Re: OSD - Adding computers to AD Group during State Restore with VBScr

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

OSD only uses the advanced client network access account or the software
installation account to make connections to UNC paths; it does not actually
run with these accounts. The state restore phase is running in the context
of the computer account, and the computer account does not have permission
to do what you are looking to do.

The only workaround for this is to specify explicit credentials when making
the initial LDAP connection to AD (using OpenDSObject I believe); the
credentials specified would need to have the rights to modify the groups.

-Michael Niehaus
Systems Design Engineer
mniehaus@xxxxxxxxxxxxx
This posting is provided "AS IS" with no warranties, and confers no rights.


"Andrew Manian" <AndrewManian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:68BEA2D0-C1BD-499E-A9D0-CCED016BD758@xxxxxxxxxxxxxxxx
> Hello.
>
> I am looking for the best way to add computers to AD groups when they are
> imaged with vanilla OSD (no BDD backend). Currently I am attempting to
> do
> this via a VBScript in the state restore phase, but this fails. The
> script
> works fine when run manually, but does not work via OSD state restore,
> which
> is set to run using the software installation account (domain admin).
> The
> Is anyone else doing this, who could provide any pointers/direction? Im
> a
> bit of an OSD newb. Here is the code I am running today.
> '-----------------------------------------------------------------------
> On Error Resume Next
>
> Set sho = CreateObject("Wscript.Shell")
>
> Dim oGroup, objLDAP
>
> PCNAME =
> sho.regread("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName")
>
> objLDAP = "LDAP://CN={TARGET GROUP NAME},OU=" & "IT" & ",OU=" &
> "departments" & ",DC=corp,DC={Company Name},DC=com"
>
> Set oGroup = GetObject(objLDAP)
>
> oGroup.Add ("LDAP://CN="; & PCNAME &
> ",ou=computers,ou=departments,DC=corp,DC={Company Name},DC=com")
>
> Set oGroup = Nothing
>
> '-----------------------------------------------------------------------
>
> TIA!
>
> /[


.

Relevant Pages

  • Re: SMS OSD ConnectUNC Problem
    ... I'm getting an error in the OSDAgent log when i try running an OSD ... I've checked the SMS network service account mapping that same package ... particular the ConnecttoUncPath function within OSD. ...
    (microsoft.public.sms.tools)
  • Re: OSD PreInstall and PostInstall Slow to execute
    ... Windows PE' in the OSD manual) and use 'net use' to connect to the share. ... brett flegg | software design engineer/test | SMS | OSD FP ... > to the SMS server with my account and password info. (which was ... > needed to connect with to an UNC path with account creds. ...
    (microsoft.public.sms.tools)
  • Re: OSD - Adding computers to AD Group during State Restore with V
    ... Aha - Credentials indeed. ... Passing a specific user/pass via the script looks to be the ... >> OSD only uses the advanced client network access account or the software ... >>> imaged with vanilla OSD. ...
    (microsoft.public.sms.tools)
  • Re: OSD - Adding computers to AD Group during State Restore with VBScr
    ... try to modify your script to look like this: ... Set oGroup = Nothing ... > OSD only uses the advanced client network access account or the software ... >> imaged with vanilla OSD. ...
    (microsoft.public.sms.tools)
  • Re: Backup to external drive on another computer
    ... Problem setting up Permissions, as follows: ... Under Incoming connections, in Devices, click the check boxes next to the ... this new account will be greatly appreciated. ...
    (microsoft.public.windowsxp.general)