Auto adding computer to AD groups during deployment (PowerShell)

The goal of this script is adding computer to AD groups during deployment.

2.9 Star
4,178 times
Add to favorites
E-mail Twitter Digg Facebook
  • Domain Admin PW
    3 Posts | Last post February 20, 2018
    • Are there many companies that like to provide domain admin pws in clear text?
    • If its during a deployment you can use the TS variables for the domain join account. Just give that account access to add to the group and you don't have to put things in plain text.
    • If you are using an MDT integrated Task Sequence that make the following changes to the top of the script and the script will use the join account and password that is used in the UDI Wizard:
      #Create PowerShell variables from task sequence variables
      $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
      $Admin = $tsenv.Value("OSDJoinAccount")
      $Password = $tsenv.Value("OSDJoinPassword")
  • Modification to Remove
    1 Posts | Last post September 02, 2013
    • Guys,
      Anyone looking to remove a computer from a group as part of their TS, the modification is below.  For instance for my deployment,  we have very limited GPO's and we only want to exclude them specifically for the build (mainly WiFi settings).  So the very next step after joining to the domain is add them to a 'Build' group.  At the end of the TS the very last step is to remove them from this group and restart.
      For removal, change the 'IF' statement to qualify as 'True' not 'False:
      48. If ($objGroup.ismember($objComputer.adspath) -eq $False)
      48. If ($objGroup.ismember($objComputer.adspath) -eq $False)
      remove line 58, 59:
      58. $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN"))
      59. $objGroup.setinfo()
      and replace with:
      This should then remove the computer from the group.
  • Question
    2 Posts | Last post August 02, 2013
    • Is there a way i can run this script based on the Windows 7 parameter? something like 
      if the computer loggon server is then add to group A and 
      If the computer logon server is then add to group B. 
      Could this be possible? 
    • It would be possible if they have some kind of unique identifier in active directory. e.g. certain OU or group membership