Join a Computer to an Active Directory Security Group (VBS)

Purpose: During a SCCM 2012 Computer Deployment, join the current computer to an AD SG

So you have been given a task to automate installations, welcome. More importantly,  there are several (… OK, one is enough) actions that occur to the desktop if it would be a member of an Active Directory (AD) Security Group (SG).  There is no automatic GUI to do this in System Center 2012 Configuration Manager (even SCCM 2012 SP1 wont save you on this one). Therefore you must script it. My example is straightforward. First you must know the LDAP of the SG you want the computer to join.  If you are new to this, in this case LDAP is a fancy word for “AD PATH”.  An example of AD PATH to a SG:

"CN=Your_SG,OU=Your_Sub_OU,OU=Your_main_OU,DC=Your_domain,DC=Your_domain_locale"

In AD Properties, the object tab of such LDAP would show the canonical name of the object to be:

Your_domain.your_domain_locale/Your_main_OU/Your_Sub_OU/Your_SG

The script is ready to go once you have configured the one variable strLDAPofADSG to point to your AD Security Group. If you have problems with the script, you can uncomment the DEBUG-msgboxes to show you how far the script is going with information. Most likely the current account you are running the script with does not have valid permissions to add the computer to the AD SG.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
' *********************************************************************************
' ** Script Name: IT_APP_VBS_JoinComputertoADSG
' ** Created on: 20.9.2012
' ** Author: Jyri Lehtonen / http://it.peikkoluola.net
' **
' ** Purpose: During a SCCM 2012 Computer Deployment, join the computer to a AD SG
' **
' ** License: This program is free software: you can redistribute it and/or modify
' ** it under the terms of the GNU General Public License as published by
' ** the Free Software Foundation, either version 3 of the License, or
' ** (at your option) any later version.
' **
' ** This program is distributed in the hope that it will be useful,
' ** but WITHOUT ANY WARRANTY; without even the implied warranty of
' ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
' ** GNU General Public License for more details.
' ** 
' ** History: 
' ** 1.0 / Jyri Lehtonen / 20.9.2012 / Initial version.
' ** 1.1 / Jyri Lehtonen / 23.4.2013 / Created better configuration options.
' *********************************************************************************
Option Explicit
 
Dim objSysInfo, objComputer, strComputerDN, strLDAPofADSG
Dim objComputerGroupPath, objComputerGroup
 
' *********************************************************************************
' ** Configure the script
' ** Example LDAP path: 
' **    "CN=Your_SecuritGroup,OU=Your_Sub_OU,OU=Your_main_OU,DC=Your_domain,DC=Your_domain_locale"
' *********************************************************************************
strLDAPofADSG = " "
' *********************************************************************************
 
' Get the current computer information
Set objSysInfo = CreateObject("ADSystemInfo")
strComputerDN = objSysInfo.ComputerName
 
'Uncomment this, to receive debug information:
'msgbox(strComputerDN)
 
' Get the LDAP of the current computer
Set objComputer = GetObject("LDAP://" & strComputerDN)
 
'Uncomment this, to receive debug information:
'msgbox("LDAP://" & strComputerDN)
 
' Set the LDAP of the security group
objComputerGroupPath = strLDAPofADSG
Set objComputerGroup = GetObject("LDAP://" & objComputerGroupPath)
 
'Uncomment this, to receive debug information:
'msgbox("LDAP://" & objComputerGroupPath)
 
' Add computer to group, if not already member.
If (objComputerGroup.IsMember(objComputer.AdsPath) = False) Then
  objComputerGroup.Add(objComputer.AdsPath)
End If
' *********************************************************************************
' ** Script Name: IT_APP_VBS_JoinComputertoADSG
' ** Created on: 20.9.2012
' ** Author: Jyri Lehtonen / http://it.peikkoluola.net
' **
' ** Purpose: During a SCCM 2012 Computer Deployment, join the computer to a AD SG
' **
' ** License: This program is free software: you can redistribute it and/or modify
' ** it under the terms of the GNU General Public License as published by
' ** the Free Software Foundation, either version 3 of the License, or
' ** (at your option) any later version.
' **
' ** This program is distributed in the hope that it will be useful,
' ** but WITHOUT ANY WARRANTY; without even the implied warranty of
' ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
' ** GNU General Public License for more details.
' ** 
' ** History: 
' ** 1.0 / Jyri Lehtonen / 20.9.2012 / Initial version.
' ** 1.1 / Jyri Lehtonen / 23.4.2013 / Created better configuration options.
' *********************************************************************************
Option Explicit

Dim objSysInfo, objComputer, strComputerDN, strLDAPofADSG
Dim objComputerGroupPath, objComputerGroup

' *********************************************************************************
' ** Configure the script
' ** Example LDAP path: 
' **    "CN=Your_SecuritGroup,OU=Your_Sub_OU,OU=Your_main_OU,DC=Your_domain,DC=Your_domain_locale"
' *********************************************************************************
strLDAPofADSG = " "
' *********************************************************************************

' Get the current computer information
Set objSysInfo = CreateObject("ADSystemInfo")
strComputerDN = objSysInfo.ComputerName

'Uncomment this, to receive debug information:
'msgbox(strComputerDN)

' Get the LDAP of the current computer
Set objComputer = GetObject("LDAP://" & strComputerDN)

'Uncomment this, to receive debug information:
'msgbox("LDAP://" & strComputerDN)

' Set the LDAP of the security group
objComputerGroupPath = strLDAPofADSG
Set objComputerGroup = GetObject("LDAP://" & objComputerGroupPath)

'Uncomment this, to receive debug information:
'msgbox("LDAP://" & objComputerGroupPath)

' Add computer to group, if not already member.
If (objComputerGroup.IsMember(objComputer.AdsPath) = False) Then
  objComputerGroup.Add(objComputer.AdsPath)
End If

Leave a Reply

Your email address will not be published. Required fields are marked *


eight − = two

Post Navigation