Immy Active Directory setup

John_Grady · March 5, 2025, 9:52pm

I have ImmyBot agent running on the DC but I don’t see what I need to do to get AD users to populate into immy? I also want to take advantage of the domain join but that doesn’t do anything either, the rename works fine but I’m not seeing anything fail in the logs regarding the domain join.

John_Grady · March 7, 2025, 5:20pm

I made my own, tested and working. I wasn’t trying to get users into Immy, just wanted to do domain join.

param($Computer)

if(!$Computer)
{
$Computer = Get-ImmyComputer
}

$Computer | Invoke-ImmyCommand {
$domain = “domain goes here”
$username = “domain\user goes here”
$password = “Password goes here”
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($username, $securePassword)

Add-Computer -DomainName $domain -Credential $credential -Force -Restart

# Ensure compliance output
$compliance = $true  # or $false based on your compliance logic
if ($null -eq $compliance) {
    Write-Output "The Test script did not return any output. Please ensure you output at least one `$true or `$false value to indicate compliance."
} else {
    Write-Output $compliance
}

}

GaDalamar · March 12, 2025, 3:06pm

We use the built in Domain Join and rename, and never had issues. Make sure that the server shows “Domain Controller” in Immy

NateDocX · March 17, 2025, 1:16pm

If you’re talking about AD users being populated into Users to be able to pick a Primary User, it won’t work. The ‘People’ system only populates from Entra ID, and so to be able to reference an AD user, you have to have Hybrid sync set up. They say it’s easy to do, but we don’t do it for most clients for reasons. You can still AD join though with Immy as GaDalamar says - you just can’t pick a Primary User. Use ‘Set Computer Name and Domain Join’ with the flag ‘ShouldBeDomainJoined’ set to true. And yes, you have to have an Immy agent on a DC in the domain (and online) for this to work. It does an offline join, so the machine being joined does not have to be able to see the DC, but does if you actually want to sign in afterwards.

Nathan_Woodcock · April 9, 2025, 12:06am

This is confusing then as the help on that item specifically says you really only should not set primary user on kiosk PCs. And if you cant set a DC user how can immybot do any AD user profile config like defaults and apps?

NateDocX · April 15, 2025, 3:50pm

If you want Immy to do AD user profile things, then you have to have hybrid EID sync going. Otherwise you have to set it as no primary user and won’t benefit from any user-profile config deployments. It’ll still do the majority of your deployments fine though, just not the fully-polished experience you get with a Primary User set. IMHO it’d be nice for Immy to allow for AD users to be specified directly, but that’d require a significant retool of the Primary User system.