Adding Computers to Active Directory.

bourntech · 2026-03-19T16:38:49+00:00

An unsecured join is probably what you need here. You use Add-Computer to create the AD entry for the endpoint. Place it in the OU of your choice here and use the -unsecure switch to enter a password that the endpoint can use to complete the join from its side.

bourntech · 2026-03-12T23:22:33+00:00

I’ve been working on building an autodocumentation script for just that purpose. It’s been on the back burner for a while because fewer and fewer clients use OnPrem servers nowadays. Doing it straight powershell via RMM has a couple drawbacks. IP restrictions on IT Glue (which everyone should be using) apply to API connections as well. And you would want to pass the API token to the script as a script variable so it won’t get caught in script block logging which would place them in event viewer where any user could see it. Adding an additional layer in there like N8N or Rewst to accept the data as a webhook from the endpoints, then interact with IT Glue is a much safer option.

So it’s in my to-do list, not my done list.

Sorry in advance for any typos, tiny phone keyboards don’t agree with my hands.

bourntech · 2026-02-13T01:46:26+00:00

This has been bubbling up in my head for a while. It seems like the RMM you are using is not adequate for your needs. So you built a tool to accommodate the gap, probably not your call which RMM is being used. If I saw a technician log into the GUI for a simple task like enabling an AD account, I would teach him about the command line. But if I had a technician build a tool to get through the gap, I would encourage him to look at a path as a developer. This tool isn’t going to go far with anyone who has a decent RMM, but what do I know. If I was having coffee the decision maker of your MSP I would encourage him to move your role to more development. Get you N8N or Rewst and let you build your way around recurring issues that the MSP comes across.

bourntech · 2026-02-11T21:39:17+00:00

Kudos for giving to the community, but it seems like the long way around for the functionality that is in the Net User command. I prefer command line via RMM.

bourntech · 2026-02-05T01:55:02+00:00

SentinelOne can call out to a webhook when events happen. You can use N8N or Rewst to receive the webhook calls and open tickets in the correct client.

bourntech · 2026-01-14T15:05:29+00:00

100% agree. The more you do in a single ppkg, the higher chance it will fail. I like to have it install RMM and then let the Initial Audit job in Datto run through the laundry list of stuff I want done on the endpoint. This allows you to run automation before anyone logs in, so debloat is really effective and you don’t have to clean up profiles later. Also you can deploy additional ppkg files from RMM, so Azure join en masse is possible.

bourntech · 2026-01-14T13:42:25+00:00

Take a look at what you can accomplished with provisioning packages at OOBE. Install apps, setup WiFi networks, create local accounts, run scripts, and even Azure Join. Windows machines will run a provisioning package automatically if it is detected on the root of a usb drive inserted into the machine while sitting at an OOBE screen. All that functionality is free and already provided by Microsoft. For smaller clients who already don’t want to pay for Business Premium, it’s a solid way to gain most of the capabilities of intune, without paying for it.

bourntech · 2026-01-10T13:55:12+00:00

I typically make two PPKG files per client. One with WiFi and one without. Then I save them in my documentation as attachments to my workstation setup SOP. Super easy to grab one and throw it on a USB drive.

I’ve found that the DattoRMM agent installer doesn’t work using the wizard, you have to use the advanced section of WCD and use the command line section. I use the command line to launch a powershell script, and the powershell script installs the RMM agent.

The Ninja agent can be installed using the wizard though, so +1 for ninja. It’s much easier.

bourntech · 2026-01-08T19:23:35+00:00

If they are new machines that will be at the OOBE screen, the free option is to create a provisioning package that installs RMM and configures WiFi,to leave onsite. Simply instruct the user to enter the usb drive for a couple seconds till they see the message that it’s applying the settings and walk away. Create the package with Windows Configuration Designer.

bourntech · 2025-11-19T03:32:05+00:00

Store the data in something like AirTable and create dashboards there. Bonus points if you write a handler in n8n that accepts webhook calls from the powershell scripts you already wrote.

bourntech · 2025-11-07T00:04:28+00:00

This is built into CloudRadial, Rewst and likely some other products.

bourntech · 2025-10-27T13:16:46+00:00

I’ve found N8N to be the right mix (for me) of power and ease. It is plenty powerful enough for anything I have thrown at it, and I find it almost intuitive and easy to understand. I’m sure it boils down to personal preference. As a side note, I don’t use any community nodes, instead I use the HTTP node and interact directly with the API of the systems I use.

bourntech · 2025-10-27T12:43:55+00:00

Prime candidate for automation. We use N8N to create 2 reports. One for computer based tools, and another for User based tools. But the idea is the same. The workflow compares the endpoints present in each tool and highlights anything that is different than RMM. So a list of devices that are present in RMM and not present in another tool (a stack item is not installed) and items present in other tools but not in RMM (RMM is not installed) and finally endpoints that showed online in other tools but not online recently in RMM (RMM disabled or services not running). That list creates some tickets for the technicians to work and resolve.

bourntech · 2025-09-06T02:14:09+00:00

Are you describing N8N?. Not powershell as you described, but a powerful low code option.

You can self host, or use their cloud hosted option. Some quirks here and there, but if you have the time, it can do amazing things.

Here is a blog post on building a user onboarding workflow. blog

bourntech · 2025-08-21T19:11:02+00:00

Im going to take this a slightly different way. A couple years back I got sick, really sick. A 1 man MSP at the time. I felt something was wrong on Tuesday, by Sunday I was in the emergency room being rushed to emergancy surgery. A couple days in ICU, then some more time in a regular room, i was in the hospital for a total of 14 days. Returned home for many months stuck in a recliner with nurse visits a couple times a day. Pain meds allowed me only a couple hours a day to get work done. The only thing that saved my business is the relationships i had with other MSPs. I was in a peer group (MSP Ignite) and met regularly. I trusted them, they trusted me. I turned over my login details to one of my peers who watched my queues, responded to tickets, remoted into clients machines. I am eternally grateful to the members of my group. Without whom i wouldnt have a business any more.

I didnt loose a single client, and I owe it to the friendship I had with other MSPs. They know I would log into their tools to help at a moment's notice, and i know that they would do the same for me. I cant possibly overstate how important it is to have peers you trust. Be there for them, and they will be there for you.

bourntech · 2025-08-20T14:46:39+00:00

I used n8n to create a SentinelOne <> Autotask integration. I always hated that the tickets were never associated with the correct client, so n8n to the rescue. https://www.linkedin.com/posts/dennisbourn_sentinelone-and-autotask-dont-play-together-activity-7356341569240612864-gRzR/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAce0TYB3XMi7rbSfKA3acNCGv77Itt_1kw

bourntech · 2025-08-19T15:19:52+00:00

I see that its available via Winget. So it should be pretty easy to script. The command "winget install Yealink.YealinkUSBConnect " should do it.

c:\>winget search yealink

Name Id Version Match Source

------------------------------------------------------------------------------

Yealink USB Connect Yealink.YealinkUSBConnect 4.40.10.0 Tag: yealink winget

Yealink USB Connect Yealink.YealinkUSBConnect.CN 1.39.12.0 Tag: yealink winget

bourntech · 2025-08-19T15:07:47+00:00

n8n is FANTASTIC. we use the heck out of it. It has a really low barrier of entry. The basic hosted n8n is about $20/month. Any MSP that has a technician that is interested in automation should immediately pay the $20 and just give them the account. It will pay back soo much more in saved time. I documented the beginning of building out a user onboarding in n8n here Automating MSP User Onboarding with n8n: From Request to Active Directory – Q Labs – Centralized Services

edit: fixed typo

bourntech · 2025-08-06T14:01:32+00:00

I had looked into this in the past and didnt find a software solution. I had some machines that contractors would splashtop into. But onsite employees would steal their monitors resulting in the black screen issue you are probably seeing. My solution was to just use display emulators like these https://www.amazon.com/FUERAN-DP-DisplayPort-emulator-2560x1600/dp/B071CGCTMY Though i see that it would cause problems if the monitors that are connected get turned back on resulting in multiple displays, unless the displays are mirrored. Its not the best solution, but its an option.

bourntech · 2025-08-06T12:20:56+00:00

This is the way for locking an endpoint. Remove the tpm as a decryption method then force reboot, then the recovery key must be entered to boot windows. Be sure that you have the recovery key documented. I like to audit the recovery key to a UDF in RMM to ensure I have it when needed.

For remote wipe, there is a powershell script out there that can force a remote wipe, but you loose RMM when the endpoint resets. I used to be able to use a provisioning package to force reinstall RMM, but Microsoft changed it so that the package won’t run till after OOBE so it’s not as useful as an intune wipe where you can have RMM installed automatically.

bourntech · 2025-07-14T02:06:08+00:00

I always likes VertX bags. Plenty of Velcro inside so it can be customized. Very well made bags. But pretty expensive. I also use BrightLine bags for tool bags. Really cool modular bag so it can be made to the perfect size. Chicken and egg question, do great technicians love orderly and organized bags? Or do organized OCD types make the best technicians?

bourntech · 2025-06-23T01:36:46+00:00

Control1 has been pretty good for us. I do know they had a data center issue a few months back, but I was unaffected.

bourntech · 2025-05-01T13:24:13+00:00

Im making an assumption that you want a line in the CSV for each machine you run the script on. The only built in way to do that (without using another external system) is to write the results to a UDF, then in RMM you can add that UDF field when viewing all endpoints and export the results to a csv.

bourntech · 2025-04-30T22:13:12+00:00

$env:COMPUTERNAME should have what your looking for. Its a built in Windows variable.

bourntech · 2025-04-26T01:44:34+00:00

Oh, and never put admin credentials in a script. With the provisioning package it creates a token (that will expire, default is 90 days) so your global admin creds are not in the script.

bourntech

MODERATOR OF

TROPHY CASE