning I don't want it to run endlessly until some condition is fulfilled.
3. We use images to deploy servers and workstations, but I can't use a solution that involves editing them because a) That would require me to update them each time I need to change something in my script b) BYODs.
4. We don't use a joining script (we simply don't need one...), so starting to use one seem to me a waste. Also, there are a few problem with it (e.g. where should I put it? in the image? in a shared location? what with BYODs? that would defeat point 3).

Thanks.


Solution 1:

Add a custom registry key to your build image, just a simple '1' value somewhere.
Add a scheduled task that checks for the registry key value to the build image, add checks for your domain name in this registry key

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters

If it finds both run your script, then change the custom registry key to 0 on complete. Have this task run at startup.

You can either then leave this task in place as is, or have a gpo that deletes the scheduled task. However if you leave it in place and you ever need to rerun the script you can just change the registry key back to 1 and reboot.

Slight security concern is the scheduled task will need to run as a local administrator account.

Related

rsyslog unexpected end of file on log files with OMFileZipLevel
IPv6 support makes openconnect server vpn connection too slow
Microsoft Word does not respond to keyboard shortcuts
How to recover deleted voicemail from iPhone 4S?
How can I email a document from iWork without the recipient seeing the intermediate saved versions?
Access password in iOS Keychain
Is there a way to make the iPad stay in the App Store when you buy an app?
How can I disable gestures on a particular workspace?
Never allow speakers sound during specific hours
Compressed archive in Lion creates a root-level "Archive" folder in .zip file
what is "translate" and why does it want access to my keychain?
How can I fix my GPT?