locked
PS script failing in OSD RRS feed

  • Question

  • We have a task/step in an OSD Task Sequence that is failing. It's a Run Command Line - "powershell.exe -ExecutionPolicy Bypass -File "\XXX\XXXXXXXXX\cmapps\Scripts\SMS-TS-MoveOUAddGroup-Laptop.ps1" -ComputerName %COMPUTERNAME%". It moves computers to the appropriate OU in Active Directory. It runs as a service account that has domain admin rights.

    [The argument '\\XXX\XXXXXXXXX\cmapps\Scripts\SMS-TS-MoveOUAddGroup-Laptop.ps1' to the -File parameter does not exist. Provide the path to an existing '.ps1' file as an argument to the -File parameter.]

    [Process completed with exit code 4294770688]

    [Failed to run the action: XXXXXX Unknown error (Error: FFFD0000; Source: Unknown)]

    If I log onto a computer where this step has failed, I can open a command prompt as the service account and manually run the script and it works fine. The step prior to this one runs a script in the same directory as SYSTEM and it runs fine. The service account is used to join the computer to the domain in another task and that works too. If I run the step that's failing with a different account that has permission to move objects in the relevant OUs in AD, I get the same error.

    I have also tried using the FQDN in the path, moving the step up 1 spot so that it is the first of 2 successive tasks that access that network share; I've tried restarting just before the task that fails.

    The problem started out of the blue several weeks ago when we were using SCCM 1610 (5.0.8458.1520) and continued after being upgraded to 1702. It has been failing consistently when imaging with Win7 but a Surface Pro 4 worked fine a couple days ago.

    Anyone have any ideas?

    Friday, August 18, 2017 4:29 PM

Answers

  • Hi there,

    You forgot the opening-quote on -computername.
    I got this error once too.


    • Proposed as answer by AntoonBouw Friday, August 18, 2017 4:49 PM
    • Edited by AntoonBouw Friday, August 18, 2017 4:49 PM
    • Marked as answer by Skip-WI Monday, August 21, 2017 2:48 PM
    Friday, August 18, 2017 4:49 PM

All replies

  • If it's possible will be good to see the script.

    Have you tried use run Powershell script or if you want to use run cmd script use the package to download your ps1 and run it locally.


    Best regards,
    Pavel


    Please remember to mark the replies as answers if they help...

    Friday, August 18, 2017 4:43 PM
  • Hi there,

    You forgot the opening-quote on -computername.
    I got this error once too.


    • Proposed as answer by AntoonBouw Friday, August 18, 2017 4:49 PM
    • Edited by AntoonBouw Friday, August 18, 2017 4:49 PM
    • Marked as answer by Skip-WI Monday, August 21, 2017 2:48 PM
    Friday, August 18, 2017 4:49 PM
  • Here it is:

    # Params

    [CmdletBinding()]
    Param (
       [Parameter(Mandatory=$True)]
          [string]$ComputerName
          )

    # Target Vars
    $ADGroup="s_DirectAccessComputers"
    $TargetOU="OU=Laptops,OU=XXXXXXXX,OU=XXXX,DC=XXX,DC=XX,DC=XXXXXXXXX,DC=com"

    # Get current domain root
    $dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $root = $dom.GetDirectoryEntry()

    # Call DirectorySearcher, apply filter, find computer object, find group object
    $search = [System.DirectoryServices.DirectorySearcher]$root
    $search.Filter = "(&(objectCategory=Computer)(CN=$ComputerName))"
    $result = $search.FindOne()
    $ComputerPath = $result.path
    $objComputer = [ADSI]"$ComputerPath"
    $search.Filter = "(&(objectCategory=Group)(CN=$ADGroup))"
    $result = $search.FindOne()
    $GroupPath = $result.path
    $objGroup = [ADSI]"$GroupPath"

    # Add computer object to AD Group
    $objGroup.Add("$ComputerPath")

    # Move computer object to Target OU
    $objComputer.psbase.MoveTo([ADSI]"LDAP://$TargetOU")

    # Suppress error
    exit 0

    Friday, August 18, 2017 5:03 PM
  • How should it appear? (I am not a PS guy.)

    Should -ComputerName %COMPUTERNAME% be in quotes as in "-ComputerName %COMPUTERNAME%"   ?

    Friday, August 18, 2017 5:07 PM
  • I tried using a package. If I use a Run PowerShell Script there's no way to run it as a different user. I also tried the package on the Run Command Line task and it failed with the same error.
    Friday, August 18, 2017 5:11 PM
  • no, I think, antoonb means this:

    -ComputerName "%COMPUTERNAME%"


    Best regards,
    Pavel


    Please remember to mark the replies as answers if they help...

    Friday, August 18, 2017 6:08 PM
  • Thanks. I'll give that a try.

    Skip

    Monday, August 21, 2017 1:51 PM
  • Thanks! That seems to have been the issue.

    Skip

    Monday, August 21, 2017 2:49 PM
  • Thanks for your help as well.

    Skip

    Monday, August 21, 2017 2:49 PM
  • It didn't work. SCCM says the task completed successfully but the PS script did not execute or execute correctly. Here's what appears in the SMSTS.log:

    Action command line: smsswd.exe /run: powershell.exe -ExecutionPolicy Bypass -File "\\dhp\systemdfs\cmapps\Scripts\SMS-TS-MoveOUAddGroup-Laptop.ps1" -ComputerName %COMPUTERNAME%]LOG]!><time="09:38:48.632+300" date="08-21-2017" component="TSManager" context="" type="1" thread="1056" file="tsxml.cpp:569">

    <![LOG[Adding instruction at 23]LOG]!><time="09:38:48.632+300" date="08-21-2017" component="TSManager" context="" type="1" thread="1056" file="tsxml.cpp:571">
    <![LOG[
    Parsing step node: Restart Computer]LOG]!><time="09:38:48.632+300" date="08-21-2017" component="TSManager" context="" type="1" thread="1056" file="tsxml.cpp:514">

    Monday, August 21, 2017 3:59 PM
  • I would use the -NoProfile argument to avoid loading a user profile.

    Best regards

    Flemming Appelon Christiansen

    Tuesday, August 22, 2017 7:36 AM
  • I found out a problem was the inability of the info from the command line to be passed onto the PS script as they ran as 2 different accounts. So the parameter in the script for $ComputerName was not being defined from the command line - "-ComputerName %COMPUTERNAME%".

    I removed the parameter from the PS script and added "$ComputerName = $env:COMPUTERNAME" so that the script itself would determine the computer name instead of waiting for the command line to pass it on.

    I also removed "-ComputerName %COMPUTERNAME%" from the command line so that it now reads "powershell.exe -ExecutionPolicy Bypass -File "\XXX\XXXXXXXXX\cmapps\Scripts\SMS-TS-MoveOUAddGroup-Laptop.ps1".

    Still, the task fails with the same error. It works fine if I run it from within the OS; just not during a task sequence. Here's the script:

    # Target Vars
    $ADGroup="XYZ"
    $TargetOU="OU=Laptops,OU=XXXXXXXX,OU=XXXXX,DC=XXXX,DC=ad,DC=XXXXXXXXX,DC=XXX"

    # Get current domain root
    $dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $root = $dom.GetDirectoryEntry()

    # Get computer name
    $ComputerName = $env:COMPUTERNAME

    # Call DirectorySearcher, apply filter, find computer object, find group object
    $search = [System.DirectoryServices.DirectorySearcher]$root
    $search.Filter = "(&(objectCategory=Computer)(CN=$ComputerName))"
    $result = $search.FindOne()
    $ComputerPath = $result.path
    $objComputer = [ADSI]"$ComputerPath"
    $search.Filter = "(&(objectCategory=Group)(CN=$ADGroup))"
    $result = $search.FindOne()
    $GroupPath = $result.path
    $objGroup = [ADSI]"$GroupPath"

    # Add computer object to AD Group
    $objGroup.Add("$ComputerPath")

    # Move computer object to Target OU
    $objComputer.psbase.MoveTo([ADSI]"LDAP://$TargetOU")

    # Suppress error
    exit 0

    Keeping in mind that I am no PowerShell expert, I still don't see anything here that would be attempting to reach out to the command line to get variables defined there. 

    Tuesday, September 19, 2017 3:46 PM