myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


LDAP Queries into Windows PE 2.0

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> LDAP Queries into Windows PE 2.0 Page: [1]
Login
Message << Older Topic   Newer Topic >>
LDAP Queries into Windows PE 2.0 - 8/4/2008 3:09:56 AM   
lnesta431


Posts: 922
Score: 59
Joined: 1/26/2006
From: Brussels, Belgium
Status: offline 		Hi



I'm struggeling with a vbscript to move AD objects in the Post Install Phase of OSD.



It looks like the LDAP queries are working fine. Example: Locate OU where the machine is currenlty member of works fine.



But once the MoveHere command needs to be executed, it looks like the script is running fine but in fact nothing happened.

The scripts works correct in a Windows env., so it looks I'm missing a component in Windows PE??



Is ADSI installed by default in WinPE? I suppose yes, as I can execute the LDAP queries?



Thanks Nico



_____________________________

----------
Please rate if this has helped you! Tnx!

Check out my NEW blog: http://nicosienaert.blogspot.com/
----------
Post #: 1
RE: LDAP Queries into Windows PE 2.0 - 8/4/2008 8:48:43 AM   
wbracken


Posts: 1036
Score: 22
Joined: 4/12/2002
From: St. Louis
Status: offline 		ADSI support is not inherent to Windows PE.  Check my blog here for information on what you need to do to add the proper support:

http://www.clientarchitect.com/blog1.php/2008/06/18/windows-pe-2-0-ad-scripting-requirements

:)



_____________________________

William Bracken

Visit my new Blog
http://wbracken.wordpress.com/

(in reply to lnesta431)
Post #: 2
RE: LDAP Queries into Windows PE 2.0 - 8/4/2008 10:07:36 AM   
lnesta431


Posts: 922
Score: 59
Joined: 1/26/2006
From: Brussels, Belgium
Status: offline 		Hi William

Thanks I'll give it a shot!

Following is not really clear for me, "load the SOFTWARE hive from your PE 2.0 Boot WIM"

Does this also happen via imagex?


_____________________________

----------
Please rate if this has helped you! Tnx!

Check out my NEW blog: http://nicosienaert.blogspot.com/
----------

(in reply to wbracken)
Post #: 3
RE: LDAP Queries into Windows PE 2.0 - 8/4/2008 11:06:17 AM   
lnesta431


Posts: 922
Score: 59
Joined: 1/26/2006
From: Brussels, Belgium
Status: offline 		OK didn't noticed the attached text file

I'll let you know


_____________________________

----------
Please rate if this has helped you! Tnx!

Check out my NEW blog: http://nicosienaert.blogspot.com/
----------

(in reply to lnesta431)
Post #: 4
RE: LDAP Queries into Windows PE 2.0 - 8/4/2008 12:04:28 PM   
lnesta431


Posts: 922
Score: 59
Joined: 1/26/2006
From: Brussels, Belgium
Status: offline 		Hi William

Unfortunately no success. I think it all went fine (copying dll's and importing the reg) because when remouting
everything is there.

I'm wandering if I really miss ADSI are not.

Isn't strange that I can query AD without problems? it's only the movehere command to move an object that is giving issues.

Were you able to move objects after adding these change to your boot image?

tnx

Nico


_____________________________

----------
Please rate if this has helped you! Tnx!

Check out my NEW blog: http://nicosienaert.blogspot.com/
----------

(in reply to lnesta431)
Post #: 5
RE: LDAP Queries into Windows PE 2.0 - 8/4/2008 11:59:51 PM   
rbennett806


Posts: 821
Score: 13
Joined: 6/14/2006
Status: offline 		When you were testing your VBScript, did you test it on a Windows machine that was NOT bound to the domain?

And maybe you can post the line(s) of code related to the MoveHere command?

(in reply to lnesta431)
Post #: 6
RE: LDAP Queries into Windows PE 2.0 - 8/5/2008 1:29:47 AM   
lnesta431


Posts: 922
Score: 59
Joined: 1/26/2006
From: Brussels, Belgium
Status: offline 		Hi rbennett

This is a part of the script,

The way I located a PC in Active Directory. This works in WinPE.

strSQL = "SELECT * FROM 'LDAP://domain.com/DC=Domain,DC=COM' Where cn='" & strcomputername & "'"
  Set oConn = CreateObject("ADODB.Connection")
  oConn.Provider = "ADSDSOObject"
  oConn.Open "ADS Provider"
  Set rs = oConn.Execute(strSQL)
  on error resume next
  Set sComputerID = GetObject(rs.Fields(0).Value)
  Computer = sComputerID.distinguishedName

----------------------------------------------------------------------------

The command that I use to move. (off course the variables are declared, the message boxes are popping me the expected result) The script skipps the MoveHere command.

     StrNewParentDN = "LDAP://" & strobjectouNEW
      'msgbox strnewparentdn
      strObjectDN    = "LDAP://cn=" & strcomputername & "," & strobjectouOLD
      'msgbox strObjectDN
          strObjectRDN   = "cn=" & strcomputername
      'msgbox strObjectRDN

              set objCont = GetObject(strNewParentDN)
              objCont.MoveHere strobjectdn, strobjectrdn

     
         ' msgbox "mOVE OK"

        Set objCont = Nothing
        Set objObject = Nothing
-----------------------------------------------------------------------------------------

What do you mean with not bound? I run the script in the PostInstall phase so the machine has joined to the domain
at this point, I just want to move the machine if needed.

Thanks!

Nico

< Message edited by lnesta431 -- 8/5/2008 1:31:14 AM >

_____________________________

----------
Please rate if this has helped you! Tnx!

Check out my NEW blog: http://nicosienaert.blogspot.com/
----------

(in reply to rbennett806)
Post #: 7
RE: LDAP Queries into Windows PE 2.0 - 8/6/2008 5:24:43 PM   
rbennett806


Posts: 821
Score: 13
Joined: 6/14/2006
Status: offline 		Does this: http://www.myitforum.com/forums/How_to_query_AD_from_WinPE_2%250/m_150401/tm.htm help?

And by "not bound" I meant, you had said that "The scripts works correct in a Windows env", so I wasn't sure how you had tested it. If you were simply launching it from a normal Windows machine, make sure the machine isn't bound to the domain...

(in reply to lnesta431)
Post #: 8
RE: LDAP Queries into Windows PE 2.0 - 8/7/2008 12:00:37 PM   
tmiller


Posts: 665
Score: 18
Joined: 7/29/2003
From: Iowa
Status: offline 		PE makes this kind of messy I think.  Not only are you running from a non-domain computer, you are running from a non-domain user account.  I don;t see anywhere where you are binding a user to AD.  How are you authenticating to AD?  It would work from windows because you are logged in with a user that has rights to move computers in AD.  When you are booted off WinPE you aren't.  Maybe you are doing this in another part of the script and just didn;t post it.  If you aren;t then I think that could be your problem.

The moving part of the script looks OK as long as your target path right.  I can look and see if I have an example about binding to AD from WinPE if you need it.

(in reply to rbennett806)
Post #: 9
RE: LDAP Queries into Windows PE 2.0 - 8/7/2008 3:35:36 PM   
lnesta431


Posts: 922
Score: 59
Joined: 1/26/2006
From: Brussels, Belgium
Status: offline 		hi tmiller

thanks for your reply.

WinPE is running under the SMS Network Access Account, this is a domain account so this can be used to execute the script. Currently I connect with other credentials specified in the script.

Anyway my problem is solved, the reason of the 'problem' was quite stupid (as expected)

I didn't took the AD replication into account . If I (re)moved an account I could not see immediately that the object
was dissapearing... BUMP ;-)

To workaround this, I added a line in the script that urges the remove of the PC from a certain Domain Controller...

As last stage I need determine in which phase of OSD I execute the script the best. I need to take into account our
AD replication (15 to 20min max) so I assume I need to try to delete the account before the installation of the image,
because once the image is installed sysprep will start right after... (creation of new AD account).
Executing the script behind the image will result probably in a too short period regarding the AD replication time which
can result in AD conflicts I suppose...

Agree?

Nico


_____________________________

----------
Please rate if this has helped you! Tnx!

Check out my NEW blog: http://nicosienaert.blogspot.com/
----------

(in reply to tmiller)
Post #: 10
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> LDAP Queries into Windows PE 2.0 Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.359