anuragyadav Posted March 12, 2013 Report post Posted March 12, 2013 you could prompt for the Username via a HTA frontend and use that username instead of computername to do the checking against. Sorry, I wasn't clear enough. I can for sure get the username before the deployment starts and also scan for user's membership of AD groups but how do we pass this information to make task sequence install the applications needed. We have 1000+ applications and same number of AD groups. I think we cannnot manually create all the application install steps in the task sequence. So, I wanted to know what are your thoughts on acheiveing this? I can create a script to query AD groups and pass on the list of group of which the user is member but have no idea how would I use that list. May be set Coalesceapp? Not sure how to do it though. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted March 12, 2013 Report post Posted March 12, 2013 We have 1000+ applications and same number of AD groups. I think we cannnot manually create all the application install steps in the task sequence. So, I wanted to know what are your thoughts on acheiveing this? simple, reduce the number, create a top 50 list of apps that you will install dynamically for users during the task sequence, everything else gets installed using normal Configuration manager jobs, that's how we do it where I work (global company,26000 clients) Quote Share this post Link to post Share on other sites More sharing options...
anuragyadav Posted March 12, 2013 Report post Posted March 12, 2013 simple, reduce the number, create a top 50 list of apps that you will install dynamically for users during the task sequence, everything else gets installed using normal Configuration manager jobs, that's how we do it where I work (global company,26000 clients) Thanks for the suggestion, not sure I can reduce the list to 50. I will post some updates in coming days if I succeed. Quote Share this post Link to post Share on other sites More sharing options...
cogumel0 Posted May 7, 2013 Report post Posted May 7, 2013 Why over complicate this so much? Daniel Oxley's original post had 4 actions per application to install. Niall's still has 3 actions per application to install. Multiply that by a mere 10 applications and you've got 30 actions (+ a group per set of 3 actions making it a total of 40 steps in TS). I just do the following instead: created a 30 line script which gets the list of groups a computer is a member of. For each group the computer is a member of, it creates a TS variable where the name of the variable is the CN of the group and the value is set to True. That way, you call the script to load the groups once and then on your conditions instead of using INSTALLAPP = True you use Firefox Users = True This example works only on direct membership groups, but it can be easily modified to accommodate nested grouping by using the example here from Richard Mueller: http://www.rlmueller.net/Programs/IsMember8.txt. Should also be noted that the solution presented by both Daniel and Niall also only work in direct group membership. On top of that, the solution from Daniel works out whether a computer is a member of the group by cycling through every single member until it either finds the computer or runs out of members to check against, when there's already a IsMember() method that returns True or False and can be called as: Set objGroup = GetObject("LDAP://" & strGroupDN) If objGroup.IsMember(strComputer) Then ... Anyway, here's my alternative: <job id="ZTIBde"> <script language="VBScript" src="ZTIUtility.vbs"/> <script language="VBScript"> iRetVal = ZTIProcess ProcessResults iRetVal Function ZTIProcess() ZTIProcess = Success On Error Resume Next oLogging.CreateEntry "Retrieving direct groups membership.", LogTypeInfo Set objSysInfo = CreateObject("ADSystemInfo") Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName) If IsArray(objComputer.MemberOf) Then For Each strGroup In objComputer.MemberOf oEnvironment.Item(GetObject("LDAP://" & strGroup).CN) = True Next Else If Len(objComputer.MemberOf) > 0 Then oEnvironment.Item(GetObject("LDAP://" & objComputer.MemberOf).CN) = True End If End If ZTIProcess = err.Number End Function </script> </job> It doesn't work in WinPE as is, but why would you want it to anyway? You can't install applications whilst in WinPE (though this can be easily modified to work in WinPE too for the skeptic ones). Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted May 7, 2013 Report post Posted May 7, 2013 Should also be noted that the solution presented by both Daniel and Niall also only work in direct group membership. Not true... This solution of Niall directly queries the Active Directory group via LDAP, so it does nothing with (direct) collection membership. Also it should be noted that Niall is giving a lot of examples and ideas of how things COULD be done. While we're spamming ideas now anyway, in case someone wants to do this with Orchestrator and users, then have a look here: http://www.petervanderwoude.nl/post/new-and-improved-pre-provision-user-applications-during-os-deployment-via-orchestrator-and-configmgr-2012/ Quote Share this post Link to post Share on other sites More sharing options...
cogumel0 Posted May 8, 2013 Report post Posted May 8, 2013 Not true... This solution of Niall directly queries the Active Directory group via LDAP, so it does nothing with (direct) collection membership. Also it should be noted that Niall is giving a lot of examples and ideas of how things COULD be done. While we're spamming ideas now anyway, in case someone wants to do this with Orchestrator and users, then have a look here: http://www.petervanderwoude.nl/post/new-and-improved-pre-provision-user-applications-during-os-deployment-via-orchestrator-and-configmgr-2012/ Maybe it is me, I'm due to have my glasses changed soon you see, but I can't find anything about collections there, instead when I look at it my eyes read direct group membership. There's this thing in AD called a group. You make other objects members of groups in a way that... ...well... groups them together. So if you decide to make say ComputerA a member of Group1, you say that ComputerA is a member of Group1 through direct group membership. If, however, you make ComputerA a member of Group1 and Group1 a member of Group2, then ComputerA is also a member of Group2, only through nested group membership. Again: Daniel and Niall's solution do not work on nested groups. Neither does the one presented by me, but that can be easily changed by using the script from Richard Muller or a similar one. Just so there's no confusion going forward: neither Daniel & Niall's solution nor my solution do anything at all with collections. Quote Share this post Link to post Share on other sites More sharing options...
thrqureshi Posted June 13, 2016 Report post Posted June 13, 2016 Why do we need "install APPS for COMPUTER via LDAP - multiapp.xml" Is there any script which save the group membership into csv file and than we will use csv files to install applications/group Quote Share this post Link to post Share on other sites More sharing options...
