none
Trying to use a task sequence to add a computer to a security group RRS feed

  • Question

  • I am using the following code to try to add a security group to a computer account when I am imaging using MDT 2012.  I get the following errors after the imaging process has completed.  

    Any help would be greatly appreciated.

    Thanks,

    Andy

    Exception calling "InvokeMember" with "5" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" TaskSequencePSHost 03/24/2015 8:45:29 AM 0 (0x0000)
    At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:26 char:2
    +     $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, ...
    +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TaskSequencePSHost 03/24/2015 8:45:29 AM 0 (0x0000)
    NotSpecified: (:) [], MethodInvocationException TaskSequencePSHost 03/24/2015 8:45:29 AM 0 (0x0000)
    The following exception occurred while retrieving member "Get": "The specified domain either does not exist or could not be contacted.
    " TaskSequencePSHost 03/24/2015 8:45:31 AM 0 (0x0000)
    At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:30 char:2
    +     $strDomainPath = $ORoot.Get("defaultNamingContext")
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TaskSequencePSHost 03/24/2015 8:45:31 AM 0 (0x0000)
    NotSpecified: (:) [], ExtendedTypeSystemException TaskSequencePSHost 03/24/2015 8:45:31 AM 0 (0x0000)
    Exception calling "Execute" with "1" argument(s): "An invalid directory pathname was passed
    " TaskSequencePSHost 03/24/2015 8:45:32 AM 0 (0x0000)
    At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:38 char:3
    +         $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE ...
    +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TaskSequencePSHost 03/24/2015 8:45:32 AM 0 (0x0000)
    NotSpecified: (:) [], MethodInvocationException TaskSequencePSHost 03/24/2015 8:45:32 AM 0 (0x0000)

    Param(
    [string[]]$GroupNames,
    [String]$Admin,
    [String]$Password
    )
    if($GroupNames)
    {
    [int] $ADS_PROPERTY_APPEND = 3
    #Get the computer DN
    $SysInfo = New-Object -ComObject "ADSystemInfo"
    $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
    $ComputerDN = "LDAP://$UserDN"
    #Get the Domain DN
    $ORoot = [ADSI]"LDAP://rootDSE"
    $strDomainPath = $ORoot.Get("defaultNamingContext")
    #Create ADODB connection
    $oConnection = New-Object -ComObject "ADODB.Connection"
    $oConnection.Provider= "ADsDSOObject"
    $oConnection.Open("Active Directory Provider")
    foreach($groupname in $GroupNames)
    {
    #Get the specefied group
    $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE objectCategory='group' AND  Name='$groupname'")
    If (!$oRs.EOF)
    {
    $strAdsPath = ($oRs.Fields |  Select value ).value
    }
    If($strAdsPath)
    {
    If($Admin -and $Password)
    {
    $objGroup = New-Object DirectoryServices.DirectoryEntry($strAdsPath,$Admin,$Password)
    }
    Else
    {
    $objGroup = [ADSI]$strAdsPath
    }
    $objComputer = [ADSI]$ComputerDN
    #verify if the computer is a member of the Group
    If ($objGroup.ismember($objComputer.adspath) -eq $false) 
    {
    #Add the the computer to the specefied group
    $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN"))
    $objGroup.setinfo()
    }
    }
    }
    }

    Tuesday, March 24, 2015 4:32 PM

All replies