Domain plugin for Take Command / TCC / TCC/LE

beta version     2023-10-16

Charles Dye


This plugin helps manage workstations on network domains. It adds a new command DOMAIN to join and leave domains, and several new functions and internal variables to report the computer’s current network membership status.


To use this plugin, copy Domain.dll and Domain.chm to some known location on your hard drive. (If you are still using the 32-bit version of Take Command, take Domain-x86.dll instead of Domain.dll.) Load the plugin with a PLUGIN /L command, for example:

plugin /l c:\bin\tcmd\test\domain.dll

If you copy the .DLL file to a subdirectory named PlugIns within your Take Command program directory, the plugin will be loaded automatically when TCC starts.

Plugin Features:


New functions: @DC, @PDC, @RANDX


Syntax Note:

The syntax definitions in the following text use these conventions for clarity:

BOLD CODEindicates text which must be typed exactly as shown.
CODEindicates optional text, which may be typed as shown or omitted.
Bold italicnames a required argument; a value must be supplied.
Regular italicnames an optional argument.
ellipsis…after an argument means that more than one may be given.

New Commands:

DOMAIN — Join or leave a network domain, or display the current domain membership status.

DOMAIN domain /DS /L /OU:"path" /P:password /PDC /R /S:server /U:user /W /X /Y

/DSdelete the startup shortcut if successful
/Lleave; remove the computer from the domain
/OU:"path"Full RFC 1779 path of the organizational unit to join
/P:passwordpassword for the administrative account
/PDCuse the primary domain controller
/Rreboot if the operation is successful
/S:servername of the server (domain controller) to use
/U:useradministrative account to perform the operation
/Wjoin a workgroup, not a domain
/Xjoin even if computer is already part of a domain
/Ydo not prompt before joining or leaving
domainname of the domain to join or leave

If neither /L nor a domain is specified, the computer’s current domain membership status will be displayed.

Use /L to leave (“unjoin”) a domain. If you specify both /L and a domain, then the domain must match the computer’s current domain name. You can bypass this safety check by omitting the domain.

If you specify /P:* or if you give a user name without a password, you will be prompted to enter the password interactively.

By default, you will be prompted before joining or leaving a domain. /Y suppresses the prompt. If you specify /R, the computer will automatically reboot after a successful join or leave. /R and /Y together will reboot with no chance to cancel!

/OU allows you to specify the organizational unit within the domain you are joining. Give the full path, in RFC 1779 format, from the innermost to the outermost unit; for example, /OU:"ou=sales,ou=staff,dc=now99,dc=com". Alternatively, you can pass the path as \top-org\sub-org… (with a leading backslash) and the plugin will attempt to mangle it into RFC 1779 format for you automatically. Do not use this option unless you truly need to join a specific OU.

If /DS is specified and a domain join or leave succeeds, DOMAIN will delete the shortcut used to launch TCC or the current batch file. This option is not likely to be useful at the prompt! It’s intended for use in turnkey batch files to join a computer to a domain, on the theory that such a batch file will usually be called only once (after a workstation is freshly imaged).

This command calls the NetJoinDomain() API.

domain mydomain /u:mydomain\machodude /p:Seekr3t /r /y

Return codes:

0syntax request via /?
1syntax or usage error
2the requested operation failed
if the operation succeeded and /R was specified, DOMAIN will not return

DOMAINHELP — Open the Domain plugin help file.


topicthe page to display

The DOMAINHELP command will locate and open this plugin’s help file. In most cases, the internal HELP command, and the F1 and Ctrl-F1 keys, will be more convenient. The sole advantage to this command is that it can be used to open the help file to any desired topic, not only to the names of commands, functions, and variables.

LISTOUS — List available Organizational Units in a domain.

LISTOUS domain /I /L /P:password /U:user /W:wildspec /X:wildspec

/Iparse RFC 1779 strings into intuitive format
/Ldisplay line numbers
/P:passwordpassword for the administrative account
/U:useradministrative account to perform the operation
/W:wildspecinclude only OUs matching wildspec
/X:wildspecexclude OUs matching wildspec
domainname of the domain to examine

If no domain is specified, the computer’s current domain will be used by default.

New Functions:

@DC — Returns the number of controllers or the name of one controller for a domain.


index0 returns the number of controllers; 1 — n returns the name of a controller
domainif the computer is a member of a domain, this parameter is optional

set n=%@dc[0]

iff %n gt 0 then
   do i = 1 to %n
      echo %i  %@dc[%i]

@PDC — Returns the name of the primary domain controller for the specified domain.


domainif the computer is a member of a domain, this parameter is optional

echo %@pdc[]

@RANDX — Returns a string of random hex digits.


nthe number of digits; defaults to 8

This utility function has nothing to do with domain membership. It is provided as a quick-and-dirty means of generating strings of a desired length, for creating computer names and the like.

echo %@randx[5]

New Variables:

_COMPNAME — Returns the computer’s name.


This variable returns the fully qualified DNS name of the computer, including the domain name if any.

echo %_compname

_DOMAINDNS — Returns the domain’s DNS name.


If the computer is not joined to a domain, this variable returns an empty string.

iff "%_domaindns" != "" then
   echo %computername is a member of %_domaindns
   echo %computername is not a member of a domain.

_DOMAINFOREST — Returns the domain’s forest name.


If the computer is not joined to a domain, this variable returns an empty string.

iff "%_domainforest" != "" then
   echo %computername is a member of %_domainforest
   echo %computername is not a member of a domain.

_DOMAINMEMBER — Returns 1 if the computer is a member of a domain, or 0 otherwise.


if %_domainmember == 1 echo Already joined to a domain!

_DOMAINNB — Returns the NetBIOS domain or workgroup name.


iff %_domainmember == 0 then
   echo %computername is a member of workgroup %_domainnb
   echo %computername is a member of a domain %_domaindns.

_DOMAINROLE — Returns a string describing the computer’s network role.


Possible return values include:

Standalone_Workstationnot a member of a domain
Standalone_Servernot a member of a domain
Unknowncan’t happen?

echo %computername is a %_domainrole.

_NBCOMPNAME — Returns the computer’s NetBIOS name.


This variable will generally return the same value as the COMPUTERNAME environment variable.

echo %_nbcompname

_PDC — Returns the name of the primary domain controller.


The returned name will begin with a double backslash. On any error, or if the computer is not joined to a domain, this variable will return an empty string.

echo %_pdc

_WORKGROUP — Returns the name of the computer’s workgroup.


If the computer is a member of a domain, this variable returns an empty string.

echo %_workgroup

Startup Message:

This plugin displays an informational line when it initializes. The message will be suppressed in transient or pipe shells. You can disable it for all shells by defining an environment variable named NOLOADMSG, for example:

set /e /u noloadmsg=1

Status and Licensing:

Consider this beta software. It may well have issues. Try it at your own risk. If you find a problem, you can report it in the JP Software support forum.

Domain is currently licensed only for testing purposes. I may make binaries and source code available under some free license once I consider it ready for use.


You can download the current version of the plugin from