Rename-Computer with PSADT

Hey all,

i am currently Scripting my way through Hybrid-Autopilot deployment and have a Script that i want to Deploy as win32 App with v4. My Functions in general work fine just the “Rename-Computer -NewName $NewComputerName -Force -PassThru” throws an Error when running with Intune. (since v4 the Error shows now and it throws Access denied which is pretty much obvious due to not running under AD User with permissions)

Does anyone have any idea how i would rename a PC with PSADT/Intune scripting. I want to Rename the Computer Account / AD Account of my Computer object.

BR Niklas

Hi,

According to the documentation for the Powershell function Rename-Computer it looks like it needs to be executed with credentials that have the right to rename computers in the domain. Both examples use the parameter -DomainCredential (and your example don’t use it). Rename-Computer (Microsoft.PowerShell.Management) - PowerShell | Microsoft Learn. And I assume the local System account which is normally used when installing applications doesn’t have this right. I don’t believe this is a PSADT issue.

1 Like

Yes @JFP is absolutely correct (and yes this is not a PSADT question),

Without a lot of work I doubt this can be performed with an Intunewin deployment (but I’d happily be proved wrong)
However, as we are doing this rename successfully for our Hybrid Domain Joined machines, I’ll give you some tips from our experience, I’ll try and do this off the top of my head…

There are plenty of pre-reqs for this to work (and work reliably), you’ll need:

  • Line of sight to a Domain controller before and after the rename
  • Rights for the computer object to rename itself in AD - you need to modify the rights to the OU where the computer accounts reside for your Hybrid domain joined manchines, to grant SELF the modify permission
  • The Rename script is quite robust as if it fails to see a line of sight to a DC it should create a scheduled task that will attempt to fire when it next sees the domain controllers to re-attempt the rename (It’s not that graceful for a user at this stage as it just alerts that the machine needs to be restarted due to a rename, I think it gives 5 mins notice)

Reasons this won’t work:

  • Computer does not have line of sight to the Domain Controller(s)
  • Computer does not have rights to rename itself
  • A computer account already exists of the same name (You have to actively clean up old computer accounts)
1 Like

Unless you’re needing something truly specific, you should be renaming your devices via a configuration profile using the DevDetail CSP: DevDetail CSP | Microsoft Learn

1 Like

Hi @Adrian_Scott !
I am sorry yes i was aware that it is not a PSADT issue :slight_smile: @JFP thanks a lot too!

I have also thought about delegating rights in AD to SELF and i will definitely try that!

Thanks evryone for your help!