March 31 2010

Query to show members of an AD group

You’ll often need a quick way to get the names of users in a particular Active Directory group into a text or Excel file for reporting or other reasons. You can use dsquery to achieve this easily:

dsquery group -name "group name" | dsget group -members -expand | dsget user -fn -ln

Of course you can also change the ‘dsget user -fn -ln’ to display or remove attributes, eg ‘dsget user -samid’ will show the username. You can also pipe this into a text file.



----------------------------------------------------------------------------
I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.

----------------------------------------------------------------------------

March 27 2010

Simple query to find if processor is 64 bit capable

I’ve often used a very simple query to find if a processor is 64 bit capable. Open up a command prompt and enter the following:
wmic cpu get datawidth
I doesn’t matter the version of the Operating System you are running, this WMI query will return the actually hardware processor capability. If it returns a value of 64, this means that the hardware is 64-bit capable, so you can go ahead and load up a 64-bit version of the OS. If the value is returned as 32 then unfortunately your hardware is only 32-bit capable and you are stuck with the 32-bit version of the OS.

March 26 2010

Find resource name for SCCM GUID

You will often see the below error or similar in SCCM:

MP has rejected a policy request from GUID:2904FFA9-C49D-48B3-BE9B-D4B4FFEF7C96 because it was not approved. The operating system reported error 2147942405: Access is denied.

I have written a SCCM report to pull back the resource name so you can then go and approve it or investigate further. Create a new SCCM report with the following SQL query:

select * from v_R_System where v_R_System.SMS_Unique_Identifier0=@GUID

In the prompts section, create a value with the name GUID. Now when you run the report, you will be prompted for the GUID value – enter it in the format of GUID:2904FFA9-C49D-48B3-BE9B-D4B4FFEF7C96. This will now return the resource / computer name.

 

 

March 23 2010

Windows Deployment Services (WDS) cache

We’ve had a constant frustration where clients would try to PXE boot more than once within an one hour period with the result being that the PXE boot fails. This problem occurs because of a PXE cache limitation (1 hour) set by default.

You can also confirm this configuration by looking in the smspxe.log file:

Loaded PXE settings from reg key HKLMSoftwareMicrosoftSMSPXE:
PXE Settings:
IsActive: Yes
SupportUnknownMachines: No
MACIgnoreListFile:
ResponseDelay: 0
CacheExpire: 3600
HTTP Port: 80
HTTPS Port: 443
IISSSLState: 0x0
BindPolicy: Exclude
TRK:
SiteSignCert:
Root CA Certs:
PXE GUID: fab8bfcc-3b15-431a-828d-fbfd184c3813
PXEPassword:

To fix this, reduce the cache size. Open regedit and navigate to HKEY_LOCAL_MACHINESoftwareMicrosoftSMSPXE (or for 64-bit OS, head to HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSMSPXE). Modify the CacheExpire DWORD and set it to a lower value, in my case I set it to decimal value of 1, meaning that cache will only last for 1 second.

Restart the WDS service.

Further info here – http://support.microsoft.com/kb/2019640

 

 

March 16 2010

Edit the registry inside a WIM file

An oldie but a goodie – this came about again when creating Windows 7 WIM files for SCCM. It really does save a lot of time – otherwise you would need to deploy your image, make changes to the registry and then recapture. This process is much quicker! I use the DISM tool from the WAIK toolkit but you could also use imageX to mount the image.

Steps:

Mount the WIM

Open the Deployment Tools Command prompt and enter:

dism /mount-wim /wimfile:d:temptest.wim /index:1 /mountdir:c:mount

Result:

D:>dism /mount-wim /wimfile:d:temptest.wim /index:1 /mountdir:c:mount
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Mounting image
[==========================100.0%==========================]
The operation completed successfully.

 

Load the registry hive

From a command prompt enter:

reg load HKLMtest c:mountwindowssystem32configsoftware

Result:

D:>reg load HKLMtest c:mountwindowssystem32configsoftware
The operation completed successfully.

 

Open regedit

You will then see the registry that is contained in the WIM file, in this case it is called test. Make your changes, then exit regedit.

 

Unload the registry hive

From a command prompt enter:

reg unload HKLMtest

Result:
D:>reg unload HKLMtest
The operation completed successfully.

 

Unmount the image

Open the Deployment Tools Command prompt and enter:

dism /unmount-wim /mountdir:c:mount /commit

Result:

D:>dism /unmount-wim /mountdir:c:mount /commit
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image File : d:temptest.wim
Image Index : 1
Saving image
[==========================100.0%==========================]
Unmounting image
[==========================100.0%==========================]
The operation completed successfully.

 

March 12 2010

Send SCCM task sequence email report

I wanted an easy way to know if OS deployments were failing or succeeding. We’ve come up with a good way of sending an email outlining task sequence completion status.

  • In SCCM, create a Status Filter rule by going to Site Database – Site Management – Primary Site – Site Settings – Status Filter Rules.
  • On the general tab, use Component : Task Sequence Manager, Message ID: 11170 . (11170 signifies failure, 11171 is for success.)
  • On the actions tab, tick Run a program and use something like ‘powershell.exe D:SCRIPTSTS_Email_Notification.PS1 %msgsys’.

TS_Email_Notification.PS1 should contain the following:

param([string]$strComputerName)
$erroractionpreference = "SilentlyContinue"
$strSMTP = "mail.domain.com"
$strSubject = "SCCM OSD Deployment Completed for $strComputerName"
$strBody = "$strComputerName has Completed the Task Sequence"
$MailMessage = New-Object System.Net.Mail.MailMessage
$MailMessage.IsBodyHtml = $true
$SMTPClient = New-Object System.Net.Mail.smtpClient
$SMTPClient.host = $strSMTP
$Sender = New-Object System.Net.Mail.MailAddress("sender@domain.com", "Sender")
$Recipient = New-Object System.Net.Mail.MailAddress("recipient@domain.com", "Recipient")
$MailMessage.Sender = $Sender
$MailMessage.From = $Sender
$MailMessage.Subject = $strSubject
$MailMessage.To.add($Recipient)
$MailMessage.Body = $strBody
$SMTPClient.Send($MailMessage)

You just need to adjust the above Powershell script for your mail settings and you will now receive an email each time there is a successful or failed OS deployment.