Active Directory – Change Profile Path & Group member

This litte script changes the profile path of a specified OU of AD Users that are in a specific group.


Import-Module ActiveDirectory

$ou = "ou=YOUROU,dc=ad,dc=uclv,dc=net"

$properties = "MemberOf"
$i = 0
Get-ADUser -Filter * -SearchBase $ou -Properties $properties | Where-Object { $_.MemberOf -like "*GROUPNAME*"} |

ForEach-Object {

Write-Host "User:  "$_.SamAccountName -ForegroundColor Yellow
Write-Host "Count: "$i -ForegroundColor Yellow

$ProfilePath = "\\profiles.bewi.at\{0}$\roaming" -f $_.SamAccountName
Write-Host "Path:  "$ProfilePath -ForegroundColor Yellow
Write-Host "-----"
$i++
# Set profile path
$result_setprofile = Set-ADUser $_.samaccountname -ProfilePath $ProfilePath
if ($?)
{
Write-Host "Profile set for user:"$_.samaccountname -ForegroundColor Green
}
# Set correct groups
Remove-ADGroupMember cluster-migration-roaming $_.samaccountname -Confirm:$false
Add-ADGroupMember cluster-migration-new $_.samaccountname
if ($?)
{
Write-Host "Groups set for user: "$_.samaccountname -ForegroundColor Green
}
}

Deploy Applications in a Task Sequence

We have many Applications in our Organisation. Lets say we have “Room1”, “Room2” and “Room3”. All these rooms are a own Collection. So we create a deployment for every application to the collection. But the rooms have different Application Inventory. Furthermore we have a “InstallOS” Collection which will install the OS. For example we have following collections:

  • Room1
  • Room2
  • Room3
  • InstallOS (Computers in this collection will be installed with PXE)

You can install Applications in the Task Sequence with the following option.

ts_deploy_1

You have two choices. The first option is “Install the following applications” and “Install applications according to dynamic variable list”.
The first option is only for a maximum of 10 Applications. In my case we have about 90 Applications and so this was no option. Moreover this method is very “Static”. If a Deployment changes you must also change the Task Sequence. This is not very useful.

The second option is more reliable. This option will take some Collection Variables to install Applications. For this to work you need a special naming convention for the Collection Variable. You need a common suffix and then a numbering starting at 01. For example: Room101, Room102, Room103

ts_deploy_2

Now we must create the Collection Variables. I have created for every room an suffix with the numbering and the application name. For example here you see:

ts_deploy_3

These Varialbes must be created on the “InstallOS” Collection. This is the collection where you put in the computers to install over PXE and where the Task Sequence is deployed.

As you can see now, you have hard time to enter this Collection Variables if you have many Applications. In my case i have to do more then 1000 entries. If you don’t automate this you will be never finished. So i have created a little Powershell Script that do this work for me. This script will look for all Deployments for a room (Room1, Room2 and Room3) and will delete all existing Collection Variables on the InstallOS Collection and then create a Collection Variable for each Application with the correct numbering. First start a Powershell and load the Configuration Manager module and set the location.

Import-Module -Name "$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1"
Set-Location YourSiteName:

After this you can start the script. The script looks like this:

########################################################################
############### Update-CollectionVariable ##############################
########################################################################

Write-Host "SCCM - Update-CollectionVariable" -ForegroundColor Green
Write-Host "Version 1.0" -ForegroundColor Green

# Global Variables (These must be changed)
$collection_install="InstallOS"
$room_list = @("Room1", "Room2", "Room3")

### Remove Previous Variables
function Remove-OldCollectionVariable
{
$remove_variablename = Get-CMDevicecollectionVariable -collectionName $collection_install

ForEach ($remove_item in $remove_variablename.Name)
    {
        Remove-CMDevicecollectionVariable -collectionName $collection_install -VariableName $remove_item -Force | Out-Null
    }
}

### Add Variables
function Add-CollectionVarialbe
{
    param ($room)

    # Declare Variables
    $i = 1

    ForEach ($item in Get-CMDeployment -collectionName $room)
    {
        $softwarename = $item.SoftwareName
        Write-Host $room' - '$softwarename -ForegroundColor Cyan

        $variablename_lt = $room+"0"+$i
        $variablename_gt = $room+$i

        if ($i -lt 10) {
            New-CMDevicecollectionVariable -collectionName $collection_install -VariableName $variablename_lt -Value $softwarename | Out-Null
        }
        else 
        {
            New-CMDevicecollectionVariable -collectionName $collection_install -VariableName $variablename_gt -Value $softwarename | Out-Null
        }
        $i++
    } 
}

### Main Function

# Remove Old Variables
Remove-OldCollectionVariable

# Add new
foreach ($room_element in $room_list) {

    Write-Host ""
    Write-Host "Add-CollectionVariable: " $room_element
    Write-Host ""

    Add-CollectionVarialbe -room $room_element
}

This script will run about 30 minutes in my environment but it depends on your size. This script should run every time you edited the Deployments. I have created a Cronjob for this. It starts this Powershell script every day.
If you have your Collection Variables you can edit your Task Sequence. It should look something like this:

ts_deploy_4

ts_deploy_5

As you can see i created a WMI Query to look for the Room. In my case the Room is in the Computername.

SELECT * FROM Win32_ComputerSystem WHERE Name LIKE 'Room1-%'

Attention

Installing Applications from Task Sequence will only work if you enable following option:

ts_deploy_6

By default this option is not enabled. You can enable this on all your applications with following short Powershell Script:

#########################################################################
############### Enable-TaskSequence-Deployment ##########################
#########################################################################

Write-Host "SCCM - Enable-TaskSequence-Deployment" -ForegroundColor Green
Write-Host "Version 1.0" -ForegroundColor Green

$name = Get-CMApplication -Name *

ForEach ($item in $name)
{
Write-Host $item.LocalizedDisplayName -ForegroundColor Red
$item_new = $item.LocalizedDisplayName
Set-CMApplication -AutoInstall $True -Name $item_new -Verbose
}

Allow this application to be installed from the Install Application task sequence action without being deployed

To deploy applications from a Task Sequence you must enable on all applications following option:

Allow this application to be installed from the Install Application task sequence action without being deployed

You can do this with a Powershell script:

## Enable Install Application Task Sequence Flag
$name = Get-CMApplication -Name *

ForEach ($item in $name)
{

Write-Host $item.LocalizedDisplayName -ForegroundColor Red

$item_new = $item.LocalizedDisplayName

Set-CMApplication -AutoInstall $True -Name $item_new -Verbose

}

Hyper-V Enable Delegation CredSPP

Client

On the client machine run following commands:

winrm quickconfig
Enable-WSManCredSSP -Role client -DelegateComputer *

After that start gpedit.msc and enable following GPO:

Computer Policy\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow CredSSP authentication

Server

On the Server you must run following command:

Enable-WSManCredSSP -Role server

More infos you can find here:

http://www.getautomationmachine.com/de/support/documentation/item/setup-winrm-credssp

SCCM 2012 – Deploy Visual Studio (Application Model)

If you want to deploy Micrsoft Visual Studio with System Center 2012 it will not working because the installer runs with the System Account. See this errors here:

http://social.technet.microsoft.com/Forums/en-US/2ad1e6b6-608d-44bb-bc58-2508becf4620/sccm-2012-osd-application-installation-using-local-administrator-account-instead-of-system-account?forum=configmanagerosd

http://social.msdn.microsoft.com/Forums/vstudio/en-US/60f57470-ac4e-4d40-8900-6599b4dca66f/visual-studio-2013-unattended-installation-fails-when-deployed-via-sccm-2012?forum=vssetup

I’ve got to install Visual Studio with some little tricks. You need following Applications (Script Installer):

  • Microsoft Visual Studio Prerequisite
  • Microsoft Visual Studio
  • The first script will create a local Account with Admin Rights and disable UAC. If you don’t disable UAC you need a user interaction. In most cases you don’t want this.

    The following script is a template that i use for my Applicaton Install with a Script Installer. It creates a Registry Entry (VisualStudio_Prerequisite_1.0.0) in HKLM:\Software\YourCompany for the Detection Method that will looks like this:

    vs1

    The script is called with following command (Install):

    powershell.exe -File "visualstudio_requirement.ps1" -InstallOption 1
    

    Uninstall:

    powershell.exe -File "visualstudio_requirement.ps1" -InstallOption 0
    

    vs2

    param([string]$InstallOption)
    
    ##################################################
    # Write Registry Entry for CM					 #
    # DON'T FORGET TO CHANGE PROGRAM NAME!!! 		 #
    # Values are 0 (Not installed) and 1 (Installed) #
    ##################################################
    
    $program = "VisualStudio_Prerequisite_1.0.0" # <-- Change this
    $installed = "1"
    $fhvPath = "HKLM:\Software\YourCompany"
    
    # Function for Installation
    Function Install()
    {
    # Write Key
    $properties = Get-ItemProperty -Path $fhvPath -ErrorAction SilentlyContinue
    if($properties -eq $null )
    {
    New-Item -Path HKLM:\Software\ -Name YourCompany
    }
    
    # Write Value
    $properties_program = Get-ItemProperty $fhvPath -Name $program -ErrorAction SilentlyContinue
    if($properties_program -eq $null )
    {
    New-ItemProperty -Path $fhvPath -Name $program -PropertyType String -Value $installed
    }
    
    ########################################
    # Installation Command
    
    # Create Local User
    net user localvisual localvisual /add /passwordchg:no | Out-Null
    net localgroup Administrators localvisual /add | Out-Null
    
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 1
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 0
    
    ########################################
    }
    
    # Function for Uninstallation
    Function Uninstall()
    {
    Remove-ItemProperty -Path $fhvPath -Name $program
    
    ###################################################################
    # Uninstall Command
    
    # Disabe User
    net user localvisual /delete | Out-Null
    
    # Enable UAC
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 1
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 5
    ###################################################################
    }
    
    # See what Argument was passed
    if ($InstallOption -eq "1")
    {
     Install
    }
    elseif ($InstallOption -eq "0")
    {
     Uninstall
    }
    else
    {
    Write-Host "Unknown Argument! Argument for InstallOption can be 0 (Install) and 1 (Uninstall)"
    }
    

    The Application Microsoft Visual Studio Prerequisite is only a dependency for the afterwards created Microsoft Visual Studio Application. You don’t must cretae any Deployments. After the installation of the Prerequise you must Reboot your computer. So you need to change this:

    vs3

    Now we can create the main Application (Microsoft Visual Studio). Create an Application (Script Installer) with the same templates as above. For example here is my script. As you can see the Detection Method is here also a Registry entry with VisualStudio_2013.3.0 as Key.

    param([string]$InstallOption)
    
    ##################################################
    # Write Registry Entry for CM					 #
    # DON'T FORGET TO CHANGE PROGRAM NAME!!! 		 #
    # Values are 0 (Not installed) and 1 (Installed) #
    ##################################################
    
    $program = "VisualStudio_2013.3.0" # <-- Change this
    $installed = "1"
    $fhvPath = "HKLM:\Software\YourCompany"
    
    # Function for Installation
    Function Install()
    {
    # Write Key
    $properties = Get-ItemProperty -Path $fhvPath -ErrorAction SilentlyContinue
    if($properties -eq $null )
    {
    New-Item -Path HKLM:\Software\ -Name YourCompany
    }
    
    # Write Value
    $properties_program = Get-ItemProperty $fhvPath -Name $program -ErrorAction SilentlyContinue
    if($properties_program -eq $null )
    {
    New-ItemProperty -Path $fhvPath -Name $program -PropertyType String -Value $installed
    }
    
    ########################################
    # Installation Command
    
    # Install VS2013
    $computer = $env:computername
    .\PsExec.exe -accepteula -u $computer\localvisual -p localvisual -h $PSScriptRoot\vs_ultimate.exe /noweb /full /quiet /norestart /ProductKey xxxxxxxxxxxxxxxxxx| Out-Null
    
    # Disabe User
    net user localvisual /delete | Out-Null
    
    # Enable UAC
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 1
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 5
    ########################################
    }
    
    # Function for Uninstallation
    Function Uninstall()
    {
    Remove-ItemProperty -Path $fhvPath -Name $program
    
    ###################################################################
    # Uninstall Command
    
    # Uninstall Visual Studio
    .\vs_ultimate.exe /Uninstall /Silent /Quiet | Out-Null
    ###################################################################
    }
    
    # See what Argument was passed
    if ($InstallOption -eq "1")
    {
     Install
    }
    elseif ($InstallOption -eq "0")
    {
     Uninstall
    }
    else
    {
    Write-Host "Unknown Argument! Argument for InstallOption can be 0 (Install) and 1 (Uninstall)"
    }
    

    Please note: The installation files of Visual Studio 2013, PSExec and the script are in the same root folder. You must download PSExec from this site:

    The important line is this:

    .\PsExec.exe -accepteula -u $computer\localvisual -p localvisual -h $PSScriptRoot\vs_ultimate.exe /noweb /full /quiet /norestart /ProductKey xxxxxxxxxxxxxxxxxx| Out-Null
    

    We start now the installer with the previously created user localvisual. To run the Installer successfully we must provide the absolute path, so we need the variable $PSScriptRoot. After the installation we delete the previously created user localvisual and enable UAC.

    The Application Microsoft Visual Studio Prerequisite is a prerequisite of the Microsoft Visual Studio Application, as you can see in the screenshots.

    vs6

    vs5

    vs4

    Hopefully this helps somebody.

    SCCM 2012 – Past due Applications / Change Deployment

    Some Applications on our environment didn’t install. It only shows “Past due”. One workaround i found was on this site:

    http://blogs.msdn.com/b/rslaten/archive/2013/11/26/past-due-applications-not-installing-in-sccm-2012.aspx

    Thanks to Russ Slaten for this. I changed his script a little bit that you have a second paramter for the Collection Name.

    Param(            
        [parameter(Mandatory=$true)]            
        $SiteCode,
    	[string]$CollectionName
        )
    
    Write-Host "SCCM 2012 SP1 Deadline Time Increment Script"
    Write-Host "Version 1.0"
    Write-Host "Parameters"
    Write-Host "  SiteCode: "$SiteCode -ForegroundColor Green
    Write-Host "  CollectionName: "$CollectionName -ForegroundColor Green
    
    function GetCMSiteConnection
    {
      param ($siteCode)
    
      $CMModulePath = Join-Path -Path (Split-Path -Path "${Env:SMS_ADMIN_UI_PATH}" -ErrorAction Stop) -ChildPath "ConfigurationManager.psd1"
      Import-Module $CMModulePath -ErrorAction Stop
      $CMProvider = Get-PSDrive -PSProvider CMSite -Name $siteCode -ErrorAction Stop
      CD "$($CMProvider.SiteCode):\"
      return $CMProvider
    }
    
    #Main
    
    #Connect to SCCM, must have SCCM Admin Console installed for this to work
    #If this fails then connect with the console to the site you want to use, then open PowerShell from that console
    $CM = GetCMSiteConnection -siteCode $SiteCode
    Write-Host "Connected to:" $CM.SiteServer
    Write-Host 
    Write-Host "---Updating Deployments---"
    
    foreach ($Deployment in (Get-CMDeployment -CollectionName $CollectionName))
    {
        Set-CMApplicationDeployment -Application (Get-CMApplication -Id $Deployment.CI_ID) -CollectionName $Deployment.CollectionName -DeadlineDate ($Deployment.EnforcementDeadline).AddMinutes(1) -DeadlineTime ($Deployment.EnforcementDeadline).AddMinutes(1) -Verbose
        Write-Host "  "$Deployment.SoftwareName" - "$Deployment.CollectionName -ForegroundColor Green
    }
    

    Now you can give the Site Code and your Collection Name. All Deployments on this Collection will then be changed. The script increased the Deadline +1 minute.