I checked the statistics for my blog and comments as well, the “old” vbscripts I wrote to Add a Computer to an AD group and Set AD Computer Description as still being downloaded, used and commented on. I mostly use webservices to manage tasks like this now, but they are still being used out there so it is time to update them to Powershell!
Here are three of the scripts in Powershell instead, AddtoADGroup, RemoveFromADGroup And SetADdescription. They can be downloaded here:
- Script to add/remove Computer from AD group: https://github.com/Ccmexec/MEMCM-OSD-Scripts
- Script to set the AD computer description: https://github.com/Ccmexec/MEMCM-OSD-Scripts
All scripts have to run in full OS and not in WinPE.
AddToADGroup
The script adds the computer it is being executed on to one or more AD Groups. “:” is the separator and if there is a space in the group name use “” as well. The account used to run the step must have permissions in AD to execute the command.
Example command line:
Powershell.exe -NoProfile -ExecutionPolicy Bypass –File AddToGroups.Ps1 “group1”:”group2”
RemoveFromADGroup
The script removes the computer it is being executed from one or more AD groups. “:” is the separator and if there is a space in the group name use “” as well. The account used to run the step must have permissions in AD to execute the command.
Example command line:
Powershell.exe -NoProfile -ExecutionPolicy Bypass –File RemoveADGroups.Ps1 “group 1”
SetADDescription
Sets a Description in AD on the computer object in AD it uses the name of the computer it is being executed on. Use “” around the description if the description contains spaces.
Example Command Line:
Powershell.exe -NoProfile -ExecutionPolicy Bypass –File SetComputerDesc.Ps1 “Test Computer”
NOTE: If you get an error like:
Exception calling “FindOne” with “0” argument(s): “Unknown error (0x80005000)”
Then check out this post on an old issue with the “Run this step as the following account” caused by .NET Framework 1.1 which is still cause a problem.
https://docs.microsoft.com/en-us/archive/blogs/deploymentguys/run-command-line-as-domain-user-incorrect-function-error
Hi Jörgen Nilsson,
Thanks very nice script. Do you happen to have a PowerShell script to prompt user to select OU Location.
Hi,
No but I can create one no problem.. more scripts on OU will be published tomorrow.
/Jörgen
Thank vaia for your tutrorial.
Hi,
Nice scripts and thanks for sharing. Do you have to grant admin rights to the workstation for svccm account. I have problems if I run the scripts during OSD but outside OSD they works great. I have tried different solutions but error comes with adsisearcher.
Hi,
I use a custom account that runs and executes the command in the Run Command Line step that has the correct permissions.
Regards,
Jörgen
Tried running the add to AD group setting and I keep getting the error –>
“Exception calling “IsMember” with “1” argument(s): “Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UKNOWNNAME))”
Please help!
I am seeing this same error. Was this ever resolved?
I had the same issue with an AD group that contained spaces and discovered that when I copied and pasted the command from this website it put the wrong type of double quotations in the task sequence. I also was putting in the domain name with the group variable and those two issues caused me to get the same error you were seeing. Just pass the group name as the variable (Test Group vs Domain\Test Group). Once I made those two minor changes then it worked just fine for me on Win10 1809 OSD TS with SCCM 1806 environment.
I had to add two lines to output the results of the two variables so I could then see that my group variable wasn’t being passed correctly and was therefore blank with the script was executing so you might want to try that as well to help narrow down why it’s failing. I added these lines right before the IF statement:
$ComputerDn | out-file “C:\windows\temp\output.txt”
$GroupDn | out-file -Append “C:\windows\temp\output.txt”
Jorgen, thanks for the awesome script.
Had the same issue with the quotes when copying… also added the variables to out towards a txt file. That is how i noticed that the group variable wasn’t filled.
I also had the same error. But this time there was no issue with double quotations. On my case the AD group in subject had a different sAMAccountName than CN/Name, and calling to the Name resulted to the same exception as above.
Could figure it out pretty easily by just looking it up via Get-ADGroup, which couldn’t find it.
Hi Jörgen,
how can I prompt for enter the Computer Description while osd?
thanks
Hi Jörgen,
how can I enter while osd for Description name ?
thanks
Hi,
Easiest way is to add a collection variable that is ha no value then you will be prompted for it, Otherwise a Powershell script or HTA works just as well.
Regards,
Jörgen
Hi Jorgen,
So if I just name the collection variable ComputerDescription with no value I should be prompted for it? But will it add that info to AD?
Good Morning Jorgen,
I am using UDI to install and I am needing to have a step that adds the computer to a specific AD group based on either
1. What the user chose as the OU they want in the UDI
2. A list that I can display
Any help would be appreciated
Hi!
A small note that made me scratch my head a bit.
In your example text you call your script with the name AddtoADGroups.p1 but in your download link the script is called AddToGroups.ps1. (This is correct in the example picture)
Took a while for me to notice this.
Thanks!
Sorry about that typo… Fixed it now!
thanks for the feedback!
Regards,
Jörgen
Hi Jorgen,
The RemoveADgroups script is awesome, however I am looking to remove the computer from all groups starting with “Staff-“, how am I able to use your script to achieve this?
Thanks
Luke
Hi Jorgen,
Attempting to add machines to groups I receive “Filed to run last action: Execution of Task sequence failed. Incorrect Function. (Error: 00000001; Source Windows)
Win10 1803 – SCCM 1806
PS: I recieve the same error on multiple scripts i use……vbs etc..
All seems to be around moving objects within AD..
Works fine out side of the TS
Would you be willing to elaborate on what you mean by: “I mostly use webservices to manage tasks like this now?”
Hi
I do not understand why I get this error in sccm.
The task sequence execution engine failed executing the action (Set AD Computer Description) in the group (State Restore) with the error code 1
Action output: … directory security
c:\_smstasksequence\packages\it10005b\tools\x86\preflight is a directory. Setting directory security
Content successfully downloaded at C:\_SMSTaskSequence\Packages\IT10005B.
Resolved source to ‘C:\_SMSTaskSequence\Packages\IT10005B’
Command line for extension .exe is “%1” %*
Set command line: Run command line
Working dir ‘C:\_SMSTaskSequence\Packages\IT10005B’
Executing command line: Run command line
Create a process under given user token
Process completed with exit code1
Exception calling “FindOne” with “0” argument(s): “Unknown error (0x80005000)”
Command line C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -file scripts\SetComputerDesc.ps1 “Vards Uzvards” returned 1
ReleaseSource() for C:\_SMSTaskSequence\Packages\IT10005B.
reference count 1 for the source C:\_SMSTaskSequence\Packages\IT10005B before releasing
Released the resolved source C:\_SMSTaskSequence\Packages\IT10005B
硅散瑰潩慣汬湩䘢湩佤敮•�. The operating system reported error 1: Incorrect function.
What I am missing?
I putted command in State Restore group of TS after Restart computer.
Thank you for these scripts! Very helpful. When using the AD description script, would it be possible to use one command line for all computers that lists the computer model?
Thanks a lot Jörgen. This powershell script is really nice – especially if you don’t have access to the Add-ADGroupMember cmdlet (from the ActiveDirectory powershell module) on the computer running this script.
I am experiencing the same issue as Kaspers. Any solution? What is different now than it was 6 months ago when it was working?
Windows 10 OSD fails exactly like Kaspers log shows.
Thanks in advance.
Hi Kaspars,
Did you ever get a fix for this error?
Thanks in Advance
Hello Keeren,
i had the same error during the task sequence and the solution was to include following two lines in the script:
Import-Module Microsoft.Powershell.Management
Import-Module Microsoft.Powershell.Utility
After this modification it started working.
Getting the same error. Imported these modules also, didnt help. Still getting the same error.
Anyone who managed to fix it?
Hello Jörgen,
could you please describe how you have created the package with the ps scripts. I spend days but it is still not working because powershell will blocked on client. I still allowed “bypass”.
Thanks in advance
Michael
I would also apreciate more detail on this. I have tried this example, and put the script in the scripts folder of the MDT folder and use “run powershell script.” All options caused my task sequence to fail and I have a feeling it is because of how the package is constructed.
Thank you
Jorgen,
your add to group command on this page is
Powershell.exe -NoProfile -ExecutionPolicy Bypass –File AddToGroups.Ps1 “group1”:”group2”
but your example in the downloaded script is
Powershell.exe -Set-ExecutionPolicy bypass -file .\Removefromgroup.ps1 ADgroup1:adgroup2:”AD group3″
The commandlines dont match and for clarity you should keep some consistency.
the -set-executionPolicy will not work, you dont have the -Noprofile and you have the leading .\ for the file name in he downloaed script example.
regards
Mark
I used the below link to create the package:
https://www.systemcenterdudes.com/sccm-deploy-powershell-script/
I can deploy the package to a built computer with a single line task sequence and run any script I want; however, when I incorporate the same step in an OS PXE deployment, the TS crashes. Any advise would be greatly apreciated.
Hi Jorgen,
Have you created one or know how to add data to “Managed By”, I know it’s a bit more tricky since its has to query AD users.
Thank you very much! This is super helpful!
Just posting this as it may help someone else out. If your TS fails because of the “Run this step as the following account”… it may be a .NET 1.1 issue. Fortunately, it’s just a small reg change to fix this:
https://blogs.technet.microsoft.com/deploymentguys/2012/04/24/run-command-line-as-domain-user-incorrect-function-error/
Thanks Jorgen for the script.
I have errors with the script if I am only trying to add to one group with no spaces in the group name. I can run the script with no problems if I am adding to two groups. How should the script command look if running with one group add without spaces in the name? Do I still need the quotes? Single quotes? I have tried various combinations.
Thanks in advance!
Hi, If you only are adding on Group then simply use quotes around it “group 1”
That will work.
Regards,
Jörgen
thanks for the script Jörgen, i used your ADComputerDescription script and works great. i haven’t tried it yet but can i use task sequence variable in place of adding the “Description” in the command line so that it is automated ? my description will have computername, location, deppartment etc” all of which will come from task sequence variables and will be combined as description. example %PCName%”,”%Location%, %Dept%
Hi I’ve added this to our task sequence executing the command with a domain admin (for now, will look in delegate control and a svc user later)
I’ve created a package with the PS script in it’s contents, i can see it’s copied correctly to the workingdir, however i keep getting a returncode 1.
I’ve crated the command line section as first step in the application installation section, and made sure it doesn’t run in Winpe.
Any ideas what’s going on?
Downloading file /SMS_DP_SMSPKG$/NG100019/sccm?/Addtogroups.ps1 range 0-669 InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Downloaded file from http://it49-cm-001.it49.local:80/SMS_DP_SMSPKG$/NG100019/sccm?/Addtogroups.ps1 to C:\_SMSTaskSequence\Packages\NG100019\Addtogroups.ps1 InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
VerifyContentHash: Hash algorithm is 32780 InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Content successfully downloaded at C:\_SMSTaskSequence\Packages\NG100019. InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Resolved source to ‘C:\_SMSTaskSequence\Packages\NG100019’ InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Command line for extension .exe is “%1” %* InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Set command line: Run command line InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Working dir ‘C:\_SMSTaskSequence\Packages\NG100019’ InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Executing command line: Run command line with options (0, 4) InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Create a process under given user token InstallSoftware 12.11.2019 12:53:55 4064 (0x0FE0)
Process completed with exit code 1 InstallSoftware 12.11.2019 12:53:59 4064 (0x0FE0)
Exception calling “FindOne” with “0” argument(s): “Ukjent feil (0x80005000)” InstallSoftware 12.11.2019 12:53:59 4064 (0x0FE0)
Command line is being logged (‘OSDDoNotLogCommand’ is not set to ‘True’) InstallSoftware 12.11.2019 12:53:59 4064 (0x0FE0)
Command line Powershell.exe -NoProfile -ExecutionPolicy Bypass –File Addtogroups.Ps1 ” ES_108867 ” returned 1 InstallSoftware 12.11.2019 12:53:59 4064 (0x0FE0)
ReleaseSource() for C:\_SMSTaskSequence\Packages\NG100019. InstallSoftware 12.11.2019 12:53:59 4064 (0x0FE0)
reference count 1 for the source C:\_SMSTaskSequence\Packages\NG100019 before releasing InstallSoftware 12.11.2019 12:53:59 4064 (0x0FE0)
Released the resolved source C:\_SMSTaskSequence\Packages\NG100019 InstallSoftware 12.11.2019 12:53:59 4064 (0x0FE0)
Process completed with exit code 1 TSManager 12.11.2019 12:53:59 3892 (0x0F34)
!——————————————————————————————–! TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Failed to run the action: AddToDAGroup. Error 1 TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Not in SSL. TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Set a global environment variable _SMSTSLastActionRetCode=1 TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Set a global environment variable _SMSTSLastActionName=AddToDAGroup TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Clear local default environment TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Let the parent group (Install Core Apps) decides whether to continue execution TSManager 12.11.2019 12:53:59 3892 (0x0F34)
The group (Install Core Apps) ignored action failure and continue execution on the next step following the group. TSManager 12.11.2019 12:53:59 3892 (0x0F34)
Hi Jorgen
The script works great when I run it manually on a PC, but fails when run in the Task Sequence with the same error as people above have mentioned – Exception calling “FindOne” with “0” argument(s): “Unknown error (0x80005000)”
The script is being called but it seems that the arguments are not being fed into it. I’ve checked copied and pasted speechmarks and corrected those but it still doesn’t work.
Can you help?
Hi,
yes I will update the post, this is most likely caused by an old .Net framework 1.1 issue. which is described here https://docs.microsoft.com/en-us/archive/blogs/deploymentguys/run-command-line-as-domain-user-incorrect-function-error
Hello, if the machine you try to add is on another different domain than the user account which is used to query the active directory with this script it gives no error but empty result.. you’ll ahev to adapt a litle bit the script to query the domain you need with ADSIsearcher..
Hi Jorgen,
I have been getting Failed to run the action: Add System to XXX Domain Group.
Incorrect function. (Error: 00000001; Source: Windows)
I also followed the article https://docs.microsoft.com/en-us/archive/blogs/deploymentguys/run-command-line-as-domain-user-incorrect-function-error to add the additional tasks that are recommended.
Can you please advise?
Hi Jorgen,
I have been trying the powershell script in Windows 10-1909 TS and getting the error of Incorrect function. (Error: 00000001; Source: Windows). I also tried to follow the URL “https://docs.microsoft.com/en-us/archive/blogs/deploymentguys/run-command-line-as-domain-user-incorrect-function-error”
Command line Powershell.exe -NoProfile -ExecutionPolicy Bypass –File AddToGroups.Ps1 “GRP Windows 10 DirectAccess Clients” returned 1 InstallSoftware 23/07/2020 2:48:05 PM 5744 (0x1670)
ReleaseSource() for C:\_SMSTaskSequence\Packages\TBS00214. InstallSoftware 23/07/2020 2:48:05 PM 5744 (0x1670)
reference count 1 for the source C:\_SMSTaskSequence\Packages\TBS00214 before releasing InstallSoftware 23/07/2020 2:48:05 PM 5744 (0x1670)
Released the resolved source C:\_SMSTaskSequence\Packages\TBS00214 InstallSoftware 23/07/2020 2:48:05 PM 5744 (0x1670)
Process completed with exit code 1 TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
!——————————————————————————————–! TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Failed to run the action: Add System to New Direct Access Domain Group.
Incorrect function. (Error: 00000001; Source: Windows) TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Not in SSL TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Set a global environment variable _SMSTSLastActionRetCode=1 TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Clear local default environment TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Let the parent group (Add System to DirectAccess Domain Group) decides whether to continue execution TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Let the parent group (Cleanup) decide whether to continue execution TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
The group (Cleanup) ignored action failure and continue execution on the next step following the group. TSManager 23/07/2020 2:48:05 PM 5440 (0x1540)
Can you please advise?
Hi Ron,
i am getting the following error,
Execptection calling “Add” with “1” arguments(s): “Access is denied” (Exception from HRESULT: 0X8007005 (E_Accessdenied))”
Please advice,
Kannan.CS
Hi,
If you run the script with the same account as you use in the Task Sequence manually does it work then? it sounds like a permission issue.
Regards,
Jörgen
FYI your links to the scripts on Technet Gallery no longer seem to work…? They just take me to the default Gallery search page, and searching for your script names does not work.
Thanks updated the link to my GitHub instead, where you wull find the scripts.
Regards,
Jörgen
Hello Jörgen,
Thanks for moving the scripts to GitHub, however I can’t find the SetComputerDesc.Ps1 one?
Thanks,
Sylvain
Hi,
Thanks for pointing it out. I have uploaded it now.
Regards,
Jörgen
Thank you!
I’m not very good with scripting. This works great. However, how would i add some error detection. For instance in my use case. The group might be called something slightly different in the site ou’s. If i was to put both groups in that it could be. It would error out, once one of the group couldn’t be found. Is there a way to have it skip a group if not found and move on to the next? I’m generating the two possibilities using a site Variable from SCCM.
Hi Jörgen,
May I ask, what permissions are required to allow the AddToADGroup script to work?
For testing purposes, I am running as a full admin in my lab and it does not work. I am seeing similar results to others with:
“Exception calling “IsMember” with “1” argument(s): “Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UKNOWNNAME))”
Is there anything else on the AD group side that needs to be adjusted for it to work?
Struggled with this one.
Noticed that I had to change sAMAccountName for CN and remove the $ after COMPUTERNAME to make it work.
This did not work:
$ComputerDn = ([ADSISEARCHER]”sAMAccountName=$($env:COMPUTERNAME)$”).FindOne().Path
This worked:
$ComputerDn = ([ADSISEARCHER]”CN=$($env:COMPUTERNAME)”).FindOne().Path
Otherwise a really helpful script. Thanks!
For those that are getting the “Exception calling “FindOne” with “0” argument(s): “Unknown error (0x80005000)”, try to move this task up the TS, prior to any app installs. That addressed the issue for us.
Hello friends
I have issue to use the script in OS deployment TS. When i am running the script in full os as a deployed ts ,it works.but in the part of OS deploy given this error.
Please help.
The task sequence execution engine failed executing the action (AddToAdgroup) in the group (Windows 10 Customization) with the error code 1
Action output: … ]>
List of files to be downloaded
File: http://SCCMserver:80/sms_dp_smspkg$/p0100074/sccm?/AddToGroups.ps1
GetDirectoryListing() successfully completed
Failed to find resource file TSRES.DLL for locale 1053
Succeeded loading resource DLL ‘C:\WINDOWS\CCM\1033\TSRES.DLL’
401 – Unsuccessful with anonymous access. Retrying with context credentials.
Downloading file /sms_dp_smspkg$/p0100074/sccm?/AddToGroups.ps1 range 0-660
Downloaded file from http://SCCMserver:80/sms_dp_smspkg$/p0100074/sccm?/AddToGroups.ps1 to C:\_SMSTaskSequence\Packages\P0100074\AddToGroups.ps1
VerifyContentHash: Hash algorithm is 32780
Content successfully downloaded at C:\_SMSTaskSequence\Packages\P0100074.
Resolved source to ‘C:\_SMSTaskSequence\Packages\P0100074’
Command line for extension .exe is “%1” %*
Set command line: Run command line
Working dir ‘C:\_SMSTaskSequence\Packages\P0100074’
Executing command line: Run command line with options (0, 4)
Create a process under given user token
E. The operating system reported error 1: Incorrect function.
Hi,
isn’t possible to run the script AddToGroups.ps1 in SCCM directly as powershell script, instead of to run command line?
I’m trying to do, but the pc is not added to the group.
What can be the cause=
Hi,
This script is awesome! Can you please advise how to add the variable at the end of the command line instead of the static description?
Thanks
Hi, Glad to hear that!
Just include the variable in the command %Descripton% for example.
Regards,
Jörgen
When I add %Description% in the command line it updates the AD record with the same %Description% instead of the variable value. Thanks
Hi, Do you have a variable called Description? I have a step in my Task Sequence that created the Description variable, then use this command. works great.
Regards,
Jörgen
Hi,
Yes, I have created a custom TS variable named “Description”. It prompts when imaging starts and I put the value but added %Description% at the end of the command is not picking up the value that I entered in the beginning and only picks up the text that is “%Description%”.
Can you please guide me on how to add variable value there?
Thanks
Hi Jörgen,
The script works flawlessly when I run it on a local computer but, it’s not adding any description to AD when running in Tasks Sequence. Do you know where should I add this in Task Sequence.
I really appreciate your help!
Thanks
I want to use a service account in order to execute the AddtoGroup script, what permission does the service account need in AD and the target group ?
The scripts works perfectly with the Domain admin but i want to use a svc account with minimal permission.
Thank you in advance
Was wondering if it would be possible to add a retry mechanism for instances where the network might be going through outages or lost packets…