Does anybody have a script to search AD for a specific computer object based on the serial number of the computer, and then delete that computer object? I would like to set this as a preinstallation task.

EDIT:

Have script to get serial number

 strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colBIOS = objWMIService.ExecQuery _
    ("Select * from Win32_BIOS")
For each objBIOS in colBIOS
    objSerial = objBIOS.SerialNumber
Next
Wscript.Echo "Serial Number: " & objSerial

 

Answer Summary:
AutoIT script in jrscribner answer comment.
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1

How are you planning on matching the computer name to the serial number?  Do you have that listed in AD or are you looking this up somewhere else?  I have an AutoIt script that looks up the PC Serial Number using WMI then queries our K1000 for the computer name in our asset table then removes the computer from Active Directory.  We use it to remove the computer from AD because sometimes the computer needs to be added to a different OU after reimaging and our script to add the computer to the domain will fail if it's not in the correct OU.  It will also set the computername in the unattend.xml file before rebooting so the computer has the right name when coming out of sysprep.  If your intrested I could post what I have, it is still a work in progress and was recently rewritten but seems to be working good so far.

Answered 11/08/2012 by: jrscribner
Purple Belt

  • I have the unattend give the system a random name, and then as postinstallation I am using WSName to rename the system to its Service Tag (Serial Number)

    Having problems doing anything with AD though.
  • Below is an autoit script that should work to delete the computer account from AD you will need the Autoit Active Directory UDF that can be downloaded from: http://www.autoitscript.com/forum/topic/106163-active-directory-udf/

    You will also need to use the Dell KACE KBE Manipulator to add the ADSI Drivers to your KBE.

    Once you have compiled this script you can call it as a post installation task, the CollectPCInfo() Function will collect the AssetTag & Service Tag using WMI it will then pass the Service Tag to the DeleteComputerAD() Function which will find and delete the computer object with a name matching the ServiceTag. There is an issue with the _AD_DeleteObject() function where it will return an Error 0 but the account is still deleted so I am capturing that specific error and ignoring it. We have been using this delete function with our K2000 for almost a year without any issues. Hope this helps.

    On a side note are you having any issues using WSName? I ran into an issue where I had to reboot the computer for the name to take affect and then reboot to join the domain so I have a function that will search and replace the unattend.xml file and inject the correct name into the unattend.xml file so I only need to reboot to join the domain.

    ;############# Script Start ##################
    #include "AD.au3"

    Global $DomainUN = "Administrator"
    Global $DomainPWD = "MyPassword"
    Global $LDAPContext = "DC=MyDomain,DC=edu"
    Global $DomainController = "dc.MyDomain.edu
    $DCConfigParam = "CN=Configuration,DC=MyDomain,DC=edu"


    Global $PCInfo = CollectPCInfo()
    DeleteComputerAD($PCInfo[1])


    Func DeleteComputerAD($sObject) ; This Function Deletes a computer to Active Directory Currently this script will error our with error 0 if deleteing a computer to a Win 2K8 DC but computer is still deleted
    Local $iValue
    $sObject = $sObject & "$"

    _AD_Open($DomainUN, $DomainPWD, $LDAPContext, $DomainController, $DCConfigParam, 1)

    If @error Then Exit MsgBox(16, "Active Directory Functions - Delete Computer", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
    If Not _AD_ObjectExists($sObject) Then Return

    Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass($sObject))
    If $iValue = 1 Then
    Return
    ElseIf @error = 1 Then
    MsgBox(16, "Active Directory Functions - Delete Computer", "Computer: '" & $sObject & "' does not exist", 5)
    Else
    If @error <> 0 Then MsgBox(16, "Active Directory Functions - Delete Computer", "Return code " & @error & " from Active Directory")
    EndIf

    _AD_Close() ; Close Connection to the Active Directory

    EndFunc

    Func CollectPCInfo() ; This Function Retreives the BIOS Asset Tag and BIOS Serial Number using a WMI call currently this has been tested with Dell Computers
    Local $ObjWMIService
    Local $ColumnSMBIOS
    Local $ObjBIOS
    Local $Array[2]
    $ObjWMIService = ObjGet('winmgmts:{impersonationLevel=impersonate}!\\' & @ComputerName & '\root\cimv2'); Create handle to WMI object
    If (IsObj($ObjWMIService)) And (Not @error) Then; If successsful
    $ColumnSMBIOS = $ObjWMIService.ExecQuery('Select * from Win32_SystemEnclosure')

    For $ObjBIOS In $ColumnSMBIOS
    Local $BIOSAsset = $ObjBIOS.SMBIOSAssetTag
    Next

    For $ObjBIOS In $ColumnSMBIOS
    Local $BIOSSerialNumber = $ObjBIOS.SerialNumber
    Next
    Else; If unsuccessful in creating COM object
    MsgBox(262192,"Uh-oh","Cannot create a reference to a COM object for WMI. Unable to retrieve WMI information. Strings will not be read from the BIOS and auto-selection of Windows edition will not be properly influenced. Please notify a workstation configuration engineer that you received this message.")
    EndIf
    $Array[0] = $BIOSAsset
    $Array[1] = $BIOSSerialNumber
    Return $Array
    EndFunc
    ;############# Script End ##################
  • Yeah, I had issues with WSName. I like the idea of injecting the SerialNumber into the unattend. I wish the unattend would support that out of the box.

    I have ended up moving towards using dsmove and dsquery to manipulate the computer object if needed post-deployment, before the system is joined to the domain.

    http://serverfault.com/questions/447091/delete-computer-object-in-ad-with-powershell#comment485991_447091
    • Our naming script will use MySQL to lookup the computer name and administrator password in the K1000 and inject that into the unattend.xml file and will remove the computer account from AD if it exists then it reboots runs the post installation tasks which includes adding itself to the domain so our deployment it completely hands off.
Please log in to comment
Answer this question or Comment on this question for clarity