Jump to content


AaronBISSELL

Using Powershell to apply Task Sequence variables

Recommended Posts

Hello Windows-noob community! I wonder if there's something you could help me with?

The task:

- Populate the "Manged By" attribute of a computer object during OSD

What I have so far:

- A custom page in my UDI Wizard as follows

post-24653-0-70562800-1420572859_thumb.png

The managed by field has the OSDManagedBy task sequence variable populated for it

 

- The PowerShell

#Create OSD Task Sequence Environment Object
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
 
#Get the ComputerDescription
$strComputerDesc = $tsenv.Value("OSDComputerDesc")

#Get the ManagedBy Name
$strManagedBy = $tsenv.Value(“OSDManagedBy”)

#Computer Name
$strName = $env:computername

#Set the Active Directory Object Properties
Set-ADComputer "$strName" -ManagedBy "$strManagedBy"

Now, when fill in the strName and strManagedBy variables manually in the script, it goes off without a hitch. But I have it running right after the "Install Software" step in my task sequence and hence, the reason I'm here - it's not working.

 

Any tips?

Share this post


Link to post
Share on other sites

Well after some work today I've had a few developments - that seemed to go okay, but ultimately I'm still stuck.

 

The initial script wouldn't work because of a few reasons...

1. The ADComputer cmdlets only work if you're running the PS on a machine that has AD Users and Computers installed, and the features activated.

2. I needed to either install the features on every server during OSD, or use PowerShell to initiate a remote session and run the commands.

 

I opted for the 2nd. Here is the script.

#Create OSD Task Sequence Environment Object
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
 
#Get the ComputerDescription
$strComputerDesc = $tsenv.Value("OSDComputerDesc")

#Get the ManagedBy Name
$strManagedBy = $tsenv.Value(“OSDManagedBy”)

#Computer Name
$strName = $env:computername

#Connect to Remote PowerShell Session
#Set Active Directory Properties
$s = New-PSSession -Computer SERVERNAME
Invoke-Command -Session $s -Script { Import-Module ActiveDirectory }
Invoke-Command -Session $s -ScriptBlock { Set-ADComputer "$using:strname" -ManagedBy "$using:strManagedBy" }
Invoke-Command -Session $s -ScriptBlock { Set-ADComputer -Identity "$using:strname" -Description "$using:strComputerDesc" }

When I run this script on a machine, and replace the ComputerDesc, ManagedBy, and Name variables with static variables - the script runs off without a hitch. When I run it in the task sequence, it fails with this log entry.

 

post-24653-0-40479800-1420663985_thumb.png

 

I have to leave for the day now, so I just thought I'd leave this hear to see if anyone had any thoughts.

Share this post


Link to post
Share on other sites

based on your log above it doesnt understand the cmdlets

Set-ADComputer

when you run scripts in the task sequence they are running as System,. you should test manually running the script using psexec as system as described here

 

basically

psexec –s –i.

http://blogs.technet.com/b/askds/archive/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008.aspx

 

http://windowsitpro.com/systems-management/psexec

 

lastly, what you are trying to do must happen after the “Setup Windows & ConfigMgr” step, so that the computer is restarted after it is joined to the domain.
The account which executes the script must have permissions in the AD to set the AD Description, Jorgen blogged about this using a vbs here

Share this post


Link to post
Share on other sites

Well I got it working finally - and it turned out to be a bit more complicated than previously expected, so I will post sort of a "How To" on how to modify the ManagedBy and Description fields during OSD should anyone find any use for that.

 

After first using the UDI Wizard Editor to add the page into the wizard, generating the OSDComputerDesc and OSDManagedBy variables, I then needed to develop the PowerShell to use those variables.

 

Below is the code that ended up doing the trick.

#Create OSD Task Sequence Environment Object
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
 
#Get the ComputerDescription
$strComputerDesc = $tsenv.Value("OSDComputerDesc")

#Get the ManagedBy Name
$strManagedBy = $tsenv.Value(“OSDManagedBy”)

#Computer Name
$strName = $env:computername

#Get PSSession Credentials
$strUser = "Domain\OSD-Account"
$strPassword = "Password"

#Connect to Remote PowerShell Session
#Set Active Directory Properties
$pw = ConvertTo-SecureString -AsPlainText -Force -String $strPassword
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "$strUser", $pw
$s = New-PSSession -Computer SERVER -Credential $cred
Invoke-Command -Session $s -Script { Import-Module ActiveDirectory }
Invoke-Command -Session $s -ScriptBlock { Set-ADComputer "$using:strname" -ManagedBy "$using:strManagedBy" }
Invoke-Command -Session $s -ScriptBlock { Set-ADComputer -Identity "$using:strname" -Description "$using:strComputerDesc" }

But before the PowerShell will work, there's a few steps that need to be completed.

 

1. The server that you're going to be establishing the PSSession with, needs to be enabled to allow the user account that's creating the connection - the rights to connect and execute commands. This is done by going to the server and opening an elevated PS Window and typing the code

Set-PSSessionConfiguration Microsoft.PowerShell -ShowSecurityDescriptorUI

This will open up a GUI "Permissions" window that you'll add the account being used to establish the connection with, and assign it Execute rights.

 

2. The account executing the code also needs the ability to modify the AD Computer Object Attributes "Managed By" and "Description. Since we're hard coding the account into the PS script (to avoid prompts), we need to make sure the account is limited to only being able to do what we want it to do. So the account that I used to establish the PSSession, I also Delegated Permissions over ONLY the ActiveDirectory OUs that the computer objects will be placed in, and gave it only rights to Read/Write to the specific fields we want.

 

I opted to hardcode the credentials to an account with restricted permissions rather than create another field in the wizard to have the user enter credentials, because the creds would have to be passed in plain text in order for the PowerShell to read them (Which is why the OSDJoinaccount and OSDPassword variables won't work.)

 

So now the wizard walks me through the set up, I fill in the description and managed by fields... And when it's all said and done, the machine is imaged, in the proper OU, with the description and managed by fields populated.

 

I can now build reports / collections off these variables in SCCM.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.