Jump to content




prakash.thakor

Join computer to AD Security Group using .vbs during OS Task Sequence



Recommended Posts

Hi

 

I am using SCCM 2007 R3 and I am deploying Windows 7 x64 with SP1.

 

I want to Add the computer to the security group of AD.

 

I have created the .vbs script as below

 

Option Explicit

 

Dim objSysInfo, objComputer, strComputerDN

Dim objComputerGroup

 

' Retrieve DN if user and local computer.

Set objSysInfo = CreateObject("ADSystemInfo")

strComputerDN = objSysInfo.ComputerName

 

' Bind to user and computer objects.

Set objComputer = GetObject("LDAP://" & strComputerDN)

 

' Bind to groups. You must specify the full Distinguished Names.

Set objComputerGroup = GetObject("LDAP://CN=IndiaDesktopgroup,OU=Desktops,OU=COmputers,OU=India,DC=mydomain,DC=local")

 

' Add user and computer to groups, if not already members.

If (objComputerGroup.IsMember(objComputer.AdsPath) = False) Then

objComputerGroup.Add(objComputer.AdsPath)

End If

 

 

1.I have tried creating package and added progrgram into it and use that program into task sequence

2. I have also tried Adding command line in task sequence but didnt help. and error comes "incorrect function"

 

Pls see the below task sequence and error log

 

post-15600-0-94094200-1334206069_thumb.png

 

post-15600-0-75527700-1334206071_thumb.png

Share this post


Link to post
Share on other sites


Hi,

In your scenario above the script will be executed using the System Account on the client compouter which doesn't have permission in AD, so I would start by using a service account with the neceserray permissions.

Check out the script I use to achieve the same thing, there is a description on how to implement it as well.

http://ccmexec.com/2010/08/adding-computer-to-ad-groups-during-deployment/

regards,

Jörgen

Share this post


Link to post
Share on other sites

Hi,

IT takes care of that so just use the command line:

wscript.exe addtogroup.vbs IndiaDesktopgroup

 

And you are good to go.

Regards,

Jörgen

Share this post


Link to post
Share on other sites

Hi

 

I have created a package called "SCCmScripts" and not added any program into and give the UNC path where the .vbs script is located.

 

I have applied your script but still get the error "incorrect function".

 

Pls see the below screenshots.

 

 

 

post-15600-0-45884200-1334216554_thumb.png

 

post-15600-0-79677700-1334216557_thumb.png

 

post-15600-0-16853000-1334216802_thumb.png

Share this post


Link to post
Share on other sites

Hi,

When you test run it manually, do you use the same service account? Does it work then?

Regards,

Jörgen

Share this post


Link to post
Share on other sites

Hi Jorgen,

 

1. Yes , I am running the script after logging into the desktop with the same account after OS is deployed.

 

2. What is the error mean "incorrect function" when\why it comes.

 

 

Thanks

Prakash

Share this post


Link to post
Share on other sites

Hello Jorgen,

Hello Peter,

 

The issue have been resolved now.

 

The Culprit was VMvaretools which was changed registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3 value ;Hence my .vbs script was unable to run.

 

See http://dynamicdatace...y/provisioning/

 

 

To troubleshoot the issue i followed below steps.

 

1. Copying script to local system folder

 

post-15600-0-25737300-1334637072_thumb.png

 

2. Running the script from local system and redirects its output to .txt file so that the exact error can be viewed,

 

post-15600-0-93028100-1334637073_thumb.png

 

3. The error in .txt was it "could not find the script engine."

 

4. Change the registry setting is command line TS.

 

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f

 

post-15600-0-06366100-1334638757_thumb.png

 

 

 

 

5. SUCCESS

Share this post


Link to post
Share on other sites

how to add a group automatically based upon Organisation Unit

 

for example

 

If the computer organisation unit is "corporate" it would add to corporate group similarly If the computer organisation unit is "IT" it would add to IT group

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×