Run a script when joining a domain
I have a Microsoft domain (mostly 2008r2\7).
I looking for a way to run a script immediately after (the restart after) joining a domain (without requiring user login), and so far I've failed.
Also, I want it to run only once, so scheduling a repeated task is not an option.
It just seem to me a waste to let it run over and over again.
I've tried a GPO with startup script, but when the computer receives the GPO it's way after the startup.
I've also tried a GPO with a scheduled task (with different triggers), but they didn't work too:
"At startup" trigger fails same as the startup script.
"At Task creation" fails, I guess because it's not created the usual way.
"At schedule" is irrelevant, because I need it to run right after joining (and setting a date that had already passed didn't work).
Couldn't find any relevant registry keys, but I assume they would have the same problem as the GPO startup script.
The only idea that might do what I need is attaching a task to the relevant event on the DCs, and run the script remotely.
Any better suggestions?
--Edit--
By the answers (which are great, but doesn't quite cut it), I have a few points to add:
1. The question applies to both servers (2008r2\2012\2012r2), though I've tested only on 2012r2.
2. I'm looking for a more runonce-like solution, meaning I don't want it to run endlessly until some condition is fulfilled.
3. We use images to deploy servers and workstations, but I can't use a solution that involves editing them because a) That would require me to update them each time I need to change something in my script b) BYODs.
4. We don't use a joining script (we simply don't need one...), so starting to use one seem to me a waste. Also, there are a few problem with it (e.g. where should I put it? in the image? in a shared location? what with BYODs? that would defeat point 3).
Thanks.
Solution 1:
Add a custom registry key to your build image, just a simple '1' value somewhere.
Add a scheduled task that checks for the registry key value to the build image, add checks for your domain name in this registry key
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
If it finds both run your script, then change the custom registry key to 0 on complete. Have this task run at startup.
You can either then leave this task in place as is, or have a gpo that deletes the scheduled task. However if you leave it in place and you ever need to rerun the script you can just change the registry key back to 1 and reboot.
Slight security concern is the scheduled task will need to run as a local administrator account.