I got this script from Microsoft that adds a computer as a member to a security group in Active Directory. As we want to automate everything, this script can be very useful during deployment. A typical scenario can be to enable the computer for Direct Access or wireless network.
Click the title to read the full post
Instructions for use with Microsoft Deployment Toolkit / SCCM
- Copy the script into your deploymentshare\scripts
- In task sequence, add “run command line”
- In the command line, add Cscript.exe %SCRIPTROOT%\AddGroup.vbs Group1 Group2 Group3
- Run it with an account that has the neccesary permissions to add members to the ad group
Add Computer to AD Group Script
Script: AddGroup.wsf
Const ADS_PROPERTY_APPEND = 3 Set WshShell = WScript.CreateObject("WScript.Shell") '----Get Computer DN------ Set objADSysInfo = CreateObject("ADSystemInfo") ComputerDN = objADSysInfo.ComputerName strcomputerdn = "LDAP://" & computerDN Set objADSysInfo = Nothing '----Connect AD----- Set oRoot = GetObject("LDAP://rootDSE") strDomainPath = oRoot.Get("defaultNamingContext") Set oConnection = CreateObject("ADODB.Connection") oConnection.Provider = "ADsDSOObject" oConnection.Open "Active Directory Provider" Count = WScript.Arguments.Count For i = 0 To count-1 Group = WScript.Arguments(i) Addgroup Group Next '----Get Group DN------ Function Addgroup(groupname) Set oRs = oConnection.Execute("SELECT adspath FROM 'LDAP://" & strDomainPath & "'" & "WHERE objectCategory='group' AND " & "Name='" & GroupName & "'") If Not oRs.EOF Then strAdsPath = oRs("adspath") End If If IsEmpty(strAdsPath) = False Then Const ADS_SECURE_AUTHENTICATION = 1 Set objGroup = GetObject(stradspath) Set objComputer = GetObject(strComputerDN) If (objGroup.IsMember(objComputer.AdsPath) = False) Then objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(computerdn) objGroup.SetInfo End If End If End Function
Hi there, I can’t get this script to work under MDT 2013 Update 2. My Run Command Line in TS looks like this cscript.exe %SCRIPTROOT%addgroup.vbs Direct Access with
Run this step as the following account and Load user’s profile checked. No errors is produced during deploy. Same if I try run it manually.