Auto adding computer to AD groups during deployment (PowerShell)

Introduction

The goal of this script is adding computer to AD groups during deployment.

Scenarios

There are many scenarios where there is a need to add a computer to an AD-group during deployment, for instance to enable the computer to use a wireless network or adding the computer to an application group.

Script

The following shows how to use the script with MDT(Microsoft Deployment Toolkit).

Step 1: Copy the script to folder "DeploymentShare\Scripts".

Step 2: In the task sequence, add a "Run PowerShell Script".

If the domain account has permission to edit AD group.You can use the script as the following:

If the domain account does not have the permission, you can use the script as the following

Here are some code snippets for your references. To get the complete script sample, please click the download button at the beginning of this page.

PowerShell

Edit|Remove

If(!$strAdsPath)
{
    $objGroup = [ADSI]$strAdsPath
    
    $objComputer = [ADSI]$ComputerDN
    #verify if the computer is a member of the Group
    If ($objGroup.ismember($objComputer.adspath) -eq $false) 
    {
        #Add the the computer to the specefied group
        $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN"))
        $objGroup.setinfo()
    }
}

If(!$strAdsPath) 
{ 
    $objGroup = [ADSI]$strAdsPath 
     
    $objComputer = [ADSI]$ComputerDN 
    #verify if the computer is a member of the Group 
    If ($objGroup.ismember($objComputer.adspath) -eq $false)  
    { 
        #Add the the computer to the specefied group 
        $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN")) 
        $objGroup.setinfo() 
    }}

Prerequisite

Windows Server 2008R2 or higher version