# Domain name and the tld. In this example the domain is starfleet.aws $domain_name = "starfleet".ToUpper() $domain_tld = "aws" $secrets_manager_secret_id = "Windows/ServiceAccounts/DomainJoin" # Make a request to the secret manager $secret_manager = Get-SECSecretValue -SecretId $secrets_manager_secret_id # Parse the response and convert the Secret String JSON into an object $secret = $secret_manager.SecretString | ConvertFrom-Json # Construct the domain credentials $username = $domain_name.ToUpper() + "\" + $secret.ServiceAccount $password = $secret.Password | ConvertTo-SecureString -AsPlainText -Force # Set PS credentials $credential = New-Object System.Management.Automation.PSCredential($username,$password) # Get the Instance ID from the metadata store, we will use this as our computer name during domain registration. $instanceID = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/instance-id # Perform the domain join # Add-Computer -DomainName "$domain_name.$domain_tld" -OUPath "DN=Computers,DC=$domain_name,DC=$domain_tld" -NewName "$instanceID" -Credential $credential -Passthru -Verbose -Force -Restart Add-Computer -DomainName "$domain_name.$domain_tld" -NewName "$instanceID" -Credential $credential -Passthru -Verbose -Force -Restart # Script Tests # Write-Output $username # Write-Output $password # Write-Output "Add-Computer -domainname '$domain_name.$domain_tld' -OUPath 'CN=Computers,DC=$domain_name,DC=$domain_tld' -NewName '$instanceID' -Credential $credential -Passthru -Verbose -Force -Restart"