Tag Archives: Ad

Get all Workstations from an AD SG (WQL)

Purpose: Get all Workstations from an Active Directory Security Group (WQL)

If your environment uses heavily active directory security groups, you can use those memberships in Configuration Manager Device Collections. With a simple query, you can set the system to gather all the members of an active directory security group into your brand new (or old) device collection.

Continue Reading

Read from an Active Directory computer object attribute (VBS)

Purpose: You have information that you need to read from an AD object attribute

Now that you have an attribute full of exiting new information, you need to get it down for business! From SCCM point of view – this usually is an AD computer object attribute (which value could be, for example, the physical location of the computer or the year the computer has been purchased, etc.). Yes well im glad if you also had read my previous article “Write to an Active Directory computer object attribute (VBS). You should know then that I really did not bother to come up with anything original to this description, its just a copy paste! But the script below really does what the topic claims it to do. With the script you can read the attribute value and continue your adventure with it anyway you want!

Usage: cscript.exe IT_OSD_VBS_ReadComputerADAttribute.vbs (no parameters exist)
Debugging: You can uncomment the msgbox rows, to see what values you are receiving.
Configuration: You need to change the AD Attribute that you want to read.

Continue Reading

Write to an Active Directory computer object attribute (VBS)

Purpose: You have information that you need to write to an AD objects attribute

Fancy stuff: you are in a dire need to automate AD object attribute writing. Usually (from SCCM point of view) this object is a computer object, and the attribute contains some additional information about the computer that your corporation has requested. This additional information could be, for example, the physical location of the computer or some specific owner details. The script below allows you to write to the current computer AD object (because it is used usually in a task sequence). Happy writing!

Usage: cscript.exe IT_OSD_VBS_WriteToComputerObjectAttribute.vbs (no parameters exist)
Debugging: You can uncomment the msgbox rows, to see what values you are receiving.
Configuration: You need to change the AD Attribute that you want to write to

Continue Reading

Move a Computer to an Active Directory Organizational Unit (VBS)

Purpose: During a SCCM 2012 Computer Deployment, troubleshoot your AD permissions

Ok – before you start with all the “Hey dude, there is a built-in action to do this!” -talks, hear me out first. Remember all those SCCM Task Sequence changes you made? And then tried the Task Sequence out by installing an operating system? You noticed that you had problems getting a computer to move to the correct Active Directory (AD) Organisational Unit (OU)? Made some troubleshooting changes and then tried again? Here is where this script will come in handy! You do not need to run through the Task Sequence just to see if your computer will now actually move to the correct OU (because this can take an hour, right?). You could do a new Task Sequence, with only one action, just to test if your workstation moves around AD  – but lets not stress that delicate System Center product with this. Most of the time problems with handling workstations in AD through SCCM are about permissions.

Usage: cscript.exe IT_OSD_VBS_MoveComputerADOU.vbs (no parameters exist)
Debugging: You can uncomment the msgbox rows, to see what values you are receiving.
Configuration: You need to change the AD OU location to suit your own environment.

Continue Reading

Join a Computer to an Active Directory Security Group (VBS)

Purpose: During a SCCM 2012 Computer Deployment, join the current computer to an AD SG

So you have been given a task to automate installations, welcome. More importantly,  there are several (… OK, one is enough) actions that occur to the desktop if it would be a member of an Active Directory (AD) Security Group (SG).  There is no automatic GUI to do this in System Center 2012 Configuration Manager (even SCCM 2012 SP1 wont save you on this one). Therefore you must script it. My example is straightforward. First you must know the LDAP of the SG you want the computer to join.  If you are new to this, in this case LDAP is a fancy word for “AD PATH”.  An example of AD PATH to a SG:

Continue Reading