joeman1881 Posted April 28, 2014 Report post Posted April 28, 2014 I am trying to figure out a simple way to add machines to our "Wireless Devices" Security Group in AD in my OSD task sequence. I have looked into several powershell scripts and VB scripts online, but can't seem to find one or modify one that will work. My machines are all deployed and added to their respective Site OU's during deployment which seems to be part of my issue. I don't want to create a script for each Site OU just to add these machines to the same security group. My technicians don't have access to add users to groups which is why I am trying to come up with an alternative "fix" that can be used during deployment. Any advice? Thanks, -Joe Quote Share this post Link to post Share on other sites More sharing options...
joeman1881 Posted April 28, 2014 Report post Posted April 28, 2014 So......I may have finally gotten this figured out after working on it all day! This is my script: #Connect to Domain $strName = $env:computername $objDomain = [adsi] "(LDAP://dc=mydomain,dc=net)" $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 1000 $objSearcher.Filter = "(&(objectClass=Computer)(name=$strName))" #Get Computer DN $ComputerDN = $colResults.properties.distinguishedname # Get objects $group = [ADSI]”LDAP://CN=RemoteAccess Win8.1,OU=Accounts-Groups-Security.Only,DC=mydomain,DC=net” $machine = [ADSI]"LDAP://$computerdn" # add computer to group $group.Add($machine.Path) #> $null $group.SetInfo() The only issue I am running into is sometimes if I attempt to run in a different session I receive: Exception calling "Add" with "1" argument(s): "Unspecified error (Exception from HRESULT: 0x80004005 (E_FAIL))" ...relating to Line 20... Any words of wisdom? Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted April 29, 2014 Report post Posted April 29, 2014 It looks like an access denied... Keep in mind that by default the task sequence uses the local system account, so to run this script succesfull either the local system account needs rights in the AD, or you need to use user credentials to start the script. Quote Share this post Link to post Share on other sites More sharing options...
joeman1881 Posted April 29, 2014 Report post Posted April 29, 2014 It looks like an access denied... Keep in mind that by default the task sequence uses the local system account, so to run this script succesfull either the local system account needs rights in the AD, or you need to use user credentials to start the script. Right now, I am just attempting to run this command as a package deployment to a set of machines for verification of functionality. I have the package set for "whether or not user is logged in" which automatically sets "run as administrator". Does that mean I am automatically running as a local admin? Is there maybe a switch I can use in my command to say run as domain admin //// password? Thanks as always for the reply Peter! Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted April 30, 2014 Report post Posted April 30, 2014 Nope, that means you're running it as the local system. Another more secure option might be to use a run command line step and provide your credentials with that. Quote Share this post Link to post Share on other sites More sharing options...
