Use PowerShell To Add Computers To AD Security Groups During ...

Home » Add Computer To Sccm Powershell » Use PowerShell To Add Computers To AD Security Groups During ...

Maybe your like

Successfully Tested On: Microsoft System Center Configuration Manager versions 2012 R2 – 1906, Microsoft Endpoint Configuration Manager versions 1910 – 2203, Windows 10 Enterprise versions 1809 – 22H1

Thanks to Stephen Cain for pointing out the below method!

Microsoft System Center Configuration Manager (or should I say Microsoft Endpoint Configuration Manager?) Task Sequences are a fantastic way to image and deploy Windows computers. Task Sequences include a wide variety of functions to help modify and customize computers.

One thing Windows administrators may want to do is join a computer to a specific AD security group during a Task Sequence. If one tries this by adding a Run PowerShell Script task using the Add-ADGroupMember cmdlet, the result may not work. This can be because Windows does not include the Remote Server Administration Tools (RSAT) by default, which is what contains the AD cmdlets like Add-ADGroupMember. Luckily adding only a couple more commands solves this problem. We’ll make use of info we published in a previous article Use PowerShell to install Active Directory Users and Computers.

Install & Uninstall RSAT AD Tools

To successfully add a computer to an AD security group during a Task Sequence, run three commands within the Run PowerShell Script task: First to install the AD tools (using Add-WindowsCapability cmdelt), second to add the computer to the AD group (using Add-ADGroupMember cmdlet), and lastly to clean up and remove the AD tools (using Remove-WindowsCapability cmdlet).

Those three commands together will be:

Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0" Add-ADGroupMember -Identity "GroupNameHere" -Members $env:ComputerName$ Remove-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"

The last command can be excluded if for some reason the AD tools need to remain installed.

When those commands are added to a Task Sequence with a Run PowerShell Script step:

The account specified to run the script will need to have rights in the domain to join members to the group.

Using these three commands in combination have successfully helped me reliably join computers to AD security groups during my setup processes. And that’s a good thing.

Share this:

  • X
  • Facebook
Like Loading…

Tag » Add Computer To Sccm Powershell