Sigma

I am running a task sequence to decommission the computers on the network (format disk etc. but no OS installation). During this process I want to disable the computer account in AD on which that task sequence is running. I've written a VB Script that gets the Computer DN, connect to AD and try to disable the object. The script looks something like this: Set objComputer = GetObject( & computerDN ) objComputer.AccountDisabled = True objComputer.Put "Description", "Decommissioned" objComputer.SetInfo When I run this script in task sequence step, it throws "general access denied" error. The script successfully updates description if I remove the line: objComputer.AccountDisabled = True My thoughts are that the Task Sequence runs under "Local System" account and "Local System" account has full permissions on its computer account in AD. Correct me if I am wrong please. I can run the script under any other domain admin account (run as command line) but I don't see any reason to do this if above is true. (and it is true in case if I only update description). Any thoughts/ideas will be much appreciated. This Task Sequence step runs in Full Windows mode (not WinPE). Thanks.

Can someone help create mandatory advertisement to run a task sequence using a script? Environment is SCCM 2007.