PDQ Deploy Steps to Add Computer to AD Group
We currently have a VBScript which is part of our build which places a computer into several Active Directory Security groups for Application Group Policy Management. I am looking to decouple the script from the build to allow us to easily update which groups get added, in-addition to when we amend the groups within AD - cutting down the number of updates to our Golden Images.
I'd like, if possible to add a Package to PDQ Deploy with PowerShell steps to add the Target Machine to the specified AD Groups but am struggling to pass the Computer Name? Could anyone assist? Many thanks. Ian
Comments
I've managed to get this working after reading the following thread: https://stackoverflow.com/questions/43981614/adding-computer-to-multiple-active-directory-groups-during-task-sequence-using-p
The above code did the job if anyone else is looking for similar.
Sorry - didn't work as I happened to be testing on a machine with RSAT installed - when I run this on a normal client it fails as the Active Directory PowerShell Module isn't loaded.
You'll want to use the Add-Computer powershell cmdlet. Information here:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/add-computer?view=powershell-5.1
There are a couple of ways to do it. You can specify an OU path if the machine needs to go into a particular location, though you'll need to figure out the method that works best for you to get machines to go where they need too.
In its simplest form it is:
I'm actually looking at adding the machine to an AD Security Group - the process is as follows:
- NET - Wireless LAN Computers
- SOFTWARE-CLIENT-Google-Chrome-Enterprise
- WSUS-PROD-WORKSTATIONS-Group
At present we log in locally to the machine once it is built and run the following VBScript manually for each machine:
I'm trying to get away from having to manually log into the machine or add the groups by hand within Active Directory. I have tried to just run the VBScript as per the article (https://support.pdq.com/hc/en-us/community/posts/211669867-VB-Scripts) but machine is still not being added to the groups - if I run locally on the machine it works fine.
Scratch that - sorry everyone it was my script - I have amended and now working running via PDQ Deploy. Many thanks!
Oh wow. Brain not working after a week off. Clearly we are talking security groups and not domain joining machines. Yikes! Sorry about that.
Ok, now that I'm on the same page a question: Does your Deploy User happen to be a domain account with privileges to add/change AD Security Groups?
If the answer is YES, try this:
I'm also having an issue with running this on machines that don't have RSAT installed.
Ended up finding a script that worked without RSAT being installed.
# Retrieve DN of local computer object in AD. $SysInfo = New-Object -ComObject "ADSystemInfo" $ComputerDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null) $ComputerDN
# Specify the group. $Group = [ADSI]"LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com"
# Check if computer already a member of the group. If ($Group.IsMember("LDAP://$ComputerDN") -eq $False) { # Add the computer to the group. $Group.Add("LDAP://$ComputerDN") }