locked
Powershell startup script in GPO RRS feed

  • Question

  • Hi, 

    I have created a simple powershell script that is support to populate the serialnumber attribute on computer accounts with the serial number found in WMI. 

    The problem is that the Set-Adcomputer needs the AD module installed on the computers where it is being ran, hence the startup script is not being run on my clients. 

    $GetSerialnumber = Get-WmiObject win32_bios | Select-Object serialnumber
    $SerialNumber = $GetSerialnumber.serialnumber
     
    $GetComputer = Get-WmiObject -class Win32_bios | select pscomputername
    $Computer = $GetComputer.pscomputername
    
    Set-ADComputer -Identity $computer -Add @{serialNumber="$SerialNumber"} 

    Is there any other way to get this to work as a startup script without having to install the AD module/RSAT on the client computers? 

    BR

    Joakim

    Thursday, October 18, 2018 8:36 AM

Answers

  • $GetSerialnumber = Get-WmiObject win32_bios | Select-Object serialnumber $SerialNumber = $GetSerialnumber.serialnumber $GetComputer = Get-WmiObject -class Win32_bios | select pscomputername $Computer = $GetComputer.pscomputername

    $compOU = "OU=Computers,DC=Domain,DC=com"

    $objWS = [System.DirectoryServices.DirectoryEntry] "LDAP://CN=$computer,$compou"
    $objWS.put("serialNumber",$serialnumber)
    $objWS.SetInfo()




    Thursday, October 18, 2018 1:21 PM
  • Similar to below:

    # Retrieve the DN of the local computer in AD.
    $SysInfo = New-Object -ComObject "ADSystemInfo"
    $ComputerDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
    


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, October 18, 2018 2:12 PM

All replies

  • Hi and welcome to the Powershell forum.

    You might re-think if it's really a good idea to do this with a startup script. Usually you will need this info only once and not every time you start a computer, right? You should think about remoting. Or you could write the information you gather with the startup script to a shared file or folder and transfer the information later to the AD with the proper rights and installed modules.


    Live long and prosper!

    (79,108,97,102|%{[char]$_})-join''


    • Edited by BOfH-666 Thursday, October 18, 2018 8:57 AM
    Thursday, October 18, 2018 8:56 AM
  • Hi Joakim,

    Thanks for your question.

    You can store the AD module in a shared folder that the client can access. Before run Set-AdComputer cmdlet, you can import AD module in your client.

    Import-Module -Name sharedfilepath

    Use the judgment statement, the ad module has been installed to directly execute the script, if not installed first import the module.

    Best Regards,

    Lee


    Just do it.

    Thursday, October 18, 2018 9:59 AM
  • The AD module is not portable.  It can only be installed with RSAT. It requires the support modules which must be installed.


    \_(ツ)_/

    Thursday, October 18, 2018 10:10 AM
  • use dotnet

    $objWS = [System.DirectoryServices.DirectoryEntry] "LDAP://<ObjectDN>"
    $objWS.put("description","New Description")
    $objWS.SetInfo()

    Thursday, October 18, 2018 11:58 AM
  • Hi and thanks for the answer. 

    The reason for having this in a startup script is to have the serial number updated on all computers, also all newly installed computers, without having to retrieve the information in SCCM every month. 

    If you have a suggestion on any other solution, you are welcome to give any advice. 

    As jrv mentioned, we are unable to install RSAT on all of our clients. 

    dotnet seems like a good option.

    Thursday, October 18, 2018 12:04 PM
  • use dotnet

    $objWS = [System.DirectoryServices.DirectoryEntry] "LDAP://<ObjectDN>"
    $objWS.put("description","New Description")
    $objWS.SetInfo()

    As a total newbie on .net, how would such a script look in reality? 
    Thursday, October 18, 2018 12:30 PM
  • This could be done remotely, if your account is a member of Domain Admins (or a group that is a member of the local Administrators group on all clients). For example:

    $Computer = "CmptrName"
    # Retrieve existing SN.
    $ExistingSN = (Get-ADComputer -Identity $Computer -Properties serialNumber).serialNumber
    # Check if assigned.
    If (-Not $ExistingSN)
    {
        # Assign SN to computer object.
        $SN = (Get-WMIObject -Computer $Computer -Class "Win32_BIOS").SerialNumber
        Set-ADComputer -Identity $Computer -Add @{serialNumber=$SN}
    }

    You could even query for all computers where the serialNumber attribute has no value assigned.

    Edit: To retrieve all computers with serialNumber attribute not assigned:

    $Computers = Get-ADComputer -LDAPFilter "(!(serialNumber=*))"

    The "!" character is the Not operator in LDAP syntax.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    Thursday, October 18, 2018 12:43 PM
  • $GetSerialnumber = Get-WmiObject win32_bios | Select-Object serialnumber $SerialNumber = $GetSerialnumber.serialnumber $GetComputer = Get-WmiObject -class Win32_bios | select pscomputername $Computer = $GetComputer.pscomputername

    $compOU = "OU=Computers,DC=Domain,DC=com"

    $objWS = [System.DirectoryServices.DirectoryEntry] "LDAP://CN=$computer,$compou"
    $objWS.put("serialNumber",$serialnumber)
    $objWS.SetInfo()




    Thursday, October 18, 2018 1:21 PM
  • That worked like a charm. Unfortunatly we have our computers split up between Desktops and Laptops and they are in different OU's. 

    Is it, in dotnet, possible to retrieve the distinguishedName attribute from the logged on computer instead of using get-wmiobject?

    Thursday, October 18, 2018 2:04 PM
  • Similar to below:

    # Retrieve the DN of the local computer in AD.
    $SysInfo = New-Object -ComObject "ADSystemInfo"
    $ComputerDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
    


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, October 18, 2018 2:12 PM
  • Wonderful!

    Thanks for all the help!

    Br

    Joakim

    Friday, October 19, 2018 6:37 AM