Move computer in AD during OSD
Let’s say you want to re-image a computer in your active directory domain. But you want it to move from e.g. the Windows 7 OU to the Windows 10 OU. If the PC already exists in AD, it will not be moved even if you specify the new OU in your SCCM task sequence in the Apply Network Settings step. Instead you can use one the following methods.
PowerShell method
Thanks to Jörgen Nilsson for the lines that make this possible. I just added some error handling and logging (http://ccmexec.com/2018/03/move-the-computer-to-the-correct-ou-during-osd-ps-version/)
Insert this step after the Setup Windows and ConfigMgr step.
Command line:
|
1 |
Powershell.exe -NoProfile -ExecutionPolicy bypass -file ComputerOUMove.ps1 -OUDN "%OrganizationUnit%" |
Use a package for this step which contains the ComputerOUMove.ps1 file. The computer variable %OrganizationUnit% must be set in SCCM (e.g. by SoftwareCentral http://softwarecentral.com). Remember to run this step with an account which has the right permissions.
Script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
Param ( # Type in OU distinguished name [Parameter(Mandatory=$true,HelpMessage="Please enter the distiguished name of the target OU", ValueFromPipelineByPropertyName=$true, Position=0)] $OUDN, # Type in computername [Parameter(Mandatory=$false,HelpMessage="Please enter the ComputerName", ValueFromPipelineByPropertyName=$true, Position=0)] $ComputerName = $env:COMPUTERNAME ) #Define log file name and location $LogPath = "C:\MyLogs" $LogFileName = "$ComputerName.log" $LogFile = "$LogPath\$LogFileName" function LogWrite([string]$LogString) { try { Add-content $script:LogFile -value "$(Get-Date -Format yyyy-MM-dd_HH:mm:ss) $LogString" -force -ErrorAction Stop } catch { Write-Warning $_.Exception.Message } } #Initialize log file location if (!(Test-Path $LogPath)) { try { New-Item $LogPath -type directory -ErrorAction Stop | Out-Null } catch { $LogFile = "c:\Windows\Temp\$LogFileName" LogWrite "Log folder could not be created in chosen location. Log saved to c:\Windows\Temp instead." LogWrite ("$_.Exception.Message") } } LogWrite("### START OF SCRIPT ###") LogWrite("Running ComputerOUMove.ps1 -OUDN $OUDN -ComputerName $ComputerName (running as $env:username)") try { $OUDNstring = $OUDN.TrimStart("LDAP://") $ComputerDN = (([ADSISEARCHER]”sAMAccountName=$($env:COMPUTERNAME)$”).FindOne().Path).TrimStart("LDAP://") } catch { LogWrite("Failed to check if the computer is already in the target OU `"$OUDNstring`"") LogWrite("$_.Exception.Message") } if ($ComputerDN -eq "CN=$ComputerName,$OUDNstring") { LogWrite("$ComputerName is already in target OU `"$OUDNstring`"") } else { LogWrite("Trying to move $ComputerName to target OU `"$OUDNstring`"") try { $CompObj = [ADSI]”LDAP://$ComputerDN” $CompObj.psbase.MoveTo([ADSI]”LDAP://$($OUDNstring)”) Start-Sleep 3 $ComputerDN = (([ADSISEARCHER]”sAMAccountName=$($env:COMPUTERNAME)$”).FindOne().Path).TrimStart("LDAP://") if ($ComputerDN -eq "CN=$ComputerName,$OUDNstring") { LogWrite("Successfully moved $ComputerName to target OU `"$OUDNstring`"") } } catch { LogWrite("Failed to move the computer to the target OU `"$OUDNstring`"") LogWrite("$_.Exception.Message") } } LogWrite("### END OF SCRIPT ###") |
VBS method
Put these “Run Command Line” steps into your task sequence after the Setup Windows and ConfigMgr step:
Step 1)
Name: Backup COM3 reg key
Command line: REG EXPORT HKLM\Software\Microsoft\COM3 %temp%\com.reg /y
Step 2)
Name: Change COM3 value
Command line: REG ADD HKLM\Software\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f
Step 3)
Name: Move computer in AD
Command line: cscript.exe .\MoveClientToCorrectOU.vbs “%OrganizationUnit%”
Use a package for this step which contains the MoveClientToCorrectOU.vbs file. The computer variable %OrganizationUnit% must be set in SCCM (e.g. by SoftwareCentral http://softwarecentral.com). Remember to run this step with an account which has the right permissions.
Step 4)
Name: Restore COM3 reg key
Command line: REG IMPORT %temp%\com.reg
Step 5)
Restart Computer
The MoveClientToCorrectOU.vbs should look like this:
Thanks to Jakob Gottlieb Svendsen for creating this script back in 2010 (http://blog.ctglobalservices.com/scripting-development/jgs/vbscript-move-computer-object-to-another-ou-via-command-line-parameter/)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
On Error Resume Next Set wshNetwork = CreateObject("WScript.Network") Set objFso = CreateObject("Scripting.FileSystemObject") Set objSysInfo = CreateObject( "ADSystemInfo" ) Set ArgObj = WScript.Arguments 'Use first argument as target OU strMachineObjectOU = ArgObj(0) strComputerDN = objSysInfo.ComputerName 'add missing ldap:// If LCase(Left(strMachineObjectOU,len("LDAP://"))) <> LCase("LDAP://") Then strMachineObjectOU = "LDAP://" & strMachineObjectOU End If nComma = InStr(strComputerDN,",") strCurrentOU = Mid(strComputerDN,nComma+1) strComputerName = Left(strComputerDN,nComma - 1) 'If current ou is different than target OU. Move object If len(Trim(strMachineObjectOU)) > 7 Then If UCase("LDAP://" & strCurrentOU) <> UCase(strMachineObjectOU) Then Set objNewOU = GetObject(strMachineObjectOU) Set objMoveComputer = objNewOU.MoveHere("LDAP://" & strComputerDN, strComputerName) End If Else 'Error no OU input End If |
2 Comments
Join the discussion and tell us your opinion.
Brilliant – just what I was looking for. Thanks a lot 🙂
Welcome 😉