Leaving the script with a plaintext password after join

[jbruettcva]

MIght want to work in some way to have the recipe remove the ad-join ps1 file after the reboot so that the file isn't left with the clear text password, or at least ensure that it's clearly stated that the file is left.

[spuder]

Thanks for bringing this up.

I'm not sure which file you are referring to as there is only 1 script file that is created. Chef creates a temporary powershell script file with a random name inside the cache directory. At the end of the chef run that file is deleted.

Which file are you seeing?

[jbruettcva]

Nevermind, that was the file that i was referring to, i wasn't aware that it was auto-removed at the end of the run.

[spuder]

No problem. Glad to hear someone else is using the cookbook.

Your issue brings up another good point that I'll add to the documentation. If for any reason the cookbook can't join the server to the domain, then the chef output will show passwords. No way around that.