/build/static/layout/Breadcrumb_cap_w.png

KACE SDA - Adding Clients to AD Groups during deployment Repost

Endorsed by Nick The Ninja

Repost of the blogpost that my dear friend Timo created a while back because the pictures in the old post are broke.

15/22/2023 - Changed the AutoIT script to support AD group names with spaces. New download package available here

Hi All, 


you are right here if you are looking for a solution to add your Windows Clients to AD groups during the initial deployment.
First i have to say the main script is written by OneScript Team.I only added a short AutoIt wrapper to start this tool as a user which has the rights in the AD to add the actual client to the selected security group(s). 
Why did i use an AutoIt Wrapper? Because the Username and Password will not be stored as plaintext in the task.xml during the post-installation task sequence. 
And that's the whole magic:



You only have to edit the script in the red marked square to your environment credentials. Then compile it via AutoIt SciTE and you will get an executable. 
After that you have to zip the VBS (AddGroup.vbs) and the executable to a normal compressed .zip file without password. Upload it afterwards to your SDA Postinstall-Tasks:wcHwbEpDN29VwAAAABJRU5ErkJggg==

Now you are done. You can add all security group names separated by a space as an argument to the executable. So you are able to create different sets of joining ad groups in one task. 
If you have any problems or question reach out to me in the comments or send me an email to sven.hain@quest.com. 

Please note that this is a self-made script without vendor support.
Kind Regards Timo & Sven

Posted 5 months ago 2317 views

Comments

  • Thanks so much for this! It's greatly appreciated!! However, I am unable to get this to work. When added to my deployment as a post-installation task it goes through without any error, but the PC name is not added to the requested security group. The security group does have a space in the name, so I've been adding quotation marks around it. For example, "QR Code" "My Laptops", etc. Is there anything I need to change in the AddGroup.vbs itself? I did already edit the AutoITwrapper with my environment credentials that has access rights in AD. - cnewberry 5 months ago
    • Hi, you are right there was an issue in the script that no quotes were provided for the group name so that is why it does not add it to AD when there is a space. Please replace the $prog line in the autoit script with the following:

      $prog="C:\Windows\System32\cscript.exe " & @WorkingDir & "\AddGroup.vbs " & '"' & $args & '"'

      You can add your group name without quotes then and it works, at least in my testlab. I will also update the blog with the modification. - sven.hain 5 months ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ