One of the nice things about a Windows 7 SOE is it opens up the use of Powershell during the second phase of the OS installation. Part of the SOE design for I worked on required some manipuation of items in Active Directory. Doing this in VBScript is something I’ve found difficult, while it can be very easy in Powershell, especially if using the Quest AD cmdlets.
In this situation, the requirement was to move the computer account from the default location for the machine account creation (the Computers container) to an custom OU so the computer would fall under the influence of numerous group policies. The script is detailed below:
add-pssnapin quest.activeroles.admanagement $strComputer = $env:computername $currDate = get-date -format g add-content -path c:windowstempASGMoveComputertoCorrectOU.log -value "$currDate --- Starting OU Check" $strGetComputer = get-qadcomputer $strComputer | select sid,GUID $strGetComputerSID = $strGetComputer.sid $strParentDN = get-qadobject -identity $strComputer -type computer | select parentcontainerdn $currDate = get-date -format g add-content -path c:windowstempASGMoveComputertoCorrectOU.log -value "$currDate --- Current OU is $strParentDN" if ($strParentDN.ParentContainerDN -eq "OU=Windows7SOETesting,OU=SCCM Managed PCs,DC=asggroup,DC=com,DC=au" ) { $currDate = get-date -format g add-content -path c:windowstempASGMoveComputertoCorrectOU.log -value "$currDate --- This computer is in the correct OU" } else { $currDate = get-date -format g add-content -path c:windowstempASGMoveComputertoCorrectOU.log -value "$currDate --- This computer is not in the correct OU" add-content -path c:windowstempASGMoveComputertoCorrectOU.log -value "$currDate --- Attempting to move this computer with SID $strGetComputerSID to the correct OU...." move-qadobject -identity $strGetComputersid -NewParentContainer 'OU=Windows7SOETesting,OU=SCCM_Devices,DC=contoso,DC=com' add-content -path c:windowstempASGMoveComputertoCorrectOU.log -value "$currDate --- Move operation completed." } remove-pssnapin quest.activeroles.admanagement
A lot of the code is taken up with various setup code, but the key line is 22, which moves the machine account to the Windows 7 SOE OU.