I am attempting to assign a computer to a security group within a task sequence during the System Restore phase.
I have customized the deployment wizard to add a drop-down list to the ComputerName portion of the deployment wizard. This drop-down list has a small number of selections that have been manually assigned values that correspond to the guid of the security groups that the computer may be assigned to. This value is then assigned to a new MDT Property called "DomainUpdateGroup". When the summary page is displayed, this value is correctly populated into the Variables.dat. Then during the system restore phase of the deployment, I have created a "Run Command Line" step that calls the script from the scripts folder of the deployment share (%scriptroot%). Because the task that is being performed requires Active Directory permissions, the script is being run as an account with the permissions to make changes to computer objects.
<job id="Z-Sample"><script language="VBScript" src="ZTIUtility.vbs"/><script language="VBScript">
' //***************************************************************************
' // ***** Script Header *****
' //
' // Solution: Solution Accelerator for Microsoft Deployment
' // File: Z-Sample.wsf
' //
' // Purpose: Template
' //
' // Usage: cscript Z-Sample.wsf [/debug:true]
' //
' // Customer Build Version: 1.0.0
' // Customer Script Version: 1.0.0
' // Customer History:
' //
' // ***** End Header *****
' //***************************************************************************
'//----------------------------------------------------------------------------
'//
'// Global constant and variable declarations
'//
'//----------------------------------------------------------------------------
Option Explicit
Dim iRetVal
'//----------------------------------------------------------------------------
'// End declarations
'//----------------------------------------------------------------------------
'//----------------------------------------------------------------------------
'// Main routine
'//----------------------------------------------------------------------------
On Error Resume Next
iRetVal = ZTIProcess
ProcessResults iRetVal
On Error Goto 0
'//---------------------------------------------------------------------------
'//
'// Function: ZTIProcess()
'//
'// Input: None
'//
'// Return: Success - 0
'// Failure - non-zero
'//
'// Purpose: Perform main ZTI processing
'//
'//---------------------------------------------------------------------------
Function ZTIProcess()
iRetVal = Success
ZTIProcess = iRetval
'!!!!!!!!!!! INSERT YOUR CODE HERE !!!!!!!!!!!!
Dim strUpdateGroup, strComputerCN, UpdateGroupMember, arrDomainUpdateGroupMembers
Set oSystemInfo = CreateObject("ADSystemInfo")
strUpdateGroup = oEnvironment.Item("DomainUpdateGroup") 'value here is the guid of the security group
strComputerCN = oSystemInfo.ComputerName 'returns the distinguished name of computer
'bind to Update Group object to add computer to security group
Set oDomainUpdateGroup= getObject("LDAP://domain/<" & strUpdateGroup & ">") 'format string for LDAP query using a guid binding
oDomainUpdateGroup.getInfo
arrDomainUpdateGroupMembers = oDomainUpdateGroup.getEx("member")
'validate group membership and add to selected group if not a member
For Each UpdateGroupMember in arrDomainUpdateGroupMembers
If UpdateGroupMember = strComputerCN Then
'computer is already a member of this security group
Exit For
Else
'add computer object to security group
oDomainUpdateGroup.Add("LDAP://" & strComputerCN)
oDomainUpdateGroup.setInfo
Exit For
End If
Next
End Function</script></job>The wsf file was placed into the mdt scripting template. The coding above (less the MDT templating information) will run if executed from a command line that was started in the run as context of the same user designated in the task sequence.
When this script is called from the task sequence it fails and returns an error (500) Variable is undefined. Unable to create WebService class. Unless I am missing something in my script I don't have an undeclared variable and I don't think I am instantiating a web service class either.
Any ideas as to why this might be occurring?