VBS script to query for computer object based on Serial Number (Service Tag), and then delete object if it exists
Does anybody have a script to search AD for a specific computer object based on the serial number of the computer, and then delete that computer object? I would like to set this as a preinstallation task.
EDIT:
Have script to get serial number
strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colBIOS = objWMIService.ExecQuery _ ("Select * from Win32_BIOS") For each objBIOS in colBIOS objSerial = objBIOS.SerialNumber Next Wscript.Echo "Serial Number: " & objSerial
Answers (1)
AutoIT script in jrscribner answer comment.
How are you planning on matching the computer name to the serial number? Do you have that listed in AD or are you looking this up somewhere else? I have an AutoIt script that looks up the PC Serial Number using WMI then queries our K1000 for the computer name in our asset table then removes the computer from Active Directory. We use it to remove the computer from AD because sometimes the computer needs to be added to a different OU after reimaging and our script to add the computer to the domain will fail if it's not in the correct OU. It will also set the computername in the unattend.xml file before rebooting so the computer has the right name when coming out of sysprep. If your intrested I could post what I have, it is still a work in progress and was recently rewritten but seems to be working good so far.
Comments:
-
I have the unattend give the system a random name, and then as postinstallation I am using WSName to rename the system to its Service Tag (Serial Number)
Having problems doing anything with AD though. - muebel 11 years ago -
Below is an autoit script that should work to delete the computer account from AD you will need the Autoit Active Directory UDF that can be downloaded from: http://www.autoitscript.com/forum/topic/106163-active-directory-udf/
You will also need to use the Dell KACE KBE Manipulator to add the ADSI Drivers to your KBE.
Once you have compiled this script you can call it as a post installation task, the CollectPCInfo() Function will collect the AssetTag & Service Tag using WMI it will then pass the Service Tag to the DeleteComputerAD() Function which will find and delete the computer object with a name matching the ServiceTag. There is an issue with the _AD_DeleteObject() function where it will return an Error 0 but the account is still deleted so I am capturing that specific error and ignoring it. We have been using this delete function with our K2000 for almost a year without any issues. Hope this helps.
On a side note are you having any issues using WSName? I ran into an issue where I had to reboot the computer for the name to take affect and then reboot to join the domain so I have a function that will search and replace the unattend.xml file and inject the correct name into the unattend.xml file so I only need to reboot to join the domain.
;############# Script Start ##################
#include "AD.au3"
Global $DomainUN = "Administrator"
Global $DomainPWD = "MyPassword"
Global $LDAPContext = "DC=MyDomain,DC=edu"
Global $DomainController = "dc.MyDomain.edu
$DCConfigParam = "CN=Configuration,DC=MyDomain,DC=edu"
Global $PCInfo = CollectPCInfo()
DeleteComputerAD($PCInfo[1])
Func DeleteComputerAD($sObject) ; This Function Deletes a computer to Active Directory Currently this script will error our with error 0 if deleteing a computer to a Win 2K8 DC but computer is still deleted
Local $iValue
$sObject = $sObject & "$"
_AD_Open($DomainUN, $DomainPWD, $LDAPContext, $DomainController, $DCConfigParam, 1)
If @error Then Exit MsgBox(16, "Active Directory Functions - Delete Computer", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
If Not _AD_ObjectExists($sObject) Then Return
Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass($sObject))
If $iValue = 1 Then
Return
ElseIf @error = 1 Then
MsgBox(16, "Active Directory Functions - Delete Computer", "Computer: '" & $sObject & "' does not exist", 5)
Else
If @error <> 0 Then MsgBox(16, "Active Directory Functions - Delete Computer", "Return code " & @error & " from Active Directory")
EndIf
_AD_Close() ; Close Connection to the Active Directory
EndFunc
Func CollectPCInfo() ; This Function Retreives the BIOS Asset Tag and BIOS Serial Number using a WMI call currently this has been tested with Dell Computers
Local $ObjWMIService
Local $ColumnSMBIOS
Local $ObjBIOS
Local $Array[2]
$ObjWMIService = ObjGet('winmgmts:{impersonationLevel=impersonate}!\\' & @ComputerName & '\root\cimv2'); Create handle to WMI object
If (IsObj($ObjWMIService)) And (Not @error) Then; If successsful
$ColumnSMBIOS = $ObjWMIService.ExecQuery('Select * from Win32_SystemEnclosure')
For $ObjBIOS In $ColumnSMBIOS
Local $BIOSAsset = $ObjBIOS.SMBIOSAssetTag
Next
For $ObjBIOS In $ColumnSMBIOS
Local $BIOSSerialNumber = $ObjBIOS.SerialNumber
Next
Else; If unsuccessful in creating COM object
MsgBox(262192,"Uh-oh","Cannot create a reference to a COM object for WMI. Unable to retrieve WMI information. Strings will not be read from the BIOS and auto-selection of Windows edition will not be properly influenced. Please notify a workstation configuration engineer that you received this message.")
EndIf
$Array[0] = $BIOSAsset
$Array[1] = $BIOSSerialNumber
Return $Array
EndFunc
;############# Script End ################## - jrscribner 11 years ago -
Yeah, I had issues with WSName. I like the idea of injecting the SerialNumber into the unattend. I wish the unattend would support that out of the box.
I have ended up moving towards using dsmove and dsquery to manipulate the computer object if needed post-deployment, before the system is joined to the domain.
http://serverfault.com/questions/447091/delete-computer-object-in-ad-with-powershell#comment485991_447091 - muebel 11 years ago-
Our naming script will use MySQL to lookup the computer name and administrator password in the K1000 and inject that into the unattend.xml file and will remove the computer account from AD if it exists then it reboots runs the post installation tasks which includes adding itself to the domain so our deployment it completely hands off. - jrscribner 11 years ago