Check if computer exists in AD in WinPE Task Sequence ?

Question

We have 2 domains and recently updated our DCs to 2016. Before, a computer could exist in domain1 and be reimaged in domain2 with no problem.

Now, we can't. So some techs don't check if the computer exists in the other domain and the task sequence fails.

I would like to add a verification step in my TS to check if the computer exists in the other domain. So far, I got this working in my WIndows session but it doesn't work in WinPE since I guess the account running might not have the proper rights to query AD ?

$domain = "domain1.csrdn.lan"
$computerName = "xxxxx"



if ($domain -eq "domain1.csrdn.lan") {$domainINVERSE_FQDN = "DC=domain2,DC=csrdn,DC=lan" ; $domaineInverse = "domain2.csrdn.lan"}
if ($domain -eq "domain2.csrdn.lan") {$domainINVERSE_FQDN = "DC=domain1,DC=csrdn,DC=lan" ; $domaineInverse = "domain1.csrdn.lan"}


    $objDomain = [ADSI]("LDAP://$domainINVERSE_FQDN")

    $computerFilter = "(&(objectClass=Computer)(name=$computerName))" 
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.SearchRoot = $objDomain 
    $objSearcher.PageSize = 1000

    $objSearcher.Filter = $computerFilter
    $ComputerDn = $objSearcher.FindOne()



    if ($ComputerDn) { .... }

I was wondering if you had a working way to check if the computer exists in another domain before being imaged ?

Answer 1

Hi,

We could come up with the following steps to complete this request:

1. Enable PowerShell in boot images.
2. Create a package that copy's Active Directory module files to the boot image, and run it in task sequence.
3. Create a PowerShell script that do the following:
   Interact with task sequence.
   load PowerShell form for prompting computer name selection.
   Import Active Directory module, securely connect to Active Directory and check the name against Active Directory.
   Set computer name as OSDComputername TS variable (assuming that the name not exists).

PowerShell form script:

######## Close the TS UI temporarily  
$TSProgressUI = New-Object -COMObject Microsoft.SMS.TSProgressUI  
$TSProgressUI.CloseProgressDialog()  
function button ($title,$mailbx, $WF, $TF) {  
###################Load Assembly for creating form & button######  
[void][System.Reflection.Assembly]::LoadWithPartialName( “System.Windows.Forms”)  
[void][System.Reflection.Assembly]::LoadWithPartialName( “Microsoft.VisualBasic”)  
#####Define the form size & placement  
$form = New-Object “System.Windows.Forms.Form”;  
 $form.Width = 500;  
 $form.Height = 150;  
 $form.Text = $title;  
 $form.StartPosition = [System.Windows.Forms.FormStartPosition]::CenterScreen;  
##############Define text label1  
 $textLabel1 = New-Object “System.Windows.Forms.Label”;  
 $textLabel1.Left = 25;  
 $textLabel1.Top = 15;  
$textLabel1.Text = $mailbx;  
############Define text box1 for input  
 $textBox1 = New-Object “System.Windows.Forms.TextBox”;  
 $textBox1.Left = 150;  
 $textBox1.Top = 10;  
 $textBox1.width = 200;  
  
#############Define default values for the input boxes  
$defaultValue = “”  
$textBox1.Text = $defaultValue;  
  
#############define OK button  
 $button = New-Object “System.Windows.Forms.Button”;  
 $button.Left = 360;  
 $button.Top = 85;  
 $button.Width = 100;  
 $button.Text = “Ok”;  
############# This is when you have to close the form after getting values  
 $eventHandler = [System.EventHandler]{  
 $textBox1.Text;  
 $form.Close();};  
$button.Add_Click($eventHandler) ;  
#############Add controls to all the above objects defined  
 $form.Controls.Add($button);  
 $form.Controls.Add($textLabel1);  
 $form.Controls.Add($textBox1);  
 $ret = $form.ShowDialog();  
  
#################return values  
return $textBox1.Text  
 }  
$return= button “Enter Computer Name” “Computer Name”  
#################Below variables will get the values that had been entered by the user  
$return  
  
#######################  
#Import AD Module#  
#######################  
$C = Get-Credential  
import-module activedirectory -force  
while (get-adcomputer -filter * -credential $c -server YOUR-DC-NAME | Where-Object { $_.Name -eq ("$return") })  
{$return= button “Enter Computer Name” “Computer Name Exist”  {break;}}  
########## Enter OSDComputername Value To TS  
  
   $OSDComputerName = $return  
   $TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment  
   $TSEnv.Value("OSDComputerName") = "$($OSDComputerName)"  
   $Form.Close()  

Here is the detailed article:
http://idanve.blogspot.com/2017/11/verify-computer-name-against-active.html
Note: Non-Microsoft link, just for the reference.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Now, we can't

Please define exactly what this means. What exactly is or is not happening that you expect or don't expect to happen (in technical terms)?

Also, what's the scenario here? Are you booting to media, PXE booting, initiating from software center?

ConfigMgr itself doesn't care at all or truly know whether a system is or is not joined to a domain or which domain it is joined to with respect to running a task sequence or any deployment for that matter. Without details of what's going on though not much can truly be said other than the path you're on (using a script to remove it from a domain) has no true value in addressing the generic issue you've described.

Answer 3

Sorry if this might have not been clear.

I am talking about reimaging a computer in PXE.

Here's the scenario :
We have 2 domains.
ComputerA exists in DomainA.
I did a small GUI menu in OSD so that when a technician wants to image a computer through PXE, he can select which domain he wants.
When he selects DomainB, the computer doesn't join the domain because it already exists in DomainA.
What I want to do is simply detect if the computer exists in the other domain before being imaged...

So if the technicien choses to image the ComputerA in DomainB, then I would like to check if it exists in DomainA. If so, I'll show a message saying to remove the computer object from AD in that domain and try again...

Answer 4

When he selects DomainB, the computer doesn't join the domain because it already exists in DomainA.

Similar question, what exactly does this mean in technical terms? There is no technical reason or limitation anywhere for this. More details are needed here to say much more though. What errors are shown and what do the log files say As noted, ConfigMgr has no knowledge whatsoever of which domain a system used to belong to (once its in WinPE, it no longer belongs to any domain).

Answer 5

Hi! In technical terms it means that in the Apply network settings, when the TS in OSD tries to join the computer to the domain, it gives no error so it looks like the computer joined the domain correctly... but in the end, it was not since it already exists in the other domain - and I don't have the c:\windows\panther\unattened*** files on hand since the computer is shutdown right now...

I would just like to detect wether the system exists in the other domain to avoid this kind of situation. Hope it's clear now? :)

Thanks !!