SCCMTSPSI
SCCMTSPSI

Add / remove current computer system to/from an Active Directory security group

Roddy Gelberty 30 April 2020
1 Comment

This command line application helps in adding or removing the current computer system to a Active Directory group.

Syntax:

The following command will add the computer to the AD group “My-AD-Group”

Machine2ADGroupx64.exe Add My-AD-Group

Or

Machine2ADGroupx86.exe Add My-AD-Group

The following command will remove the computer from the AD group “My-AD-Group”

Machine2ADGroupx64.exe Remove My-AD-Group

Or

Machine2ADGroupx86.exe Remove My-AD-Group

Usage:

This application can be used with login scripts to add/remove the system from Active Directory groups.

It can be used in SCCM Tasksequences and Applications to add/remove the system from Active Directory groups based on conditions.

It can be run on a command line in an interactive prompt.

If running as SYSTEM – The group should have permission set for ‘SELF’ to add remove itself to the group.

If running as User – The user should have permissions to add remove computer objects to the group.

Set permissions for “Domain Computers” for the AD group to “Read” and “Add remove self as member”.

Download Here

Categories: Active Directory
Roddy Gelberty

Related Articles

SCCM task sequence get computer name

SCCM task sequence UI – Set computer name and more during an SCCM task sequence deployment

It is always a unique challenge of having to build an OSD experience that includes providing a great user experience during the deployment of a new operating system.

The attached application would allow you to present a front-end to an active end-user who is executing the SCCM task sequence……

Keywords: SCCM tasksequence UI, SCCM Task Sequence User interface, SCCM task sequence Set computer name.

Topaz George 11 April 2020
0 Comments

Responses

DCOM hardening issue.

This application fails to authenticate with WMI on the SCCM server because Microsoft has not yet hardened DCOM on their Windows Preinstallation Environment. We are working on a different approach, but it will only be released during the first quarter of 2024. But until that time, the only workaround will be to uninstall the update corresponding to KB5004442.