May 2018 – SCCMOG – Deployment Blog

18th May 2018

Create Device Collections From Active Directory OUs with PowerShell

I was setting up a Config Manager environment for a client who is situated in roughly 40 locations. Each location had an Organizational Unit (OU) in Active Directory (AD) and within that OU was… even more OUs! This was understandable as in each location there were many different rooms for many different purposes and so these were organised via separate OUs.

Baring in mind 40 locations had many OUs and I needed to create a device collection which houses all corresponding devices for each of these, I had to turn to my good friend PowerShell as there is no chance I was creating 400+ device collections manually! As a result I create this script.

################################################################################
#
#   Author: Jack O'Connor
#   Description: Create ConfigMgr Device Collections from Active Directory Organisational Units and Computers
#   Website: https://github.com/JackOconnor21
#
#   Params: OUSearchBase, LimitingCollection, MembershipRule, CollectionFolder
#   Example: .\Create-CollectionsFromOUs.ps1 -OUSearchBase "OU=Workstations,OU=Internal IT,OU=JACKO,DC=JACKO,DC=LOCAL" -LimitingCollection "All Systems" -ExcludedOUS "Admin Accounts, Users" -MembershipRule "Query" -CollectionFolder "Test" -Tag "EUR"
#   Logging Keys:
#      - Green: Success, Red: Failure, Cyan: General (Info)
#
#   Docs:
#    OUSearchBase:
#      The children of the OU passed as the OUSearchBase will have device collections created with their names.
#    LimitingCollection:
#      The LimitingCollection is self-explanitory, it is simply the limiting collection of the device collections that are being created.
#    ExcludedOUs:
#      Here we can define any OUs that we wish to explicitly exclude and not create a device collection for. (typically this is OUs which contain accounts)
#    MembershipRule:
#      The MemberShipRule can be either Query or Direct. If 'Query' then all devices from the OUs will be pulled into the device collection, now and in the future (due to the query on the collection).
#      If the MembershipRule is Direct then all members in the OUs will be pulled in one time only, but not any future devices.
#    CollectionFolder:
#      The value you pass here as a param will be the folder your new device collections will be added to. E.G. "Operational"
#    Tag:
#      Optionally tag the device collection with a name. This will appear as such 'OU Based | $Tag | CollectionName' (for example a site code could be used if you have many sites)
#   
################################################################################
Param(
    [Parameter(Mandatory=$true)][String]$OUSearchBase,
    [Parameter(Mandatory=$true)][String]$LimitingCollection,
    [String]$ExcludedOUs,
    [Parameter(Mandatory=$true)][String]$MembershipRule,
    [Parameter(Mandatory=$true)][String]$CollectionFolder,
    [String]$Tag
)

# Check for elevation
Write-Host "Checking for elevation"
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
    [Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "Please run from elevated PowerShell prompt!"
    Write-Warning "Aborting script..."
    Break
}

$Path = Get-Location

 # Import the ConfigurationManager.psd1 module 
if((Get-Module ConfigurationManager) -eq $null) {
    Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1"
}

$SiteCode = (Get-PSDrive -PSProvider CMSITE).Name

Import-Module ActiveDirectory
Write-Host "Imported the 'ActiveDirectory' module" -ForegroundColor Cyan

Set-Location "$SiteCode`:"

# Create a schedule to run every 4 hours.
$Schedule = New-CMSchedule –RecurInterval Hours –RecurCount 4

# Get all OUs that are one level below the given OU as the search base
$OUs = Get-ADOrganizationalUnit -LDAPFilter "(name=*)" -SearchScope OneLevel -SearchBase $OUSearchBase

# Convert the string of comma-separated excluded OUs to an array
If($ExcludedOUs) {
    $ExcOUArr = $ExcludedOUs.Split(",").Trim()
}

If ($Tag) { 
    $Tag = " $Tag |" 
} Else { 
    $Tag = "" 
}

# Loop each of the OUs that we have found above
Foreach ($OU in $OUs) {

    # Skip doing anything with OUs and Computers that have been excluded
    if ($ExcOUArr -Contains $OU.Name) { 
        Write-Host "Excluding '$($OU.Name)' from being processed." -ForegroundColor Gray
        continue 
    }

    Write-Host "Looping over the '$($OU.Name)' OU" -ForegroundColor Cyan

    # Create a new device collection within SCCM with the given parameters
    try {
        $currCollection = New-CMDeviceCollection -Name "OU Based |$Tag $($OU.Name)" -LimitingCollectionName $LimitingCollection -RefreshSchedule $Schedule -RefreshType Periodic
        Write-Host "New ConfigMgr Device Collection created with the name '$($OU.Name)'" -ForegroundColor Green

        # Allows for the passing of a collection folder which is the folder your created device collections will be moved into.
        $CollectionPath = $SiteCode + ":\DeviceCollection\$CollectionFolder"

        # Move the device collection into the chosen collection folder.
        Move-CMObject -FolderPath $CollectionPath -InputObject (Get-CMDeviceCollection -Name $currCollection.Name)

        # Set is error to false to indicate no error has occurred.
        $isError = 0
    } catch {
        Write-Host "Error creating Device Collection '$($OU.Name)' - This Device Collection may already exist. Any new found devices will still be added." -ForegroundColor Red
        $isError = 1
    }

    # If the membership rule is query and there has not been an error.
    If ($MembershipRule -eq "Query" -AND !$isError) {

        # Convert the OU Distinguished name to the canonical name of the OU.
        $CanonicalOUName = Get-CanonicalName($OU.DistinguishedName)

        # The device collection query will differ based on which members are to be added.
        $Query = 'SELECT *  FROM  SMS_R_System WHERE SMS_R_System.SystemOUName = "' + $($CanonicalOUName) + '"'

        # Add the query membership rule to the Device Collection
        Add-CMDeviceCollectionQueryMembershipRule -CollectionId $currCollection.CollectionId -QueryExpression $Query -RuleName $OU.Name

    } ElseIf ($MembershipRule -eq "Direct") {

        # Get all computers that exist beneath the current OU at any level
        $ADComps = Get-ADComputer -LDAPFilter "(name=*)" -SearchBase "OU=$($OU.Name),$OUSearchBase" -SearchScope Subtree

        # Loop each of the computers beneath the current OU within AD
        Foreach ($Comp in $ADComps) {
            Write-Host "Looping over all AD computer '$($Comp.Name)' within the $($OU.Name) OU" -ForegroundColor Cyan

            # Get the resource ID of the current computer
            $ResourceID = $(Get-CMDevice -Name $Comp.Name).ResourceID 

            # Add the current computer device into the current device collection based on the resource ID of the machine
            try {
                Add-CMDeviceCollectionDirectMembershipRule -CollectionName "OU Based |$Tag $($OU.Name)" -ResourceId $ResourceID
                Write-Host "AD computer '$($Comp.Name)' added to the '$($OU.Name)' ConfigMgr Device Collection" -ForegroundColor Green
            } catch {
                 Write-Host "Error adding device '$($Comp.Name)' to collection '$($OU.Name)' - This device may already exist within the collection." -ForegroundColor Red
            }
        }
    }
}

Set-Location $Path

# Function by thepip3r @ https://gallery.technet.microsoft.com/scriptcenter/Get-CanonicalName-Convert-a2aa82e5
function Get-CanonicalName ([string[]]$DistinguishedName) {    
    foreach ($dn in $DistinguishedName) {      
        $d = $dn.Split(',') ## Split the dn string up into it's constituent parts 
        $arr = (@(($d | Where-Object { $_ -notmatch 'DC=' }) | ForEach-Object { $_.Substring(3) }))  ## get parts excluding the parts relevant to the FQDN and trim off the dn syntax 
        [array]::Reverse($arr)  ## Flip the order of the array. 
 
        ## Create and return the string representation in canonical name format of the supplied DN 
        "{0}/{1}" -f  (($d | Where-Object { $_ -match 'dc=' } | ForEach-Object { $_.Replace('DC=','') }) -join '.'), ($arr -join '/') 
    } 
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

################################################################################

# Author: Jack O'Connor

# Description: Create ConfigMgr Device Collections from Active Directory Organisational Units and Computers

# Website: https://github.com/JackOconnor21

# Params: OUSearchBase, LimitingCollection, MembershipRule, CollectionFolder

# Example: .\Create-CollectionsFromOUs.ps1 -OUSearchBase "OU=Workstations,OU=Internal IT,OU=JACKO,DC=JACKO,DC=LOCAL" -LimitingCollection "All Systems" -ExcludedOUS "Admin Accounts, Users" -MembershipRule "Query" -CollectionFolder "Test" -Tag "EUR"

# Logging Keys:

# - Green: Success, Red: Failure, Cyan: General (Info)

# Docs:

# OUSearchBase:

# The children of the OU passed as the OUSearchBase will have device collections created with their names.

# LimitingCollection:

# The LimitingCollection is self-explanitory, it is simply the limiting collection of the device collections that are being created.

# ExcludedOUs:

# Here we can define any OUs that we wish to explicitly exclude and not create a device collection for. (typically this is OUs which contain accounts)

# MembershipRule:

# The MemberShipRule can be either Query or Direct. If 'Query' then all devices from the OUs will be pulled into the device collection, now and in the future (due to the query on the collection).

# If the MembershipRule is Direct then all members in the OUs will be pulled in one time only, but not any future devices.

# CollectionFolder:

# The value you pass here as a param will be the folder your new device collections will be added to. E.G. "Operational"

# Tag:

# Optionally tag the device collection with a name. This will appear as such 'OU Based | $Tag | CollectionName' (for example a site code could be used if you have many sites)

################################################################################

Param(

[Parameter(Mandatory=$true)][String]$OUSearchBase,

[Parameter(Mandatory=$true)][String]$LimitingCollection,

[String]$ExcludedOUs,

[Parameter(Mandatory=$true)][String]$MembershipRule,

[Parameter(Mandatory=$true)][String]$CollectionFolder,

[String]$Tag

)

# Check for elevation

Write-Host "Checking for elevation"

If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`

[Security.Principal.WindowsBuiltInRole] "Administrator"))

{

Write-Warning "Please run from elevated PowerShell prompt!"

Write-Warning "Aborting script..."

Break

}

$Path = Get-Location

# Import the ConfigurationManager.psd1 module

if((Get-Module ConfigurationManager) -eq $null) {

Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1"

}

$SiteCode = (Get-PSDrive -PSProvider CMSITE).Name

Import-Module ActiveDirectory

Write-Host "Imported the 'ActiveDirectory' module" -ForegroundColor Cyan

Set-Location "$SiteCode`:"

# Create a schedule to run every 4 hours.

$Schedule = New-CMSchedule –RecurInterval Hours –RecurCount 4

# Get all OUs that are one level below the given OU as the search base

$OUs = Get-ADOrganizationalUnit -LDAPFilter "(name=*)" -SearchScope OneLevel -SearchBase $OUSearchBase

# Convert the string of comma-separated excluded OUs to an array

If($ExcludedOUs) {

$ExcOUArr = $ExcludedOUs.Split(",").Trim()

}

If ($Tag) {

$Tag = " $Tag |"

} Else {

$Tag = ""

}

# Loop each of the OUs that we have found above

Foreach ($OU in $OUs) {

# Skip doing anything with OUs and Computers that have been excluded

if ($ExcOUArr -Contains $OU.Name) {

Write-Host "Excluding '$($OU.Name)' from being processed." -ForegroundColor Gray

continue

}

Write-Host "Looping over the '$($OU.Name)' OU" -ForegroundColor Cyan

# Create a new device collection within SCCM with the given parameters

try {

$currCollection = New-CMDeviceCollection -Name "OU Based |$Tag $($OU.Name)" -LimitingCollectionName $LimitingCollection -RefreshSchedule $Schedule -RefreshType Periodic

Write-Host "New ConfigMgr Device Collection created with the name '$($OU.Name)'" -ForegroundColor Green

# Allows for the passing of a collection folder which is the folder your created device collections will be moved into.

$CollectionPath = $SiteCode + ":\DeviceCollection\$CollectionFolder"

# Move the device collection into the chosen collection folder.

Move-CMObject -FolderPath $CollectionPath -InputObject (Get-CMDeviceCollection -Name $currCollection.Name)

# Set is error to false to indicate no error has occurred.

$isError = 0

} catch {

Write-Host "Error creating Device Collection '$($OU.Name)' - This Device Collection may already exist. Any new found devices will still be added." -ForegroundColor Red

$isError = 1

}

# If the membership rule is query and there has not been an error.

If ($MembershipRule -eq "Query" -AND !$isError) {

# Convert the OU Distinguished name to the canonical name of the OU.

$CanonicalOUName = Get-CanonicalName($OU.DistinguishedName)

# The device collection query will differ based on which members are to be added.

$Query = 'SELECT * FROM SMS_R_System WHERE SMS_R_System.SystemOUName = "' + $($CanonicalOUName) + '"'

# Add the query membership rule to the Device Collection

Add-CMDeviceCollectionQueryMembershipRule -CollectionId $currCollection.CollectionId -QueryExpression $Query -RuleName $OU.Name

} ElseIf ($MembershipRule -eq "Direct") {

# Get all computers that exist beneath the current OU at any level

$ADComps = Get-ADComputer -LDAPFilter "(name=*)" -SearchBase "OU=$($OU.Name),$OUSearchBase" -SearchScope Subtree

# Loop each of the computers beneath the current OU within AD

Foreach ($Comp in $ADComps) {

Write-Host "Looping over all AD computer '$($Comp.Name)' within the $($OU.Name) OU" -ForegroundColor Cyan

# Get the resource ID of the current computer

$ResourceID = $(Get-CMDevice -Name $Comp.Name).ResourceID

# Add the current computer device into the current device collection based on the resource ID of the machine

try {

Add-CMDeviceCollectionDirectMembershipRule -CollectionName "OU Based |$Tag $($OU.Name)" -ResourceId $ResourceID

Write-Host "AD computer '$($Comp.Name)' added to the '$($OU.Name)' ConfigMgr Device Collection" -ForegroundColor Green

} catch {

Write-Host "Error adding device '$($Comp.Name)' to collection '$($OU.Name)' - This device may already exist within the collection." -ForegroundColor Red

}

Set-Location $Path

# Function by thepip3r @ https://gallery.technet.microsoft.com/scriptcenter/Get-CanonicalName-Convert-a2aa82e5

function Get-CanonicalName ([string[]]$DistinguishedName) {

foreach ($dn in $DistinguishedName) {

$d = $dn.Split(',') ## Split the dn string up into it's constituent parts

$arr = (@(($d | Where-Object { $_ -notmatch 'DC=' }) | ForEach-Object { $_.Substring(3) })) ## get parts excluding the parts relevant to the FQDN and trim off the dn syntax

[array]::Reverse($arr) ## Flip the order of the array.

## Create and return the string representation in canonical name format of the supplied DN

"{0}/{1}" -f (($d | Where-Object { $_ -match 'dc=' } | ForEach-Object { $_.Replace('DC=','') }) -join '.'), ($arr -join '/')

}

Although fairly well documented within the script (If i do say so myself), I will run you through it in a bit more detail. Below you can see an example usage of this script.

#
.\Create-CollectionsFromOUs.ps1 -OUSearchBase "OU=Workstations,OU=Internal IT,OU=JACKO,DC=JACKO,DC=LOCAL" -LimitingCollection "All Systems" -ExcludedOUS "Admin Accounts, Users" -MembershipRule "Query" -CollectionFolder "Test" -Tag "EUR"
#

.\Create-CollectionsFromOUs.ps1 -OUSearchBase "OU=Workstations,OU=Internal IT,OU=JACKO,DC=JACKO,DC=LOCAL" -LimitingCollection "All Systems" -ExcludedOUS "Admin Accounts, Users" -MembershipRule "Query" -CollectionFolder "Test" -Tag "EUR"

For example, let’s pretend we have an AD OU structure a little something like this:

JACKO.local > JACKO > Internal IT > Workstations

Under workstations, imagine we had the following OUs

Meeting Room 1
Meeting Room 2
Office Ground
Office Second
Main Office
IT Office

Now picture each of these OUs having multiple devices and we need to create a device collection for each of them and add the devices within them to that collection. If there are only 6 like above then it’s an easy job and you might consider doing this manually at first, however if there are 50… you might not.

This is where the script comes into play, it is simple to use although it may look daunting at first. There are a couple of question you should ask first:

What do I want the limiting collection of all of these new collections to be?
Are there any OUs I do NOT want to create a collection for?
Do I want to only add the machines that are currently in the OUs to the collection or do I want to also add any devices that are added in the future to the OU?
Do I want these device collections to be in a folder within Config Manager?
Finally, do I want to identify these collections with a tag?

Question #1 corresponds to the “LimitingCollection” parameter, simply pass the name of the desired limiting collection.

Question #2 corresponds to the “ExcludedOUs” parameter, pass a comma-separated list of any OU names you do NOT wish to make a collection for.

Question #3 corresponds to the “MembershipRule” parameter, pass “Query” if you want to add all current AND future devices. Pass “Direct” if you only want to add current devices, but avoid adding any new devices added to the AD OU.

Question #4 is based on the “CollectionFolder” param, just pass the path of that folder. E.G. “Operational” or “Operational\Workstations”

Question #5 related to the “Tag” param. By default all these collections will be created with a name like:

OU Based | $CollectionName

as we believe that you should differentiate your collections and label the ones built from OUs. If you use a tag then the name will change slightly to:

OU Based | $Tag | $CollectionName

Tags are useful for separate sites and also avoid duplicate collection names across sites.

Last but not least, the most important parameter is the “OUSearchBase” param which is going to be the name of the OU which parents all of the other OUs you wish to make device collections based off. In our example we would have to the value

“OU=Workstations,OU=Internal IT,OU=JACKO,DC=JACKO,DC=LOCAL”

This would loop all OUs that are children of “Workstations” and create a device collection for each and automate all that hard work so you can sit back, relax, and have a coffee.

18th May 201818th May 2018

Set static IP on VM Pre LiteTouch in WinPE – MDT VBScript

I was working on a client site last year and setting them up a reference image task sequence for Windows 10. The VMs that I was working with were hosted in a subnet that did not have DHCP configured. This gave me the issue of configuring the IP statically on the VM that was used to build and capture the reference image BEFORE light touch is launched. So I wrote this little script (with google’s help) to grab the MAC address of the virtual NIC that had been initialised on the VM, match it to a variable and set the IP accordingly to the adaptor by referencing its name.

To implement this script into your MDT boot image there are a couple of steps that have to be performed. The first is to tell the boot image to run it beofre litetouch is called! To do this we have to place an updated Unattend.xml into the boot image.

Thankfully MDT has a proccess for adding extrafiles to your bootimage.
But firtly, we need to get sort out the script and xml.
So…

Create a folder called “Static IP”.

Then copy and paste the XML code from below into a text document and save it in the Static IP folder called “Unattend.xml”.

NOTE: This XML has been built to work with x64 boot images and x86.)

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Description>Set Static IP VM Based</Description>
                    <Order>1</Order>
                    <Path>cscript.exe x:\Set-WinPE-StaticIP.vbs</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Description>MDT</Description>
                    <Path>wscript.exe X:\Deploy\Scripts\LiteTouch.wsf</Path>
                    <Order>2</Order>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Description>Set Static IP VM Based</Description>
                    <Order>1</Order>
                    <Path>cscript.exe x:\Set-WinPE-StaticIP.vbs</Path>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Path>wscript.exe X:\Deploy\Scripts\LiteTouch.wsf</Path>
                    <Order>2</Order>
                    <Description>MDT</Description>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>
</unattend>

<?xml version="1.0" encoding="utf-8"?>

<Description>Set Static IP VM Based</Description>

<Path>cscript.exe x:\Set-WinPE-StaticIP.vbs</Path>

</RunSynchronousCommand>

<Path>wscript.exe X:\Deploy\Scripts\LiteTouch.wsf</Path>

</RunSynchronousCommand>

</RunSynchronous>

</component>

<Description>Set Static IP VM Based</Description>

<Path>cscript.exe x:\Set-WinPE-StaticIP.vbs</Path>

</RunSynchronousCommand>

<Path>wscript.exe X:\Deploy\Scripts\LiteTouch.wsf</Path>

</RunSynchronousCommand>

</RunSynchronous>

</component>

</settings>

</unattend>

Now open notepad again, copy and paste the VBscript from below and then save it as “Set-WinPE-StaticIP.vbs” into the “Static IP” Folder.

Now identify the MAC address of the VM(s) you will be targeting as this is what the script identifies the machine with, and place them into the MAC address variable fields (strRefVM1 & strRefVM2).

Now populate the IPs as required.

At this point is up to you to find the description of the network adaptor as this is used to grab the MAC address. I have supplied the two that I usually see for HyperV and VMware VMs but it is always best to check!

So boot up your current MDT Boot ISO and grab the description from the network adaptor that has been initialised by running an “Ipconfig /all”.
Now copy and paste it into the variable value for “strNetworkAdapter” or just uncomment the one you require.
And finally comment out the Ethernet name (strEthName) that does NOT apply to your environment. For example if you are running Hyper V VMs comment out the VMware line and vice versa.

'====================================================
'Author: Richie Schuster C5 Alliance
'Date  : 19-09-2017
'Info  : Script sets IP address in WinPE for MDT by Machine MAC
'====================================================

'Variables and Const
Dim strMAC
Const strMachineName = "."
Const strNetworkAdapter = "Intel(R) 82574L Gigabit Network Connection" 'Vmware
'Const strNetworkAdapter = "Intel 21140-Based PCI Fast Ethernet Adapter (Emulated)" 'HyperV
Const strRefVM1 = "00:0C:29:8B:7C:AD"
Const strRefVM2 = "00:0C:29:8B:7C:A2"
Const strDNS1 = "10.193.0.1"
Const strDNS2 = "10.193.0.2"
Const strGW = "10.193.16.254"
Const strSubNet = "255.255.255.0"
Const strRefVM1ip = "10.193.16.15"
Const strRefVM2ip = "10.193.16.16"
Const strEthName = "Ethernet0" 'VMWare
'Const strEthName = "Ethernet" 'HyperV

'Create Shell object
Set objShell = WScript.CreateObject("WScript.Shell")

'Run Sub to get MAC of machine
getMAC strMachineName

'Echo the MAC
Wscript.Echo "Machine MAC Address: " & strMAC

'Check which machine it is and then set IP and DNS servers accordingly
If strMAC = strRefVM1 Then
   WScript.Echo "Reference Machine 1 found. Setting IP..."
	Return = objShell.Run("cmd.exe /c netsh int ipv4 set address name=" & strEthName & " static " & strRefVM1ip & " " & strSubNet & " " &  strGW & " 1", 1, true)
	Return = objShell.Run("cmd.exe /c netsh interface ipv4 set dns " & strEthName & " static " & strDNS1, 1, true)
	Return = objShell.Run("cmd.exe /c netsh interface ipv4 add dnsserver name=" & strEthName & " address=" & strDNS2 & " index=2", 1, true)
ElseIf strMAC = strRefVM2 Then
   WScript.Echo "Reference Machine 2 found. Setting IP..."
	Return = objShell.Run("cmd.exe /c netsh int ipv4 set address name=" & strEthName & " static " & strRefVM2ip & " " & strSubNet & " " &  strGW & " 1", 1, true)
	Return = objShell.Run("cmd.exe /c netsh interface ipv4 set dns " & strEthName & " static " & strDNS1, 1, true)
	Return = objShell.Run("cmd.exe /c netsh interface ipv4 add dnsserver name=" & strEthName & " address=" & strDNS2 & " index=2", 1, true)
Else
   WScript.Echo "Machine not Configured for Static IP in script."
End If

'Sleep to allow for machine to correctly connect.
WScript.Sleep(10000)

Sub getMAC(strComputer)

	Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
	Set colItems = objWMIService.ExecQuery _
		("Select * From Win32_NetworkAdapterConfiguration Where Description = '" & strNetworkAdapter & "'")

	For Each objItem in colItems
		strMAC = objItem.MACAddress
	Next
End Sub

'====================================================

'Author: Richie Schuster C5 Alliance

'Date : 19-09-2017

'Info : Script sets IP address in WinPE for MDT by Machine MAC

'====================================================

'Variables and Const

Dim strMAC

Const strMachineName = "."

Const strNetworkAdapter = "Intel(R) 82574L Gigabit Network Connection" 'Vmware

'Const strNetworkAdapter = "Intel 21140-Based PCI Fast Ethernet Adapter (Emulated)" 'HyperV

Const strRefVM1 = "00:0C:29:8B:7C:AD"

Const strRefVM2 = "00:0C:29:8B:7C:A2"

Const strDNS1 = "10.193.0.1"

Const strDNS2 = "10.193.0.2"

Const strGW = "10.193.16.254"

Const strSubNet = "255.255.255.0"

Const strRefVM1ip = "10.193.16.15"

Const strRefVM2ip = "10.193.16.16"

Const strEthName = "Ethernet0" 'VMWare

'Const strEthName = "Ethernet" 'HyperV

'Create Shell object

Set objShell = WScript.CreateObject("WScript.Shell")

'Run Sub to get MAC of machine

getMAC strMachineName

'Echo the MAC

Wscript.Echo "Machine MAC Address: " & strMAC

'Check which machine it is and then set IP and DNS servers accordingly

If strMAC = strRefVM1 Then

WScript.Echo "Reference Machine 1 found. Setting IP..."

Return = objShell.Run("cmd.exe /c netsh int ipv4 set address name=" & strEthName & " static " & strRefVM1ip & " " & strSubNet & " " & strGW & " 1", 1, true)

Return = objShell.Run("cmd.exe /c netsh interface ipv4 set dns " & strEthName & " static " & strDNS1, 1, true)

Return = objShell.Run("cmd.exe /c netsh interface ipv4 add dnsserver name=" & strEthName & " address=" & strDNS2 & " index=2", 1, true)

ElseIf strMAC = strRefVM2 Then

WScript.Echo "Reference Machine 2 found. Setting IP..."

Return = objShell.Run("cmd.exe /c netsh int ipv4 set address name=" & strEthName & " static " & strRefVM2ip & " " & strSubNet & " " & strGW & " 1", 1, true)

Return = objShell.Run("cmd.exe /c netsh interface ipv4 set dns " & strEthName & " static " & strDNS1, 1, true)

Return = objShell.Run("cmd.exe /c netsh interface ipv4 add dnsserver name=" & strEthName & " address=" & strDNS2 & " index=2", 1, true)

Else

WScript.Echo "Machine not Configured for Static IP in script."

End If

'Sleep to allow for machine to correctly connect.

WScript.Sleep(10000)

Sub getMAC(strComputer)

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colItems = objWMIService.ExecQuery _

("Select * From Win32_NetworkAdapterConfiguration Where Description = '" & strNetworkAdapter & "'")

For Each objItem in colItems

strMAC = objItem.MACAddress

End Sub

Now open MDT and right click your deployment share and click “properties”.

Now select the “Windows PE” tab.

For each boot image you require the static IPs to be set click browse on the “Extra directory to add” field and import the “Static IP” folder.

Next click Apply.

Now right click the deployment share and update your boot images.

And thats it! Mount the ISO on your VM and hey presto…. no more IP issues! 🙂

18th May 2018

Remotely change Site Code WMIC SCCM CMD

Below is a quick WMIC CMD line that will change the site assignment of a client remotely. Bare in mind that account you use must have Administrative access to the machine you are targeting.

Wmic.exe /node:"TARGET-MACHINE-NAME-HERE" /namespace:\\root\ccm path sms_client CALL SetAssignedSite "P01" /NOINTERACTIVE

1	Wmic.exe /node:"TARGET-MACHINE-NAME-HERE" /namespace:\\root\ccm path sms_client CALL SetAssignedSite "P01" /NOINTERACTIVE

This version will read from a text file the machines that require the Site Code change. Again though, bare in mind that the account running the command must have Administrative access to the machines in question.

Wmic.exe /node:@Machines.txt /namespace:\\root\ccm path sms_client CALL SetAssignedSite "P01" /NOINTERACTIVE

1	Wmic.exe /node:@Machines.txt /namespace:\\root\ccm path sms_client CALL SetAssignedSite "P01" /NOINTERACTIVE

18th May 2018

PowerShell add Computers to Collection from CSV – SCCM ConfigMgr

This is a quick and dirty PowerShell script to import from CSV using the name of the machine to find the resource ID. It will only work for machines that are already a member of the Site you are working on.

For example you could use one of my other scripts to export from one collection and then add to a new collection.

As always this is provided as is, usage is in the header and please use the modded by field 😉

#################################################################################################################
#Author:   Richie Schuster - SCCMOG.COM                                                                         #
#ModdedBy: You Name Here                                                                                        #
#Script:   Import-AddToCollectionfromCSV.ps1                                                                    #
#Date:     26/06/2017                                                                                           #
#Usage:    Import-AddToCollectionfromCSV.ps1 -CollectionID S0G001BA -SiteCode S0G -CSVin "C:\Temp\YourCSV.csv"  #
#################################################################################################################

#Params for Script execution
param 
(
[parameter(mandatory=$true,HelpMessage="Please, provide a Collection ID to add the machines to e.g. P01000F4 ")][ValidateNotNullOrEmpty()][String]$CollectionID,
[parameter(mandatory=$true,HelpMessage="Please, provide a SCCM SiteCode. e.g S0G")][ValidateNotNullOrEmpty()][String]$SiteCode,
[parameter(mandatory=$true,HelpMessage="Please, provide a location to import the CSV file from with the filename. e.g C:\Temp\YourCSV.csv")][ValidateNotNullOrEmpty()][String]$CSVin
)
#Import the ConfigurationManager.psd1 module 
Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1"
#Set the current location to be the site code.
Set-Location "$SiteCode`:"

#$ErrorActionPreference= 'silentlycontinue'
#Get the content of the CSV file
$Computers = Import-Csv $CSVin

#Loop through each Device and perform actions
Foreach ($Computer in $Computers) {
    #Get Device Resource ID
    $ResourceID = (Get-CMDevice -name $($Computer.Name)).ResourceID
    #Add the Device to the Collection specified
    Write-Host "Adding Machine $($Computer.Name) ResourceID: $ResourceID" -ForegroundColor Yellow
    add-cmdevicecollectiondirectmembershiprule -CollectionId $CollectionID -resourceid $ResourceID -Verbose 

} 
#Set location of script back to script root.
Set-Location $PSScriptRoot

###########################################################################

#################################################################################################################

#Author: Richie Schuster - SCCMOG.COM #

#ModdedBy: You Name Here #

#Script: Import-AddToCollectionfromCSV.ps1 #

#Date: 26/06/2017 #

#Usage: Import-AddToCollectionfromCSV.ps1 -CollectionID S0G001BA -SiteCode S0G -CSVin "C:\Temp\YourCSV.csv" #

#################################################################################################################

#Params for Script execution

param

(

[parameter(mandatory=$true,HelpMessage="Please, provide a Collection ID to add the machines to e.g. P01000F4 ")][ValidateNotNullOrEmpty()][String]$CollectionID,

[parameter(mandatory=$true,HelpMessage="Please, provide a SCCM SiteCode. e.g S0G")][ValidateNotNullOrEmpty()][String]$SiteCode,

[parameter(mandatory=$true,HelpMessage="Please, provide a location to import the CSV file from with the filename. e.g C:\Temp\YourCSV.csv")][ValidateNotNullOrEmpty()][String]$CSVin

)

#Import the ConfigurationManager.psd1 module

Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1"

#Set the current location to be the site code.

Set-Location "$SiteCode`:"

#$ErrorActionPreference= 'silentlycontinue'

#Get the content of the CSV file

$Computers = Import-Csv $CSVin

#Loop through each Device and perform actions

Foreach ($Computer in $Computers) {

#Get Device Resource ID

$ResourceID = (Get-CMDevice -name $($Computer.Name)).ResourceID

#Add the Device to the Collection specified

Write-Host "Adding Machine $($Computer.Name) ResourceID: $ResourceID" -ForegroundColor Yellow

add-cmdevicecollectiondirectmembershiprule -CollectionId $CollectionID -resourceid $ResourceID -Verbose

}

#Set location of script back to script root.

Set-Location $PSScriptRoot

###########################################################################