eric.vennekotter Posted March 4, 2015 Report post Posted March 4, 2015 Hello everyone! I deploy applications to device collections that are populated by AD group membership. This is working great, but it causes some trouble when imaging an unknown computer. When going through OSD, I would like to have an option to specify which AD group the computer should belong to (it already prompts for a computer name and adds it to a specific OU that I specified). After the group is specified and the computer gets named and added to the domain, I can then have the task sequence deploy software based on which AD group it is a member of, just like I do after the computer is known to SCCM. Is this possible? Or is there a better way to handle application installs to unknown computers during OSD? I want the application install to happen during OSD so that I can specify the order of installation and so that I can be sure the computer is "ready to go" as soon as the Windows logon screen appears. Any help is appreciated! Quote Share this post Link to post Share on other sites More sharing options...
jtaylor7 Posted March 8, 2015 Report post Posted March 8, 2015 You can add computers to an Active Directory group in the OSD. Off the top of my head one way to place an unknown computer in a different AD group would require you to input a TSVariable at the start of the OSD, this variable could be used to determine which OU you put the computer in. You would need to create multiple Network Settings tasks for each OU you wanted to place computers in and then have them run conditionally depending on the TSVariable. It will make your Task Sequence look untidy to edit but will look no different to the end user. It also probably doesn't make sense to do if you have hundreds of OUs you want to put computers in but for 3 or 4 it should work fine. Quote Share this post Link to post Share on other sites More sharing options...
eric.vennekotter Posted March 9, 2015 Report post Posted March 9, 2015 Thanks for the reply but what I'm looking for is the ability to add a computer to an Active Directory security group, not an Organizational Unit. All of my software is deployed based on group membership instead of OU placement. I would do it OU based, but group membership is more flexible in most situations. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted March 9, 2015 Report post Posted March 9, 2015 Sure you can do this, write a script to add the computer account into your AD security group. Then run the script during the TS. Quote Share this post Link to post Share on other sites More sharing options...
eric.vennekotter Posted March 9, 2015 Report post Posted March 9, 2015 I'll have to find one out there that I can use (I don't have a lot of experience writing scripts). I assume that if I want to be able to specify which group the computer goes into, I'll have to prompt for a TS variable? If that's the case, how do I pass that variable into a script? Quote Share this post Link to post Share on other sites More sharing options...
willisj318 Posted March 9, 2015 Report post Posted March 9, 2015 Variables are represented by %variable% So in your script you would reference the TS Variable you create that way. I can't help on the script itself sorry. Quote Share this post Link to post Share on other sites More sharing options...
BB24 Posted March 20, 2015 Report post Posted March 20, 2015 Hope you found your answer, if not.... .ps1 script http://blogs.technet.com/b/heyscriptingguy/archive/2013/12/25/powertip-add-computer-to-security-group-with-powershell.aspx .vbs http://it.peikkoluola.net/2013/04/23/join-a-computer-to-an-active-directory-security-group-vbs/ Quote Share this post Link to post Share on other sites More sharing options...
