none
Modify AD Computer Object Attributes During Deployment RRS feed

  • Question

  • Hello all,

    I'm looking to make a script that can modify certain attributes of a computer object during a deployment. Theoretically, I'd use an LTISuspend in my task sequence, launch the script, wait until the values have been entered, and then continue the task sequence.

    At a basic level, the script would do the following:

    ' Modify Computer Location Attribute
    
    Set objComputer = GetObject _ 
        ("LDAP://CN=atl-dc-01,CN=Computers,DC=fabrikam,DC=com")
    
    objComputer.Put "Location" , "Building 37, Floor 2, Room 2133"
    objComputer.SetInfo

    However, at this point in the deployment, the computer object OU & name was already specified from the initial deployment wizard, so it would not be hard-coded. I'm trying to figure out how to use variables to get the PC name and OU as well as how to prompt the user for the value of the attribute being changed. Any help would be greatly appreciated. Thanks!

    Tuesday, August 2, 2016 2:38 PM

All replies

  • If the computer has been joined to the domain, you can use the SystemInfo object to retrieve the distinguishedName of the object in AD.

    Set oSysInfo = CreateObject("ADSystemInfo")
    Wscript.Echo "SysInfo.ComputerName:" & " " & oSysInfo.ComputerName

    To prompt for values, use the InputBox function:

    strValue = InputBox("Enter a value")


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Tuesday, August 2, 2016 3:11 PM
  • This is perfect. Thank you! My next issue is executing this script during deployment. Obviously since the deployment uses the local administrator account, the script will not launch since it requires an account with the authority to modify computer object attributes on the domain. I'm looking at working with the solution described here:https://social.technet.microsoft.com/Forums/scriptcenter/en-US/c21e075e-1197-413b-a80f-c06223c7fe37/help-fixing-a-domain-account-with-rights-to-change-computer-objects-information-to-run-a-vbs-script?forum=ITCG but replacing the credentials with those of an account that only has the ability to join PC's to the domain and modify their attributes. Would there be any obstacles with this approach?

    Tuesday, August 2, 2016 5:42 PM
  • Will the computer object exist in AD when the script runs? And if the script runs before the computer joins the domain, the SystemInfo object won't work, even if the computer object is in AD.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, August 2, 2016 5:57 PM