locked
Delete computer from AD, join to AD then move to new OU script RRS feed

  • General discussion

  • Is there a PS script that I can use or a guide I can be shown that shows me how to do the following:

    I use WDS with MDT (not SCCM).

    Currently, when re-imaging a computer have to manually delete the computer from AD so that when the joindomain TS runs, the computer is added to my "staging" OU. This OU was created so that the company agreement window does not break the autologin sequence when MDT is imaging a computer. Once the image is complete, I move the device to the proper OU that the Task sequence is built for. Example, I have a TS that's designed to install all the software that our Support team uses so when the TS is finished I would move the computer to the Support OU.

    What I am looking for:

    A vbs or PS script that first scans  AD (I have two 2012r2 AD servers in failover move if that matters) for the PC name that it was given during the MDT wizard before the device is attempted to join the domain. Once the device is found, it is deleted from AD. Then the device is joined to the domain and sent to the "staging" OU (currently the custom.ini joins the device to the proper OU only if the device is not in AD. If it is, then it does not move the device to the staging OU. It stays in whatever OU it was in prior to the re-image, this breaks the TS which I explained above). Once the rest of the TS is finished I would like one more script to move the device from the staging OU to a new OU. Since the script will be running locally on the PC, the script must be able to identify what the computer name is and ONLY move that computer to the new 

    If you could help me with this, that would be greatly appreciated.

    Thanks!
    Tuesday, June 20, 2017 6:32 PM

All replies

  • What I am looking for:

    Unfortunately you are looking in the wrong place, because this isn't a script request forum.

    Please read this first (it's right at the top of this forum):

    This forum is for scripting questions rather than script requests


    -- Bill Stewart [Bill_Stewart]

    Tuesday, June 20, 2017 6:36 PM
    Moderator
  • I appreciate the reply back and I have already read what you have provided, but as you can see my first and only question was to see if a script(s) existed. I was not asking anyone to write a script for me. I went into detail of what I am looking for so I do not get simple "Move to new OU script" links as I have read millions of those threads already. 

    If someone can point me to a script that already exists, that would be fantastic. :)

    Tuesday, June 20, 2017 6:41 PM
  • The odds of finding a script that already does exactly what you want is probably pretty small, but of course you're free to search. The gallery probably contains scripts that do similar kinds of things to what you want, and you can use those as examples.

    As far as pointing you to a specific script, unfortunately we don't have the time to research this for you. You will need to do the searching on your own. (Keep in mind that we're volunteers - this forum is peer-to-peer with no SLA.)


    -- Bill Stewart [Bill_Stewart]

    Tuesday, June 20, 2017 6:45 PM
    Moderator
  • Again, thank you. I understand what this forum is for and how it works. I came here because what I am looking for does not seem to be that odd of a script since many people use MDT and SCCM. Joining domains, moving OU's and such are very common. Unfortunately, I am no scriptor (scripter?  either way I don't write scripts or programs) so I cannot accomplish this on my own. I do not need people researching this for me, I have spent a few days looking for something similar. I figured I might get lucky and someone who is in the Desktop Administration role and works with MDT/SCCM would see this and know exactly what I am speaking of.

    Thanks again, Bill.

    Tuesday, June 20, 2017 6:51 PM
  • Good luck with your search. If this is a pressing need for your organization, you may need to hire a consultant.

    -- Bill Stewart [Bill_Stewart]

    Tuesday, June 20, 2017 6:54 PM
    Moderator
  • Moderator or not, please remove yourself from my post. At this point you are just flooding it with non-sense.

    Removing your unhelpful and uninformative comments would be much appreciated too.

    • Edited by TheUsD Tuesday, June 20, 2017 6:57 PM
    Tuesday, June 20, 2017 6:56 PM
  • I agree with Bil.  You question is more tailored to needing a consultant to sort out what you are trying to do.

    Mostly, MDT can do all of this without a script so you should start in the MDT forum to learn how to use MDT to perform most of your requirements.

    Unfortunately forums are not a good place to ask for extensive and complex solutions.  Scripting forums are designed to answer specific questions about scripting and no as a place to find free scripts or have people design scripts for you.  If you can't find a script by search then pick one that is close and modify it.  You can then post back with specific issues you may be having.


    \_(ツ)_/

    Tuesday, June 20, 2017 8:35 PM
  • Thank you for your reply.
    If MDT could do this, I would have not posted this question. MDT can only join a device to a domain. Once you have chosen the domain, it is up to a vbs or PS script to tailor the rest. Again, this is not a very unique question to ask. 

    If you are to ask someone in the field who uses MDT / SCCM they will direct you to scripting. Either way, I'm asking a question for exposure. There is absolutely no reason to mark a question answered without there being an answer. Marking it answered would not only prolong the possibly of someone who knows of a script or has a script posting a link to my question, but could also make someone who has the same question click this thread and read all of the unhelpful comments.

    I am not needing a consultant as I am the person who manages all the imaging. I can manage the task manually but am looking to make a few things more automated for myself so I can concentrate on other tasks and be more proficient. 

    • Edited by TheUsD Tuesday, June 20, 2017 8:47 PM
    Tuesday, June 20, 2017 8:45 PM
  • So what you are trying to do has nothing to do with an MDT.  If that is the case then, if you ask a basic scripting question, you will likely find it easier to find an answer.

    If you are looking for how to move an object in AD then ask that question. "How do I move an object to a new OU?"

    Which by the way can be included in an MDT XML spec.  It can join into  a default OU or specific OU and "post-imaging" move to a new OU.

    To move with PowerSHell read the following:

    help Move-AdObject -Full


    \_(ツ)_/

    Tuesday, June 20, 2017 8:57 PM
  • It sounds to me like you think you need to move the computer object after creating it.

    I would recommend creating the computer in the OU that you want to begin with. Then there's no need to move it afterward. PowerShell:


    PS C:\> New-ADComputer COMPUTER1 -Path "OU=My OU,DC=fabrikam,DC=com"


    -- Bill Stewart [Bill_Stewart]

    Tuesday, June 20, 2017 9:02 PM
    Moderator
  • In SCCM or MDT (which ever you prefer) it is best practice to have a staging OU that only contains a few GPO's that you need for security. The main reason you do this is as most companies have a ***Warning*** or ***Company Policy* message before logging into a PC. Your "staging" OU should not contain this GPO because when MDT or SCCM completes the Out of the Box experience, it joins the device to the domain and starts the beginning Task Sequences (TS)  such as installing programs, windows updates, drivers. This causes the device to reboot several times before finishing the TS. When it reboots, MDT uses an account that autologs in and continues the bootstrap process. If lets say, I was to tell MDT to just join the PC to my support OU where the company policy is applied then this would break the autologin for bootstrap to continue and you would have to sit at the device and click "ok" each time the policy was displayed. Thus, "Stagging" OU, lol.

    The issue with:
    PS C:\> New-ADComputer COMPUTER1 -Path "OU=My OU,DC=fabrikam,DC=com"

    Is that you would still have to (from my understanding) manually edit the
    script to the computer I am imaging which is still a manual process, lol.

    • Edited by TheUsD Tuesday, June 20, 2017 9:27 PM
    Tuesday, June 20, 2017 9:19 PM
  • Do you have a specific scripting question you'd like to ask?

    If not, then we need to close this topic, because as noted, this is not a consulting forum.

    (By consulting: I mean that you specify your requirements and someone confers with you and writes code for you that meets those requirements. That's not the purpose of this forum.)


    -- Bill Stewart [Bill_Stewart]

    Tuesday, June 20, 2017 9:40 PM
    Moderator
  • Here is an example of how to join to a staging OU then move to a target OU using deployment technologies.  There are other approaches that can also be used.

    http://maikkoster.com/moving-computers-in-active-directory-during-mdt-deployments-step-by-step/

    I recommend going over the documentation for the current version of MDT. All of this can also be done with SCCM with basic "Task Sequences".

    Post in the MDT forum for help with getting your outcome.  Most experienced users of MDT can show you where to look in MDT to tweak your deployments.

    As Bill has noted, you are not asking a scripting question.  You are fighting with how to use MDT to do a simple MDT task.

    Here is a link to the MDT forum: Microsoft Deployment Toolkit


    \_(ツ)_/


    • Edited by jrv Tuesday, June 20, 2017 10:04 PM
    Tuesday, June 20, 2017 10:03 PM
  • Here is another article showing how to define "Post OS" tasks. https://scriptimus.wordpress.com/2012/09/13/ltizti-deployments-post-os-task-sequence/

    It is recommended that all security group additions and OU moves be added as a Custom Task".

    To do this on workstations and computers without RSAT installed you would use basic ADSI.  See Gallery for many examples of ADSI scripts that can perform all of these tasks.  Arguments to these scripts are provided for the Task Sequence variables as defined by your deployment type.

    I did a quick search and found at least 10 methods moving a computer account to a new OU with MDT. This is but one method. Under SCCM there are other, more useful, methods for doing this.

    By posting in the MDT forum you will find other users of MDT will have other methods that will help you resolve your issue.

    Again - this is not really a scripting issue. It is a deployment issue and requires that you have a good understanding of MDT and deployment technologies.


    \_(ツ)_/

    Tuesday, June 20, 2017 11:49 PM

  • I did a quick search and found at least 10 methods moving a computer account to a new OU with MDT. 

    Again - this is not really a scripting issue. It is a deployment issue and requires that you have a good understanding of MDT and deployment technologies.


    \_(ツ)_/

    As much as I appreciate the condensing tone as the next person, I've read this along with countless other articles.

    This is a scripting issue.

    Bill, 
    A few replies prior you asked if I had any specific scripting questions. Yes I do. See if you can help answer this one, if you can't no need for replying. 

    Thanks!

    Is there a PS script that I can use or a guide I can be shown that shows me how to do the following:

    I use WDS with MDT (not SCCM). 

    Currently, when re-imaging a computer have to manually delete the computer from AD so that when the joindomain TS runs, the computer is added to my "staging" OU. This OU was created so that the company agreement window does not break the autologin sequence when MDT is imaging a computer. Once the image is complete, I move the device to the proper OU that the Task sequence is built for. Example, I have a TS that's designed to install all the software that our Support team uses so when the TS is finished I would move the computer to the Support OU.

    What I am looking for:

    A vbs or PS script that first scans  AD (I have two 2012r2 AD servers in failover move if that matters) for the PC name that it was given during the MDT wizard before the device is attempted to join the domain. Once the device is found, it is deleted from AD. Then the device is joined to the domain and sent to the "staging" OU (currently the custom.ini joins the device to the proper OU only if the device is not in AD. If it is, then it does not move the device to the staging OU. It stays in whatever OU it was in prior to the re-image, this breaks the TS which I explained above). Once the rest of the TS is finished I would like one more script to move the device from the staging OU to a new OU. Since the script will be running locally on the PC, the script must be able to identify what the computer name is and ONLY move that computer to the new 

    If you could help me with this, that would be greatly appreciated.

    Thanks!


    Wednesday, June 21, 2017 12:03 AM
  • It is very hard to understand your question as it always begins with a reference to MDT.  This is not an MDT forum.

    You are not asking a scripting question.  You are asking for a number of scripts to do various tasks.  How about asking a single scripting question with no reference to MDT.

    What is you first script issue?


    \_(ツ)_/

    Wednesday, June 21, 2017 12:07 AM