locked
Pull Value From AD Object and Put Into File RRS feed

  • Question

  • Hello all,

    We're needing to drop a license key for a product into a computer at time of re-image. We've chosen to store them in AD, and have a script pull that value and drop it into a file on the computer.

    Unfortunately, of the half-dozen-or-so times I've attempted to get a script working in an MDT task sequence, I have succeeded 0 times due to a complete lack of useful error codes on why they're not running. In the past I've always just found a workaround that avoided the use of a script, but I have been unable to find one for this.

    This is all in MDT version 6.3.8443.1000 (the build from hell... Come to think of it, I need to see of they've patched any of the bugs yet).

    I've tried this a couple of ways, but here's what I've got at this point:

    -License key stored in the "carlicense" attribute in AD.

    -PowerShell script with the following contents:

    $CompName = $Env:COMPUTERNAME
    $CompProperties = (([adsisearcher]"(&(objectCategory=Computer)(name=$CompName))").findall()).properties
    $LicenseKey = $CompProperties.carlicense
    
    if ($LicenseKey -ne $null) {
        New-Item "c:\ProgramData\path\to\file\licenses.key" -ItemType file -Force
        $LicenseKey | Set-Content "c:\ProgramData\path\to\file\licenses.key"
    }

    -Since this is pulling from AD, I think it needs to be run as a domain account rather than local administrator account (who it runs as, correct?), so have it set as follows:

    --"Run Command Line."

    --Command line: powershell.exe -ExecutionPolicy Bypass -Command .\SoftphoneLicensePull.ps1

    --Start in: %DeployRoot%\Custom

    --Run this step as the following account: [domain admin service account]

    --Load the user's profile: have tried this both checked and unchecked

    The error I'm getting whenever this fails is "The stub received bad data. (Error: 000006F7; Source: Windows)"

    When running the script under a user account once it is finished, it completes without an issue.

    Any ideas?

    Thanks

    Nate


    Tuesday, January 9, 2018 5:42 PM

All replies

  • I ran into similar issues while attempting to run a script that would add a computer object to an AD group, so I wrote a PowerShell wrapper to work around the issue. Give this a try:

    # Determine where to do the logging 
    $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment 
    $timestamp = (Get-Date -Format MM-dd_HH-MM)
    $logPath = $tsenv.Value("LogPath")  
    $logFile = "$logPath\$($myInvocation.MyCommand)_$timestamp.log"
    $ScriptName = $($myInvocation.MyCommand).Name
    
    # Create Logfile
    Write-Output "Create Logfile" > $logFile
     
    Function Logit($TextBlock1){
    	$TimeDate = Get-Date
    	$OutPut = "$ScriptName - $TextBlock1 - $TimeDate"
    	Write-Output $OutPut >> $logFile
    }
    
    $EncodedPwd = "DropYourBase64EncodedPasswordHere"
    $SecurePwd = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedPwd))
    $ScriptPath = $PSScriptRoot + "\AddW10Group.ps1"
    
    # Pre-Stage
    . Logit "Copying AddW10Group.ps1 to C:\MININT\SMSOSD ..."
    Copy-Item -Path $ScriptPath -Destination "C:\MININT\SMSOSD\AddW10Group.ps1" -Force
    
    # Run
    Try {
        $pinfo = New-Object System.Diagnostics.ProcessStartInfo
        $pinfo.FileName = "powershell.exe"
        $pinfo.RedirectStandardError = $true
        $pinfo.RedirectStandardOutput = $true
        $pinfo.UseShellExecute = $false
        $pinfo.CreateNoWindow = $true
        $pinfo.UserName = "account"
        $pinfo.Domain = "contoso"
        $pinfo.Password = (ConvertTo-SecureString -String $SecurePwd -AsPlainText -Force)
        $pinfo.Arguments = "-ExecutionPolicy Bypass -File C:\MININT\SMSOSD\AddW10Group.ps1 -Wait"
        $p = New-Object System.Diagnostics.Process
        $p.StartInfo = $pinfo
        $p.Start() | Out-Null
        $stdout = $p.StandardOutput.ReadToEnd()
        $stderr = $p.StandardError.ReadToEnd()
        $p.WaitForExit()
        . Logit "stdout: $stdout"
        . Logit "stderr: $stderr"
        . Logit "exit code: " + $p.ExitCode
    }
    Catch {
        Write-Error -Message "Something went wrong while attempting to add computer object to AD group. Exiting..." -Category NotImplemented 
        Exit 1
    }
    
    # Cleanup
    . Logit "Performing cleanup."
    . Logit "Removing AddW10Group.ps1 ..."
    Remove-Item -Path "C:\MININT\SMSOSD\AddW10Group.ps1" -Force -ErrorAction SilentlyContinue
    
    Exit 0


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".


    Tuesday, January 9, 2018 9:03 PM
  • Thank you for the reply!

    Ok, so nothing wrong with how I'm launching it? I don't know whether the script itself is even launching at all. I'll give your wrapper a try and see if I can get any logs from it, thanks!

    Tuesday, January 9, 2018 9:17 PM