Jump to content


Search the Community

Showing results for tags 'AD'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
    • Windows 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Official Forum Supporters
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Windows Server General
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

  1. Introduction I've come across various problems during Windows Autopilot causing OOBE to fail that could be solved if only we could decide the order of when things were installed, and to resolve this in a nice way we wanted to dynamically populate an Azure AD group that could be targeted with a device configuration profile. That would mean that we could target sensitive policies to devices after enrollment instead of during enrollment allowing for a smoother, less error prone experience. Being able to apply a profile after Autopilot is finished requires knowing when Autopilot is actually complete, and I touched upon that subject in a previous blog post here. To expand upon that, we can run a scheduled task on login which runs a PowerShell script which in turn, only delivers the payload if certain things are in place such as. C:\ProgramData\Microsoft\IntuneManagementExtension was created within the last X hours The logged on user is not defaultuser0 We could do this using a PowerShell script which runs as a scheduled task after login but that would require storing sensitive credentials on the client. This blog post will show you the necessary steps taken to get to a stage where you can add devices to an Azure AD group using Azure Functions and Graph, and that is interesting because in conjunction with an app registration allows you to embed certificates or secrets within the function and thereby bypass the need for storing credentials in your PowerShell script which runs on the client. There are other ways of doing this, but this is kind of neat. You need to do the following steps. Create a resource group Create an app registration Create a client secret Create a function app Add a HTTP trigger Get the application ID Create an azure ad group Add missing details Configure API permissions Test adding a client So now you have an idea of what this blog post is about, let's get started. Note: I've released an updated version of this concept which includes checking for device compliance here. Step 1. Create a resource group In Azure Active Directory, create an Azure Resource Group. To do that click on Create a Resource in https://portal.azure.com. In the page that appears, search for Resource Group. Select it and click on Create. Next, give it a useful name like Graph_Functions, and select the region applicable to you. And click on Review + create and after being presented with the summary, click Create. Step 2. Create an app registration In Azure Active Directory, create an create an APP Registration called graph_functions by clicking on App registrations in the left pane and clicking on + New registration. fill in the user-facing display name and then click on Register. The app registration is created. Step 3. Create a client secret In the Graph_Function app registration you just created, click on Certificates & Secrets, choose the option to create a + New client secret Give it a name like graph_function_secret Click Add After adding the client secret make sure to copy the secret and keep it safe. copy the secret value and id, you will need them later. Step 4. Create a function app Next, select your previously created resource group called Graph_Functions and create a function app in the graph_functions resource group by clicking on +Add Search for Function App and click Create. A wizard will appear, fill in your choices and select PowerShell core and your region. Create a new storage group or let the wizard create it's own, then click Review + Create. If it generates an error click on the error details, most likely the storage group name you tried to create is already taken. If so, pick another name. Finally, click on Create to create the function app. Step 5. add a HTTP trigger Select the function app created above and click on functions in the left pane. In the ribbon click on + Add. Select HTTP trigger and click on Add. Select Code + test and paste in the code below then save the results # use this code in a http trigger as part of a function app # for more details see https://www.windows-noob.com/forums/topic/21814-adding-devices-to-an-azure-ad-group-after-windows-autopilot-is-complete-part-1/ # Niall Brady, windows-noob.com 2020/12/18 v 0.3 using namespace System.Net # Input bindings are passed in via param block. param($Request, $TriggerMetadata) # Write to the Azure Functions log stream. Write-Host "PowerShell HTTP trigger function processed a request." # Interact with query parameters or the body of the request. $deviceId = $Request.Query.deviceId if (-not $deviceId) { $deviceId = $Request.Body.deviceId } # define the following variables $ApplicationID = "" # this is the id of the app you created in app registrations $TenantDomainName = "" # your tenant name, eg: windowsnoob.com $AccessSecret = "" # this is the secret of the app you create in app registrations $GroupID = "" # this is the ObjectID of the Azure AD group that we want to add devices to $Body = @{ Grant_Type = "client_credentials" Scope = "https://graph.microsoft.com/.default" client_Id = $ApplicationID Client_Secret = $AccessSecret } # make initial connection to Graph $ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantDomainName/oauth2/v2.0/token" -Method POST -Body $Body #get the token $token = $ConnectGraph.access_token # to improve logging... $a = Get-Date $body = " `n" $body = $body + "$a Starting Azure function...`n" $body = $body + "$a Connected to tenant: $TenantDomainName.`n" # now do things... if ($deviceId) { $body = $body + "$a You supplied deviceId: '$deviceId'" + ".`n" # deviceID should be supplied to the function via the function url, # if you want to hard code it for testing un rem next line and supply the correct deviceId #$deviceID = "3a4f4d9d-c648-4ca2-966f-6c6c10acff35" #$InputDevice = "MININT-U7CQUG7" #$Devices = Invoke-RestMethod -Method Get -uri "https://graph.microsoft.com/v1.0/devices?`$filter=startswith(displayName,'$InputDevice')" -Headers @{Authorization = "Bearer $token"} | Select-Object -ExpandProperty Value | %{ $Group = Invoke-RestMethod -Method Get -uri "https://graph.microsoft.com/v1.0/groups?`$filter=Id eq '$GroupId'" -Headers @{Authorization = "Bearer $token"} | Select-Object -ExpandProperty Value $GroupName = $Group.displayName $body = $body +"$a Group.displayName: '$GroupName'" + ".`n" $GroupMembers = Invoke-RestMethod -Method Get -uri "https://graph.microsoft.com/v1.0/groups/$GroupID/members" -Headers @{Authorization = "Bearer $token"} | Select-Object -ExpandProperty Value $AddDevice = Invoke-RestMethod -Method Get -uri "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$deviceId'" -Headers @{Authorization = "Bearer $token"} | Select-Object -ExpandProperty Value | %{ if ($GroupMembers.ID -contains $_.id) { Write-Host -ForegroundColor Yellow "$($_.DisplayName) ($($_.ID)) is in the group" $body = $body + "$a $($_.DisplayName) ($($_.ID)) is already in the '$GroupName' group, nothing to do.`n" } else { Write-Host -ForegroundColor Green "Adding $($_.DisplayName) ($($_.ID)) to the group" $body = $body + "$a Adding $($_.DisplayName) ($($_.ID)) to the group with ObjectID $GroupID.`n" $BodyContent = @{ "@odata.id"="https://graph.microsoft.com/v1.0/devices/$($_.id)" } | ConvertTo-Json Invoke-RestMethod -Method POST -uri "https://graph.microsoft.com/v1.0/groups/$GroupID/members/`$ref" -Headers @{Authorization = "Bearer $token"; 'Content-Type' = 'application/json'} -Body $BodyContent } } $body = $body + "$a Exiting Azure function." } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK Body = $body }) Step 6. Get the application ID Go back to app registrations, select the app called graph_functions and copy this field. Application (client) ID: copy the Application (client) ID somewhere. Step 7. Create an azure ad group In Microsoft Endpoint Manager create an azure ad group called Autopilot Completed Take note and copy the Object ID of this Azure Ad group. Step 8. Add missing details Now that you have the values you need (remember you copied the access secret earlier ?), go back into your function app and edit the code, fill in the values below for the following variables $ApplicationID $TenantDomainName $AccessSecret $GroupID like I've done here... but obviously use your own values. Save the code after making your edits. Step 9. configure API permissions Next you need to configure API Permissions for the app registration, don't forget to 'grant admin consent after doing so', please select the following permissions from those available. Click + Add a permission, click Microsoft Graph, select Application permissions Device.Read.All Application Read all devices Yes Granted for windowsnoob.com Group.ReadWrite.All Application Read and write all groups Yes Granted for windowsnoob.com In your lab environment it's ok to Grant admin consent, in Production, think more carefully about how you want to approach it. and once done they'll look like so. Step 10. Test adding a client Now you are ready to test this. On a client, open a cmd prompt and type dsregcmd /status look for the deviceID value highlighted below and copy it. Copy that value and on your http trigger function, use the following in your test window. Replace the deviceID listed below with one from your device. { "deviceID": "f6331344-f625-4259-87e7-73b62f6dbc4a" } Click Run and watch your function do it's thing 🙂 If you followed my guide exactly you'll see something like this. And after a quick look in the members of your Azure Ad group, guess what, your client computer is present ! Awesome ! job done Useful links Graph explorer - https://developer.microsoft.com/en-us/graph/graph-explorer# Powershell modules in Azure functions - https://tech.nicolonsky.ch/azure-functions-powershell-modules/ Create first function in visual studio code - https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-powershell Add devices to an Azure ad group using Graph- https://euc365.com/add-devices-to-an-azure-ad-group-using-the-microsoft-graph-api/ Using Graph in an Azure function - https://techcommunity.microsoft.com/t5/windows-dev-appconsult/using-microsoft-graph-in-an-azure-function/ba-p/317434 That's it for this part, please join me in Part 2 where we'll look into scripting things in an automated way on the client. cheers niall
  2. Hi There, Anyone here has hands-on experience on implement Bit-Locker To-Go? In my environment we use SCCM CB-1902 and MBAM server & client. We have single drive in all the client and it has been protected using MBAM agent. Now looking for encryption the removal disc \USB automatically, when it insert. How can I achieve this? Please free to ask me, if required more information. BR, Biju
  3. Hi! I'm using a VBS script during OS deployment to set the AD computer description. But results are unpredictable at best (if you use numbers or gaps) Does someone has a suggestion for a good working solution ? script that I was testing : cscript.exe adcompdesc.vbs “%ComputerDescription%” dim Computerdn, strComputerName dim Args Set WshShell = WScript.CreateObject("WScript.Shell") '----Get Computer DN------ Set objADSysInfo = CreateObject("ADSystemInfo") ComputerDN = objADSysInfo.ComputerName strcomputerdn = "LDAP://" & computerDN Set objADSysInfo = Nothing '-----Read commandline--- Set args = WScript.Arguments strdesc = args(0) Addcompdesc strdesc Function addcompdesc(strPCdescription) Set objComputer = GetObject (strComputerDN) objComputer.Put "Description", strPCdescription objComputer.SetInfo end function
  4. Hello to all, I open my record again at the forum with a problem that is driving me crazy I have in my work environment a problem with many accounts that are abnormally block. I started all the troubleshooting steps, and slowly I'm probably coming to realize what it is, but I have this event that I can not read well: EventId: 5 The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server% 1. This Indicates That the ticket used against That server is not yet valid (in relationship to That time server). Contact your system administrator to make sure the client and server times are in sync, and That the KDC in realm% 2 is in sync with the KDC in the client realm. Ok I found that could be a problem Kerberos ticket but the strangest thing I do not understand is why this computer receives this error from another pc and not by a server: The kerberos client received a KRB_AP_ERR_TKT_NYV WORKSTATION1 error from the server. This Indicates That the ticket used against That server is not yet valid (in relationship to That time server). Contact your system administrator to make sure the client and server times are in sync, and That the KDC in realm DOMINIO.NET is in sync with the KDC in the client realm. You can help me ?? THANK YOU
  5. Here's a quick resume of the current setup I am using. I've been using AD groups to deploy applications from SCCM with query-based collection membership for devices. In short, this means that in AD a computer is added to a group and whenever SCCM runs AD Group discovery and sees a change, the collection which queries that group also updates that group and the application is deployed on the target computer. This was done in order to preserve the historical AD structure and method of deploying applications (previously done with GPOs). This works flawlessly and is relatively quick. Since we do not have a way to remove applications as of now, I am trying to trigger an uninstall deployment whenever a computer is removed from an AD group. I cannot push an uninstall deployment method on a collection that would include all systems except those that are members of the deployment group since this would break systems with the target application installed before SCCM implementation. There is however something that I have tested with a single application which consists of deploying a configuration baseline to all systems that detects if that particular application is installed. I then create a collection that excludes the "Install target software" collection and queries for compliant computers. I then deploy an uninstall application on the resulting collection therefore uninstall the application from the member systems. It seems to work properly for now. I am using configuration baselines because of their ability to run powershell scripts as part of the compliance process. My question is, is it against best practice to have a lot of configuration baselines? I have around 40+ applications that are deployed through SCCM and it would require the same amount of configuration baselines to ensure application are uninstalled in sync with AD group membership. Thanks.
  6. I am new to active directory and I am having issues with folder rights. This is my situation - Folder Structure Folder A Subfolder B Subfolder C Share folder "A" with GrpAdmin Read only Change Security for Folder "B" with user Teacher - who is a member of GrpAdmin - to have full Control User Teacher still cannot create files in folder B. Do i need to share folder B with user Teacher?
  7. Hello guys I need help in design in (AD) and SCCM 2012 my topology is : central site (HQ) and 16 branches each branch have 15 users and connected via IP-VPN to central I cannot make additional domain or even RODC in the branches , I just organized them by create OU for each branch My Question : what's the best practice to organize and manage those branches (in domain controller and in sccm) thank you all
  8. Hi guys, I'm new here, but I've been visiting every now and then and found a solution most of the times. I'm not an expert of GPO but I was tasked to look at a solution either ways (just joined a new team). Our security team wants to make sure that every single person in the company has to change his password every tot days. Now, that's done already, except for global accounts. Let's say _No-Expiration is a group containing all the users that I want their password not to expire. Now, what I want to achieve is to get a GPO set for all OU's which has to overwrite the Password never expires option in AD and unflag it (unless that user is a member of the above group). So I actually want to: Overrule AD Actually change the flag of the object Is this possible? Thank you
  9. I am having an issue with our client push. When I push the client to our machine it installs fine but it gets a incompatiable version and will not automatically assign the site code. I can manually set the site code as a local admin and it works fine. I am thinking this may be a problem with the way I have the boundaries set up in SCCM. My question is, if I change the boundaries or boundary groups in SCCM will I need to extend AD again? Or does the changes automaitcally get replicated to AD? Thanks!
  10. Afternoon All, I'm new to SCCM 2012 and really trying my best to get things working as I thought they should be... I'm trying to push a simple application out to a user colleciton which only contains and AD group, which intern has the specific users added. The AD Group is called SCCM_Deploy 7zip The user collection is called Deploy 7zip it has the AD Group (SCCM_Deploy 7zip) inside of it. I have the 7zip msi, all defaults turned on, and once I tell it to deploy to the 'Deploy 7zip' user collection nothing shows in software center. I have attached a few screenshots. Thanks in advance for your help
  11. I have one SQL server that is complaining about missing SPN principals. SCOM monitoring is saying SQL can't authenticate using Kerberos because it's missing the SPNs "MSSQLSvc/[server.domain.tld]:1433" and "MSSQLSvc/[server.domain.tld]". It's the default instance. This doesn't seem specific to SQL. I attempted to list SPNs in use with klist and setspn. klist will give me a list for the currently logged-on user, but setspn -L will fail, claiming this: C:\> setspn -L username@domain.tld FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525 Could not find account username@domain.tld I'm also seeing odd security log entries, telling me the failure reason is "Account currently disabled," when it is not. The logon failures use Kerberos for the authentication package where the logon successes use NTLMv2. The setspn failure occurs on a domain-joined Windows 7 PC as well as on my affected SQL server. I can't list SPNs for any domain user account or domain computer account. I can log on using a username@domain.tld username from a console or remote desktop. Kerberos seems to work on at least two non-Windows PCs; there are two MacOS X 10.8 PCs that use Outlook 2011 and they log on to Exchange using Kerberos; the users log on to the domain from the MacOS logon screen and they get a Kerberos SPN they can select from Outlook. --
  12. I am working on a task within an OS build process to disable the previous computer object in AD. Within my OSD task I have the option to change the system name. When the name is changed I set a variable to trigger a script to disable the object within the full OS portion of the task sequence. (The task is setup after the ConfigMgr agent is installed.) Because, the local system does not have access to AD I need to use a service account to disable the object. No matter how I run the script I get an error code 1 from the return of the script. I have triple checked the password and the accounts access. The script runs fine from the command line once the OS starts. I just can not seem to get it to work during the task. Section of the SMSTS.LOG <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:21:03.636+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:2957"> <![LOG[Expand a string: WinPEandFullOS]LOG]!><time="09:21:03.636+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:782"> <![LOG[Executing command line: smsswd.exe /run: REG ADD HKLM\Software\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f]LOG]!><time="09:21:03.636+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="commandline.cpp:805"> <![LOG[=======================[ smsswd.exe ] =======================]LOG]!><time="09:21:03.667+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="main.cpp:303"> <![LOG[PackageID = '']LOG]!><time="09:21:03.667+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="main.cpp:332"> <![LOG[BaseVar = '', ContinueOnError='']LOG]!><time="09:21:03.667+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="main.cpp:333"> <![LOG[SwdAction = '0001']LOG]!><time="09:21:03.667+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="main.cpp:334"> <![LOG[Working dir 'not set']LOG]!><time="09:21:03.667+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="runcommandline.cpp:542"> <![LOG[Executing command line: Run command line]LOG]!><time="09:21:03.667+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="commandline.cpp:805"> <![LOG[Process completed with exit code 0]LOG]!><time="09:21:03.714+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="commandline.cpp:1102"> <![LOG[The operation completed successfully.]LOG]!><time="09:21:03.714+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="runcommandline.cpp:34"> <![LOG[]LOG]!><time="09:21:03.714+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="runcommandline.cpp:34"> <![LOG[Command line returned 0]LOG]!><time="09:21:03.714+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1268" file="runcommandline.cpp:565"> <![LOG[Process completed with exit code 0]LOG]!><time="09:21:03.729+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="commandline.cpp:1102"> <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:21:03.729+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:3010"> <![LOG[Successfully complete the action (Temp Set RegDBVersion to 1) with the exit win32 code 0]LOG]!><time="09:21:03.729+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:3036"> <![LOG[Sending status message . . .]LOG]!><time="09:21:03.729+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utility.cxx:292"> <![LOG[Send a task execution status message SMS_TSExecution_ActionCompleteInfo]LOG]!><time="09:21:03.729+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utility.cxx:314"> <![LOG[Formatted header:]LOG]!><time="09:21:03.745+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1500"> <![LOG[<Msg SchemaVersion="1.1" ReplyCompression="zlib"><ID/><SourceID>GUID:4CCE6282-97EB-4447-BACF-E71E611551F3</SourceID><SourceHost/><TargetAddress>mp:[http]MP_StatusManager</TargetAddress><ReplyTo>direct:OSD</ReplyTo><Priority>3</Priority><Timeout>3600</Timeout><SentTime>2013-09-20T13:21:03Z</SentTime><Protocol>http</Protocol><Body Type="ByteRange" Offset="0" Length="2202"/><Hooks/><Payload Type="inline"/><TargetHost/><TargetEndpoint>StatusReceiver</TargetEndpoint><ReplyMode>Sync</ReplyMode><CorrelationID/></Msg> ]LOG]!><time="09:21:03.745+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1501"> <![LOG[Set a global environment variable _SMSTSLastActionRetCode=0]LOG]!><time="09:21:03.760+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Set a global environment variable _SMSTSLastActionSucceeded=true]LOG]!><time="09:21:03.760+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Clear local default environment]LOG]!><time="09:21:03.760+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:807"> <![LOG[Updated security on object C:\_SMSTaskSequence.]LOG]!><time="09:21:03.885+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:829"> <![LOG[Set a global environment variable _SMSTSNextInstructionPointer=67]LOG]!><time="09:21:03.885+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Set a TS execution environment variable _SMSTSNextInstructionPointer=67]LOG]!><time="09:21:03.885+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:386"> <![LOG[Set a global environment variable _SMSTSInstructionStackString=0 57 64]LOG]!><time="09:21:03.885+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Set a TS execution environment variable _SMSTSInstructionStackString=0 57 64]LOG]!><time="09:21:03.885+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:414"> <![LOG[Save the current environment block]LOG]!><time="09:21:03.885+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:833"> <![LOG[Start executing an instruciton. Instruction name: Disable old Computer Name in AD. Instruction pointer: 67]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="engine.cxx:117"> <![LOG[Set a global environment variable _SMSTSCurrentActionName=Disable old Computer Name in AD]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Set a global environment variable _SMSTSNextInstructionPointer=67]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Set a local default variable SMSTSDisableWow64Redirection]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:700"> <![LOG[Set a local default variable _SMSTSRunCommandLineAsUser]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:700"> <![LOG[Set a local default variable SMSTSRunCommandLineUserName]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:700"> <![LOG[Set a local default variable SMSTSRunCommandLineUserPassword]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:700"> <![LOG[Set a global environment variable _SMSTSLogPath=C:\Windows\SysWOW64\CCM\Logs\SMSTSLog]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Evaluating an AND expression]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:592"> <![LOG[Evaluating a variable condition expression]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:775"> <![LOG[Expand a string: notEquals]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:782"> <![LOG[Expand a string: OldComputerName]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:782"> <![LOG[Expand a string: !SameName!]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:782"> <![LOG[The condition for the action (Disable old Computer Name in AD) is evaluated to be true]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:2912"> <![LOG[Expand a string: smsswd.exe /run: %SYSTEMROOT%\SysWOW64\wscript.exe "%ScriptRoot%\DisableComputer.vbs"]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:782"> <![LOG[Expand a string: ]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:782"> <![LOG[Start executing the command line: smsswd.exe /run: %SYSTEMROOT%\SysWOW64\wscript.exe "%ScriptRoot%\DisableComputer.vbs"]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:2928"> <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:2957"> <![LOG[Expand a string: WinPEandFullOS]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:782"> <![LOG[Executing command line: smsswd.exe /run: %SYSTEMROOT%\SysWOW64\wscript.exe "%ScriptRoot%\DisableComputer.vbs"]LOG]!><time="09:21:03.932+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="commandline.cpp:805"> <![LOG[=======================[ smsswd.exe ] =======================]LOG]!><time="09:21:03.979+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="main.cpp:303"> <![LOG[PackageID = '']LOG]!><time="09:21:03.979+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="main.cpp:332"> <![LOG[BaseVar = '', ContinueOnError='']LOG]!><time="09:21:03.979+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="main.cpp:333"> <![LOG[SwdAction = '0001']LOG]!><time="09:21:03.979+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="main.cpp:334"> <![LOG[Getting linked token]LOG]!><time="09:21:04.135+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="runcommandline.cpp:334"> <![LOG[failed to get the token information]LOG]!><time="09:21:04.135+240" date="09-20-2013" component="InstallSoftware" context="" type="3" thread="1776" file="runcommandline.cpp:341"> <![LOG[Working dir 'not set']LOG]!><time="09:21:04.930+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="runcommandline.cpp:542"> <![LOG[Executing command line: Run command line]LOG]!><time="09:21:04.930+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="commandline.cpp:805"> <![LOG[Process completed with exit code 1]LOG]!><time="09:21:05.149+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="commandline.cpp:1102"> <![LOG[Microsoft (R) Windows Script Host Version 5.8]LOG]!><time="09:21:05.149+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="runcommandline.cpp:34"> <![LOG[Copyright (C) Microsoft Corporation. All rights reserved.]LOG]!><time="09:21:05.149+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="runcommandline.cpp:34"> <![LOG[]LOG]!><time="09:21:05.149+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="runcommandline.cpp:34"> <![LOG[CScript Error: Loading script "C:\_SMSTaskSequence\WDPackage\Scripts\DisableComputer.vbs" failed (Access is denied. ).]LOG]!><time="09:21:05.149+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="runcommandline.cpp:34"> <![LOG[Command line returned 1]LOG]!><time="09:21:05.149+240" date="09-20-2013" component="InstallSoftware" context="" type="1" thread="1776" file="runcommandline.cpp:565"> <![LOG[Process completed with exit code 1]LOG]!><time="09:21:05.258+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="commandline.cpp:1102"> <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:21:05.258+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="instruction.cxx:3010"> <![LOG[Failed to run the action: Disable old Computer Name in AD. Incorrect function. (Error: 00000001; Source: Windows)]LOG]!><time="09:21:05.258+240" date="09-20-2013" component="TSManager" context="" type="3" thread="1540" file="instruction.cxx:3101"> <![LOG[Sending status message . . .]LOG]!><time="09:21:05.258+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utility.cxx:292"> <![LOG[Send a task execution status message SMS_TSExecution_ActionFailError]LOG]!><time="09:21:05.258+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utility.cxx:314"> <![LOG[Formatted header:]LOG]!><time="09:21:05.289+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1500"> <![LOG[<Msg SchemaVersion="1.1" ReplyCompression="zlib"><ID/><SourceID>GUID:4CCE6282-97EB-4447-BACF-E71E611551F3</SourceID><SourceHost/><TargetAddress>mp:[http]MP_StatusManager</TargetAddress><ReplyTo>direct:OSD</ReplyTo><Priority>3</Priority><Timeout>3600</Timeout><SentTime>2013-09-20T13:21:05Z</SentTime><Protocol>http</Protocol><Body Type="ByteRange" Offset="0" Length="3302"/><Hooks/><Payload Type="inline"/><TargetHost/><TargetEndpoint>StatusReceiver</TargetEndpoint><ReplyMode>Sync</ReplyMode><CorrelationID/></Msg> ]LOG]!><time="09:21:05.289+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1501"> <![LOG[Set a global environment variable _SMSTSLastActionRetCode=1]LOG]!><time="09:21:05.305+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Set a global environment variable _SMSTSLastActionSucceeded=false]LOG]!><time="09:21:05.305+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:668"> <![LOG[Clear local default environment]LOG]!><time="09:21:05.320+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="executionenv.cxx:807"> <![LOG[Let the parent group (Disable Old Computer Name) decides whether to continue execution]LOG]!><time="09:21:05.367+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="instruction.cxx:3210"> <![LOG[Let the parent group (Setup Operating System) decide whether to continue execution]LOG]!><time="09:21:05.367+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="instruction.cxx:2461"> <![LOG[Let the parent group (Image Install) decide whether to continue execution]LOG]!><time="09:21:05.367+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="instruction.cxx:2461"> <![LOG[The execution of the group (Image Install) has failed and the execution has been aborted. An action failed. Operation aborted (Error: 80004004; Source: Windows)]LOG]!><time="09:21:05.367+240" date="09-20-2013" component="TSManager" context="" type="3" thread="1540" file="instruction.cxx:2424"> <![LOG[Failed to run the last action: Disable old Computer Name in AD. Execution of task sequence failed. Incorrect function. (Error: 00000001; Source: Windows)]LOG]!><time="09:21:05.367+240" date="09-20-2013" component="TSManager" context="" type="3" thread="1540" file="engine.cxx:214"> <![LOG[Sending status message . . .]LOG]!><time="09:21:05.367+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utility.cxx:292"> <![LOG[Send a task execution status message SMS_TSExecution_TaskSequenceFailError]LOG]!><time="09:21:05.367+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utility.cxx:314"> <![LOG[Formatted header:]LOG]!><time="09:21:05.414+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1500"> <![LOG[<Msg SchemaVersion="1.1" ReplyCompression="zlib"><ID/><SourceID>GUID:4CCE6282-97EB-4447-BACF-E71E611551F3</SourceID><SourceHost/><TargetAddress>mp:[http]MP_StatusManager</TargetAddress><ReplyTo>direct:OSD</ReplyTo><Priority>3</Priority><Timeout>3600</Timeout><SentTime>2013-09-20T13:21:05Z</SentTime><Protocol>http</Protocol><Body Type="ByteRange" Offset="0" Length="2106"/><Hooks/><Payload Type="inline"/><TargetHost/><TargetEndpoint>StatusReceiver</TargetEndpoint><ReplyMode>Sync</ReplyMode><CorrelationID/></Msg> ]LOG]!><time="09:21:05.414+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1501"> <![LOG[Launching command shell.]LOG]!><time="09:32:51.151+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="2020" file="debugwindow.cpp:202"> <![LOG[executing command: C:\Windows\system32\cmd.exe /k]LOG]!><time="09:32:51.182+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="2020" file="debugwindow.cpp:63"> <![LOG[executed command: C:\Windows\system32\cmd.exe /k]LOG]!><time="09:32:51.229+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="2020" file="debugwindow.cpp:80"> <![LOG[Task Sequence Engine failed! Code: enExecutionFail]LOG]!><time="09:33:02.664+240" date="09-20-2013" component="TSManager" context="" type="3" thread="1540" file="tsmanager.cpp:767"> <![LOG[****************************************************************************]LOG]!><time="09:33:02.664+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="tsmanager.cpp:789"> <![LOG[Task sequence execution failed with error code 80004005]LOG]!><time="09:33:02.664+240" date="09-20-2013" component="TSManager" context="" type="3" thread="1540" file="tsmanager.cpp:790"> <![LOG[Cleaning Up. Removing Authenticator]LOG]!><time="09:33:02.664+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="tsmanager.cpp:578"> <![LOG[Cleaning up task sequence folder]LOG]!><time="09:33:02.695+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:1404"> <![LOG[Successfully unregistered Task Sequencing Environment COM Interface.]LOG]!><time="09:33:03.225+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="environmentlib.cpp:869"> <![LOG[Executing command line: "C:\Windows\SysWOW64\CCM\TsProgressUI.exe" /Unregister]LOG]!><time="09:33:03.225+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="commandline.cpp:805"> <![LOG[==========[ TsProgressUI started in process 2236 ]==========]LOG]!><time="09:33:03.631+240" date="09-20-2013" component="TsProgressUI" context="" type="1" thread="744" file="winmain.cpp:327"> <![LOG[Unregistering COM classes]LOG]!><time="09:33:03.631+240" date="09-20-2013" component="TsProgressUI" context="" type="1" thread="744" file="winmain.cpp:202"> <![LOG[Shutdown complete.]LOG]!><time="09:33:03.693+240" date="09-20-2013" component="TsProgressUI" context="" type="1" thread="744" file="winmain.cpp:520"> <![LOG[Process completed with exit code 0]LOG]!><time="09:33:03.709+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="commandline.cpp:1102"> <![LOG[Successfully unregistered TS Progress UI.]LOG]!><time="09:33:03.709+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:1963"> <![LOG[Failed to delete registry value HKLM\Software\Microsoft\SMS\Task Sequence\Package. Error code 0x80070002]LOG]!><time="09:33:03.912+240" date="09-20-2013" component="TSManager" context="" type="2" thread="1540" file="utils.cpp:3099"> <![LOG[Start to cleanup TS policy]LOG]!><time="09:33:03.927+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="utils.cpp:2481"> <![LOG[End TS policy cleanup]LOG]!><time="09:33:04.489+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="utils.cpp:2530"> <![LOG[Start to evaluate TS policy with lock]LOG]!><time="09:33:04.738+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="policyutil.cpp:8015"> <![LOG[Updating settings in \\alftestdeploy09\root\ccm\policy\machine\actualconfig]LOG]!><time="09:33:04.754+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="policyutil.cpp:6237"> <![LOG[Machine RequestedConfig policy instance(s) : 327]LOG]!><time="09:33:04.988+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6382"> <![LOG[Deleted setting 'CCM_ClientActions.ActionID="{00000000-0000-0000-0000-000000000113}"'.]LOG]!><time="09:33:05.160+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_ClientActions.ActionID="{00000000-0000-0000-0000-000000000108}"'.]LOG]!><time="09:33:05.175+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_Scheduler_ScheduledMessage.ScheduledMessageID="{00000000-0000-0000-0000-000000000113}"'.]LOG]!><time="09:33:05.191+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_Scheduler_ScheduledMessage.ScheduledMessageID="{00000000-0000-0000-0000-000000000114}"'.]LOG]!><time="09:33:05.191+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_Scheduler_ScheduledMessage.ScheduledMessageID="{00000000-0000-0000-0000-000000000108}"'.]LOG]!><time="09:33:05.191+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_NetworkAccessAccount.SiteSettingsKey=1'.]LOG]!><time="09:33:05.206+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_SoftwareDistributionClientConfig.SiteSettingsKey=1'.]LOG]!><time="09:33:05.238+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_SoftwareUpdatesClientConfig.SiteSettingsKey=1'.]LOG]!><time="09:33:05.238+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Deleted setting 'CCM_SystemHealthClientConfig.SiteSettingsKey=1'.]LOG]!><time="09:33:05.238+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="policyutil.cpp:6437"> <![LOG[Raising event: instance of CCM_PolicyAgent_SettingsEvaluationComplete { ClientID = "GUID:4CCE6282-97EB-4447-BACF-E71E611551F3"; DateTime = "20130920133305.456000+000"; PolicyNamespace = "\\\\alftestdeploy09\\root\\ccm\\policy\\machine\\actualconfig"; ProcessID = 1480; ThreadID = 1540; }; ]LOG]!><time="09:33:05.456+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="event.cpp:525"> <![LOG[Successfully submitted event to the Status Agent.]LOG]!><time="09:33:05.550+240" date="09-20-2013" component="TSManager" context="" type="0" thread="1540" file="event.cpp:543"> <![LOG[End TS policy evaluation]LOG]!><time="09:33:05.550+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="policyutil.cpp:8018"> <![LOG[Policy evaluation initiated]LOG]!><time="09:33:05.550+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:3261"> <![LOG[Error Task Sequence Manager failed to execute task sequence. Code 0x80004005]LOG]!><time="09:33:05.612+240" date="09-20-2013" component="TSManager" context="" type="3" thread="1540" file="tsmanager.cpp:689"> <![LOG[Sending error status message]LOG]!><time="09:33:05.612+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="tsmanager.cpp:690"> <![LOG[Formatted header:]LOG]!><time="09:33:05.612+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1500"> <![LOG[<Msg SchemaVersion="1.1" ReplyCompression="zlib"><ID/><SourceID>GUID:4CCE6282-97EB-4447-BACF-E71E611551F3</SourceID><SourceHost/><TargetAddress>mp:[http]MP_StatusManager</TargetAddress><ReplyTo>direct:OSD</ReplyTo><Priority>3</Priority><Timeout>3600</Timeout><SentTime>2013-09-20T13:33:05Z</SentTime><Protocol>http</Protocol><Body Type="ByteRange" Offset="0" Length="1178"/><Hooks/><Payload Type="inline"/><TargetHost/><TargetEndpoint>StatusReceiver</TargetEndpoint><ReplyMode>Sync</ReplyMode><CorrelationID/></Msg> ]LOG]!><time="09:33:05.612+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="libsmsmessaging.cpp:1501"> <![LOG[Resuming SMS Components]LOG]!><time="09:33:05.706+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="tsmanager.cpp:1026"> <![LOG[Waiting for CcmExec service to be fully operational]LOG]!><time="09:33:05.706+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:4129"> <![LOG[CcmExec service is up and fully operational]LOG]!><time="09:33:05.706+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:4134"> <![LOG[Resume for CCM component SoftwareDistribution requested]LOG]!><time="09:33:05.706+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:4029"> <![LOG[Resume for CCM component SoftwareUpdates requested]LOG]!><time="09:33:05.737+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="utils.cpp:4029"> <![LOG[Attempting to release request using {408498A6-2783-496F-9165-096B88286C25}]LOG]!><time="09:33:05.768+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="swdupdatescontroller.cpp:300"> <![LOG[ReleaseRequest failed with error code 0x80004005]LOG]!><time="09:33:05.768+240" date="09-20-2013" component="TSManager" context="" type="3" thread="1540" file="swdupdatescontroller.cpp:318"> <![LOG[Task Sequence Manager could not release active TS request. code 80004005]LOG]!><time="09:33:05.768+240" date="09-20-2013" component="TSManager" context="" type="2" thread="1540" file="swdupdatescontroller.cpp:326"> <![LOG[Failed to delete registry value HKLM\Software\Microsoft\SMS\Task Sequence\System Health Agent. Error code 0x80070002]LOG]!><time="09:33:05.784+240" date="09-20-2013" component="TSManager" context="" type="2" thread="1540" file="utils.cpp:2782"> <![LOG[Failed to delete registry value HKLM\Software\Microsoft\SMS\Task Sequence\Active Request Handle. Error code 0x80070002]LOG]!><time="09:33:05.784+240" date="09-20-2013" component="TSManager" context="" type="2" thread="1540" file="utils.cpp:2930"> <![LOG[Finalize logging request ignored from process 1480]LOG]!><time="09:33:05.815+240" date="09-20-2013" component="TSManager" context="" type="1" thread="1540" file="tslogging.cpp:1732"> <![LOG[Process completed with exit code 2147500037]LOG]!><time="09:33:05.908+240" date="09-20-2013" component="TSMBootstrap" context="" type="1" thread="1576" file="commandline.cpp:1102"> <![LOG[Exiting with return code 0x80004005]LOG]!><time="09:33:05.908+240" date="09-20-2013" component="TSMBootstrap" context="" type="1" thread="1576" file="tsmbootstrap.cpp:1118"> <![LOG[Process completed with exit code 2147500037]LOG]!><time="09:33:05.940+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="1996" file="commandline.cpp:1102"> <![LOG[Task sequence completed 0x80004005]LOG]!><time="09:33:05.940+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="1996" file="basesetuphook.cpp:1381"> <![LOG[Waiting for command shell to complete.]LOG]!><time="09:33:05.940+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="2020" file="debugwindow.cpp:218"> <![LOG[Uninstalling Setup Hook]LOG]!><time="09:33:38.466+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="1996" file="basesetuphook.cpp:1424"> <![LOG[Removing setup hook from registry.]LOG]!><time="09:33:38.481+240" date="09-20-2013" component="OSDSetupHook" context="" type="0" thread="1996" file="vistasetuphook.cpp:143"> <![LOG[Successfully removed C:\Windows\system32\OSDGINA.DLL]LOG]!><time="09:33:38.497+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="1996" file="basesetuphook.cpp:1179"> <![LOG[Successfully removed C:\Windows\system32\OSDSETUPHOOK.EXE]LOG]!><time="09:33:38.497+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="1996" file="basesetuphook.cpp:1179"> <![LOG[Successfully removed C:\Windows\system32\_SMSOSDSetup]LOG]!><time="09:33:38.513+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="1996" file="basesetuphook.cpp:1216"> <![LOG[Successfully finalized logs to SMS client log directory from C:\Windows\SysWOW64\CCM\Logs]LOG]!><time="09:33:38.762+240" date="09-20-2013" component="OSDSetupHook" context="" type="1" thread="1996" file="tslogging.cpp:1536">
  13. Install Active Directory Domain Services Now that we have the VMs created, and the OS installed on both, we need to first install/setup Active Directory (AD). When you log into a new installation of Server 2012, Server Manager will auto launch. From Server Manager, click on Manage, and choose ‘Add Roles and Features’. On the Add Roles and Features Wizard, read the information on the Before You Begin dialog, and then click Next. On the Installation Type screen, select ‘Role-based on feature-based installation’ and then click Next. On the ‘Server Selection’ screen, since we are installed Active Directory on this local system, ensure that it is selected, and click Next. Side note: Windows Server 2012 has a new feature that allows you to remotely install Roles and Features on other systems. On the Server Roles screen, select ‘Active Directory Domain Services’. When you select ‘Active Directory Domain Services’, immediately you will be presented with the following dialog. Click Add Features. On the Features screen, accept what has already been selected by default, and click Next. On the AD DS screen, read the information presented, and click Next. On the Confirmation screen, check the ‘Restart the destination server automatically if required’ checkbox, and then click Install. Note: You are not required to check the ‘restart’ checkbox, however, you’re going to have to restart the system anyways after the installation, so you might as well let the system do it for you. Note: When you check off the ‘Restart the destination server automatically if required’ checkbox, you will immediately be prompted with the following dialog. Click Yes. On the Results screen, click Close. After the system restarts, and Server Manager launches, you will have to promote the server as a domain controller. This is because Active Directory has been installed, but that process does not automatically promote the server. Click on the ‘Promote this server to a domain controller’ link. On the Deployment Configuration screen, select ‘Add a new forest’ since this is the first domain controller in our lab. Then enter a root domain name, and click Next. In my example I am using “SC.LAB” for System Center Lab (since I will be installing all other System Center products in my lab eventually). For the Domain Controller Options, select the appropriate Forest functional level, and Domain functional level. This is more applicable if you already have an existing domain and are adding a new domain controller. But since this is the first domain controller in our new domain, then we’ll use the highest level, that of Windows Server 2012. Also, don’t forget to create the Directory Service Restore Mode password. Then press Next. On the DNS Options screen, you can ignore this warning message and click Next. On the Additional Options screen, click Next. On the Paths screen, normally you would change the location for the database, log files, and SYSVOL, but since we are just in a lab environment, we’ll leave it at the defaults and click Next. On the Review Options scree, review what you have entered/selected, and click Next. The Prerequisites Check screen will check and confirm that everything passes before promoting the system as a domain controller. You will notice in my screenshot, that I have 1 warning because I didn’t set a static IP for the server yet. After installation completes, the system will automatically restart. You will then be presented with the login screen. Something to note here, that because we were originally logged in with a local account, the first time you want to log on using a domain account you will have to type the domain\username; in my example SC\Administrator. When you login, you will then see in the Server Manager, that AD DS is now listed, along with DNS. Now all that you need to do is assign a static IP to your domain controller. To do this, in Server Manager, select Local Server from the panel on the left. From there, click on the Ethernet link labelled ‘IPv4 address assigned by DHCP, IPv6 enabled’. This will cause the Networks Connections explorer to open. From here, right click on the Ethernet network that is displayed. This is in fact the network connection that we configured when we first created the VM. On the Ethernet Properties dialog, select ‘Internet Protocol Version 4 (TCP/IPv4)’ and click the Properties button. Within the Internet Protocol Version 4 (TCP/IPv4) Properties dialog, enter a static IP, gateway, and DNS that is applicable to your network. Once all the items have been entered, click OK. You will also have to click Close on the Ethernet Properties dialog as well. Congratulations, you now have a domain setup in your lab environment. Add Systems to Your Domain Now that you have your domain setup, you need to add your other VM (the one that we will use for DPM) to the domain before being able to install DPM. Log into the system you want to add to the domain. To do this in Server 2012, launch Server Manager, and click on Local Server. Then click on the computer name. This will launch the System Properties dialog. From this dialog, click the Change button. From this dialog, select the Domain option for ‘Member of’, and enter the domain name you want to join and press OK. After pressing OK, you are immediately presented with a Windows Security dialog, in which you need to enter the credentials of an account that has Domain Admin rights. Enter the credentials and click OK. Once the system is successfully joined to the domain, you will receive the following Welcome message. Press OK. After you press OK to the Welcome message, you will receive a second prompt, indicating that you need to restart the system for the changes to take effect. You will be back on the System Properties dialog. Press Close. When you press Close, you will receive yet another prompt about restarting the system. You can choose to Restart Now or Restart Later, but you won’t be able to install DPM without the VM being added to the domain. After the system restarts, you will then be presented with the login screen. Something to note here, that because we were originally logged in with a local account, the first time you want to log on using a domain account you will have to type the domain\username; in my example SC\Administrator. Now we have our Active Directory server setup and ready, and the VM we will be installing DPM on is joined to the domain.
  14. Hi I have a problem that I have been trying to resolve, and am not having much luck so far - hopefully someone has an idea. In my infrastructure I have a bunch of printer queues that are published in AD, but they are orphaned as the printer server that they were associated with died unexpectedly, and we did not have chance to remove these published queues in print manager. If a user tries to add a new network printer, via the directory, an error is thrown that the printer cannot be connected to (obviously) Now I know that the printer pruner service that runs in AD should clean these queues as the print server is no longer available. But this is not happening. I have been into the DC GPO, and enabled the pruning service (even though "not configured" is enabled) I have reduced the time and number of retries before the printers are pruned The printer server is not in ADUC I have looked through our ADUC with ADSIEdit, and the server is not listed anywhere, so I cannot remove the queues via ADSIEdit The server is not in DNS or DHCP reservations I cannot add the printer server in printer manager Other fix's MS provide include making sure that the pruner has permissions to the printer queue - but I cant do this, as the propertied don't open, as the object does not really exist. It looks like the objects are in the AD database somewhere, but I have no idea where, or how to remove them. Domain functional level : 2003 4 x AD DC's 1 x Printer server 1 x dead printer server which has caused this issue Thanks in advance if anyone has any ideas of where to go. Warren
  15. Hi! I'm trying to figure out alternatives for domain-users to change/reset their password themselves. I know there are tools that run as a webservice, I know OWA can be used - but are there anything else, or are those the options? Due to cost, it's hard to justify spending that much money on a solution - but if anyone can reccomend anything, or got other solutions it would be great! Does any of the System Center 2012 parts allow for such a thing?
  16. I have a problem at work where my new sccm 2012 server discovered way to many users. I had enabled the Active Directory Forest discovery and I thought it was only supposed to discover the forest and possibly add those as boundaries, but now I have 44.000 users from other locations I do not want in the DB. Is there a quick way to clean the DB for these users? The server is not in prod, but don't want to start over for I've already created some tasks and packages. I have since then setup the user discovery from the right ou, but is it safe to just select all -> delete? tried with a few, but its an extremely slow process. I'm going on vacation soon, so if that's what it takes, I can live with it And it's safe to delete users? It's only the users from the sccm db. It will never touch AD? Edit: All the objects that I want to delete has the Agent Name: "SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT"
  17. Hi there, Just getting into SCCM 2012 and I have a question about what might be the best way to setup my boundaries. I would like to use our AD sites as it seems to be the least administrative heavy option, however because of our configuration I'm not sure it is possible. The way our AD sites are configured is this - we have all of our major offices with domain controllers created as a site in AD with all of their subnets defined, however we have branch offices that do not have domain controllers in them as they have too few clients located there. Those subnets are defined in the main office AD site instead of having their own site - which from what I have read is the MS best practice. My question is, is there a way to utilize these AD sites as boundaries and somehow override those specific subnets that are for branch offices, or do I have to scrap the AD site plan and do all of these boundaries as ip subnets and manually add the approriate ones to boundary groups? Thanks!
  18. Hello Thanks for reading my post To start with some basic info about my VM test lab Part one – My Lab I have two Windows 2012 Servers: Main DC called – NEW-DC01-W12 – Running DHCP – IP address 10.0.0.1 SCCM Server called – NEW-SCCM-W12 10.0.0.1 On my DC I made a container called System Management and give the SCCM server (NEW-SCCM-W12$) and my SCCM admin (SCCMADMIN) account full Control permissions to the System Management container and all its child objects. Not sure where the $ came from but it adds it when I enter my SCCM server name. I used http://technet.microsoft.com/en-gb/library/bb680711.aspx Here is a copy of the file after I ran the file on the CD to extended Active Directory schema <03-17-2013 00:04:45> Modifying Active Directory Schema - with SMS extensions. <03-17-2013 00:04:45> DS Root:CN=Schema,CN=Configuration,DC=Thomas-NEW,DC=local <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Site-Code. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Assignment-Site-Code. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Site-Boundaries. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Roaming-Boundaries. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Default-MP. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Device-Management-Point. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-MP-Name. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-MP-Address. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Health-State. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Source-Forest. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Ranged-IP-Low. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Ranged-IP-High. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Version. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Capabilities. <03-17-2013 00:04:46> Defined class cn=MS-SMS-Management-Point. <03-17-2013 00:04:47> Defined class cn=MS-SMS-Server-Locator-Point. <03-17-2013 00:04:47> Defined class cn=MS-SMS-Site. <03-17-2013 00:04:47> Defined class cn=MS-SMS-Roaming-Boundary-Range. <03-17-2013 00:04:47> Successfully extended the Active Directory schema. <03-17-2013 00:04:47> Please refer to the ConfigMgr documentation for instructions on the manual <03-17-2013 00:04:47> configuration of access rights in active directory which may still <03-17-2013 00:04:47> need to be performed. (Although the AD schema has now be extended, <03-17-2013 00:04:47> AD must be configured to allow each ConfigMgr Site security rights to <03-17-2013 00:04:47> publish in each of their domains.) I can see the System Management in ad but there is nothing in it I then installed SQL server and SCCM – after adding all the windows features it needs I am now trying to install the client on to a Windows 8 VM and its not working. Looking at the log file for ccmsetup – see below <![LOG[==========[ ccmsetup started in process 2236 ]==========]LOG]!><time="18:00:02.464+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:8115"> <![LOG[CcmSetup version: 5.0.7711.0000]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:761"> <![LOG[Running on OS (6.2.9200). Service Pack (0.0). SuiteMask = 256. Product Type = 1]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:894"> <![LOG[Ccmsetup command line: "C:\Windows\SysWOW64\CCMSetup\ccmsetup.exe"]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3030"> <![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:117"> <![LOG[begin checking Alternate Network Configuration]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1069"> <![LOG[Finished checking Alternate Network Configuration]LOG]!><time="18:00:02.495+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1146"> <![LOG[Adapter {17619596-8225-4A57-99B8-59401B9ED738} is DHCP enabled. Checking quarantine status.]LOG]!><time="18:00:02.495+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:416"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="18:00:02.635+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="lsad.cpp:601"> <![LOG[Attempting to query AD for assigned site code]LOG]!><time="18:00:02.635+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1610"> <![LOG[Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=167772190)(MSSMSRangedIPHigh>=167772190))))]LOG]!><time="18:00:02.791+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1645"> <![LOG[Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.0.0.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1706"> <![LOG[Failed to get assigned site from AD. Error 0x80004005]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="2" thread="1260" file="ccmsetup.cpp:363"> <![LOG[GetADInstallParams failed with 0x80004005]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:403"> <![LOG[sslState value: 224]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmsetup.cpp:3646"> <![LOG[Ccmsetup was run without any user parameters specified. Running without registering ccmsetup as a service.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3698"> <![LOG[No sitecode is specified or detected. Assume AUTO sitecode.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3703"> <![LOG[CCMHTTPPORT: 80]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7336"> <![LOG[CCMHTTPSPORT: 443]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7351"> <![LOG[CCMHTTPSSTATE: 224]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7369"> <![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7387"> <![LOG[FSP: ]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7439"> <![LOG[CCMFIRSTCERT: 1]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7497"> <![LOG[No MP or source location has been explicitly specified. Trying to discover a valid content location...]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3907"> <![LOG[Looking for MPs from AD...]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3916"> <![LOG[DHCP entry points already initialized.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:75"> <![LOG[begin checking Alternate Network Configuration]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1069"> <![LOG[Finished checking Alternate Network Configuration]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1146"> <![LOG[Adapter {17619596-8225-4A57-99B8-59401B9ED738} is DHCP enabled. Checking quarantine status.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:416"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="lsad.cpp:601"> <![LOG[Attempting to query AD for assigned site code]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1610"> <![LOG[Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=167772190)(MSSMSRangedIPHigh>=167772190))))]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1645"> <![LOG[Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.0.0.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1706"> <![LOG[Failed to get assigned site from AD. Error 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="2" thread="1260" file="ccmsetup.cpp:363"> <![LOG[GetADInstallParams failed with 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:403"> <![LOG[Couldn't find an MP source through AD. Error 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3935"> <![LOG[Current directory 'C:\Windows\SysWOW64\CCMSetup' is not a valid source location.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3975"> <![LOG[No valid source or MP locations could be identified to download content from. Ccmsetup.exe cannot continue.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:3985"> <![LOG[invalid ccmsetup command line: ]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:3789"> <![LOG[A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:8443"> <![LOG[A Fallback Status Point has not been specified. Message with STATEID='307' will not be sent.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:8443"> <![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:9454"> I am runing this command CCMsetup.exe /mp:NEW-SCCM-W12 SMSSITECODE=PRI FSP=NEW-SCCM-W12 Under Active Directory Forests I have the message “Insufficient access rights under Publishing Status” And in Site under messages I have “Configuration Manager could not locate the "System Management" container in Active Directory (Thomas-NEW.local). Nor could it create a default container. This will prevent Site Component Manager and Hierarchy Manager from updating or adding any objects to Active Directory. Possible cause: The site server's machine account might not have the correct rights to update active directory. Solution: Either give the Service Account rights to update the domain's System Container, or manually create the "System Management" container in this domain's Active Directory system container, and give the site server computer account full rights to that container (and all children objects.)" I am not sure why my site can’t talk to AD - What account is the "The site server's machine account" Thanks for your help
  19. Dear all; First thing I would like to thank all of you for your support and knowledge sharing. I have an issue with SCCM 2012 and Active Directory, I will describe it here. I have three Active directory one of them OS 2003 r2 and tow are 2008 r2. 2003 was handeling all FSMO roles and I moved the FSMO roles to 2008 r2 and tried to demote the 2003 to get the full 2008 r2 features, but when I was turned off 2003 for a while to make sure all our systems are up and running SCCM 2012 can not connect to database which the database on seperate server. For the information when I trune of AD 2003 SCCM 2012 connect to DB. I wish if someone helps me to resolve the issue. Best Regards
  20. I've been getting my info from this site for some time now. Great stuff and a big thank you for that! But I've come across a problem which I can't seem to find a solution for. I want to deploy software through AD security groups in which I put our computer objects. SCCM doesn't seem to cope with that though. You can create a user collection and link it to a security group, but then only users which are linked to the group get the software. That works just fine. I tried putting computer objects in there, but they won't get it. Only users will. Since I want the installation to be computer based instead of user based, that doesn't work for me. I then tried to create a device collection (which seems more logical to me than a user collection) and I thought I chose the perfect membership rule by using "System Resource/Security Group Name". But to my surprise no security groups are found. When I enter a wildcard in the value box, I only get to see client names. No security groups whatsoever. Security groups seem to be only linked to user collections. Why can't I see them? If the option is there, I should get to see them, right? This part really confuses me. Of course I can create device collections within SCCM as a solution, but I want to be able to manage software deployment through AD so we can drag a computer to a security group in order for the client to get the software. Is this the way it is designed, or am I overlooking something here? Or is there a way to get around this? I really hope there is, but I can't seem to find much about it on the Net. I don't understand why this doesn't seem possible. It just seems so logical. Any help/thoughts would be greatly appreciated.
  21. Our AD went down the other day and we had to restore it from a backup. Ever since then, something has happened to the clients and they won't associate with the Site. I can't push the client install to any computer, but I am able to manually install the client on the the computer. Prior to having to restore the AD everything was working great. I have gone through and checked that all of my SCCM user accounts are still there, checked that the Schema was still intact (following this post). I ran the extADSch.exe and the log comes back and states that everything already exists. On the computer that I am trying to install the client on, here is the error message I get in the "Location Services" log... Failed to resolve SLP from WINS, is it published. Can anyone point me to something that I may be overlooking? Let me know if any other log files are needed, or if I should be looking at a different one.
  22. Hi, I'm wondering if it is possible to pull in only computer objects that are part of a specific Active directory Security group to a collection, and how such a query will look. Has anyone had to do this in the past, and is it possible? Ultimately we would like to separate computers by departments, and our AD access is such that we cannot create new ou's. Thanks. Coenie
  23. In a deploy task sequance you can set the AD location of the machine to build to, can you how ever have the machine detect the location (OU) that is is currently in and build to the same place or do you have to have a different ask sequence for every AD location? Thanks
  24. I am running MS SCE2010 on a windows server 2008R2. It installed ok, it complained about a few GP's, but I fixed those. Now I have a few problems, in the middle of the night, it insatlls and updates my servers, which I do not want, with my GP, I configured that to never do that, but with SCE2010, I don't know how exactly to configure it to only notify of updates, but to NOT download them or install them on my servers. Also, I'm trying to install the agent on PC's and it continues to fail on one laptop. The agent on all other PCs installed ok except with one laptop. I'm not sure where to go for the logs, as the failure notice is very generic and doesn't do anything good. Does anyone have any recomendations?
  25. Hi! I have a collection grabing all the computers that are a member of group2, and that works great. I also have this group1 that are a member of group2 with a lot of computers in it but that does not work. Is it possible to also grab the computers in Group1 aswell? SQL Query: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "DOMAIN\\Group2" Thx for the help! EDIT: Added a picture to show you what i mean. http://imageshack.us/photo/my-images/16/sccmcollection.jpg/
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.