Add Computer to AD Group Script

I got this script from Microsoft that adds a computer as a member to a security group in Active Directory. As we want to automate everything, this script can be very useful during deployment. A typical scenario can be to enable the computer for Direct Access or wireless network.

Click the title to read the full post

Instructions for use with Microsoft Deployment Toolkit / SCCM

  1. Copy the script into your deploymentshare\scripts
  2. In task sequence, add “run command line”
  3. In the command line, add Cscript.exe %SCRIPTROOT%\AddGroup.vbs  Group1 Group2 Group3
  4. Run it with an account that has the neccesary permissions to add members to the ad group



Add Computer to AD Group Script

Script: AddGroup.wsf

Set WshShell = WScript.CreateObject("WScript.Shell")
'----Get Computer DN------

Set objADSysInfo = CreateObject("ADSystemInfo")
ComputerDN = objADSysInfo.ComputerName
strcomputerdn = "LDAP://" & computerDN
Set objADSysInfo = Nothing

'----Connect AD-----

Set oRoot = GetObject("LDAP://rootDSE")
strDomainPath = oRoot.Get("defaultNamingContext")
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
oConnection.Open "Active Directory Provider"

Count = WScript.Arguments.Count
For i = 0 To  count-1  	
	Group = WScript.Arguments(i)
	Addgroup Group

'----Get Group DN------
Function Addgroup(groupname)
	Set oRs = oConnection.Execute("SELECT adspath FROM 'LDAP://" & strDomainPath & "'" & "WHERE objectCategory='group' AND " & "Name='" & GroupName & "'")
	If Not oRs.EOF Then
		strAdsPath = oRs("adspath")
	End If
	If IsEmpty(strAdsPath) = False  Then 
		Set objGroup = GetObject(stradspath) 
		Set objComputer = GetObject(strComputerDN)
		If (objGroup.IsMember(objComputer.AdsPath) = False) Then
			objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(computerdn)
		End If
	End If 
End Function

Anders Rødland

Anders Rødland started his IT career in 2006. My main focus is MS Configuration Manager and client management, and I have passed 17 Microsoft certifications since then. My main expertise is on client management with Microsoft Endpoint Manager: Intune and Configuration Manager. I also do a lot of work on the security side with Microsoft Defender for Endpoint. In addition to my Microsoft certification, I also have an ITIL v3 Foundation certification. This is my private blog and do not represent my employer. I use this to share information that I find useful. Sharing is caring.

One thought to “Add Computer to AD Group Script”

  1. Hi there, I can’t get this script to work under MDT 2013 Update 2. My Run Command Line in TS looks like this cscript.exe %SCRIPTROOT%addgroup.vbs Direct Access with

    Run this step as the following account and Load user’s profile checked. No errors is produced during deploy. Same if I try run it manually.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.