Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, November 1, 2013 9:04 PM
Hi Guys,
I have AD 2003/2008 R2 forest level is 2003. I developed powershell script which activate computer (install license) based on computer provided name (input param).
Now, I want to automate this process and run script on the event when a computer is joined to domain, pls help.
P.S. I don't want use event trigger on DC, because i don't want to set event trigger on all 3 DCs.
All replies (8)
Sunday, November 3, 2013 8:59 AM ✅Answered | 1 vote
Thx Luca for feedback.
The suggested both solution i know and each of them has its disadvantage:
1. I don't want to schedule event trigger on all three DCs.
2. Our support team create computer object in appropriate OU and then join computer to domain, so Computer OU never used.
Hello Artak,
I explain my answers:
- You don't need to schedule event trigger on all three DCs. You can use PowerShell to connect to each of your DCs remotely and search for Event.
- I think this way is better. If your support team create computer in appropriate OU, then your PowerShell will search on that OU (instead of default Computers) - it is flexible !!! An example is just that written by Samus-Aran but you need to change SearchBase argument with your OU.
So, what are disadvantages ?
Then to answer to your latest question "We have cases when support team change Office version and it's also needs to be activated. The question is, can i determinate that Office on that particularity computer is changed in order to activate it", I have another question: why don't you use VAMT (Microsoft Volume Activation Management Tool) ? It was created for these purposes. MS TechNet Library Introduction to VAMT.
Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on Vote As Help and click on Mark As Answer if a post answers your question.
Sunday, November 3, 2013 11:41 AM ✅Answered | 1 vote
Okey!
First of all, I think it is amazing that you have 1500 computers in your environment and you still install them manually! There are free tools for this like MDT. If you can't have that for some reason you could install a KMS server that activates Windows and office for you.
There is no way for a script to know if office is activated or not if it does not connect to the computer and check, right? That information is not stored in AD.
What you could do is to use a logon script or maybe startupscript that will check if office is activated and if not activate it.
This is for Office 2010 on a 64-bit computer (Office14)
#Office 2010 on a 64-bit computer#
$strOfficePath = Join-Path -Path "C:\Program Files (x86)\Microsoft Office\Office14" -ChildPath "OSPP.VBS"
$strLic = cscript "$strOfficePath" /dstatus | Select-String -Pattern 'LICENSE STATUS'
IF ($strLic -match 'Licensed') {
Write-Host "Office is Activated!"
}ElseIf ($strLic -match 'Unlicensed') {
Write-Host "You need to the Activate!"
cscript "$strOfficePath" /Inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
cscript "$strOfficePath" /act
}
This will run ospp.vbs /dstatus and check Licence Status. I don't know if its the same for the other office versions. A problem with this is that you need to put your office license key in your script which might not be optimum as it will be accessible to the users!
So what you could do is to let the logon/startup script let you know if an office installation is not activated like putting a file on a share with the computername and let another script check this share for computers which then activates office remotely with powershell or psexec but now its getting way, way, way to complex :)
You should really consider to start using WDS, MDT and/or KMS.
Well, theres a start.
Good Luckish!
Friday, November 1, 2013 9:41 PM | 1 vote
Hello Artak,
first of all you should ask to yourself: how can I verify if a computer is joined to domain ?
So the answer(s) could be:
- Checking Windows Security Log (Event Viewer): 4741: A computer account was created (Windows Vista, Windows Server 2008); 645: Computer Account Created (Windows Server 2000, 2003)
- Checking Computers OU for new Computer Accounts
Then you could create a PowerShell Script scheduled to run every x minutes checking one of points above, filtering data from latest launch until now (preventing computers re-activation).
Bye,
Luca
Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on Vote As Help and click on Mark As Answer if a post answers your question.
Friday, November 1, 2013 9:41 PM | 2 votes
How is the computers installed? Manually? MDT? SCCM?
It seems like a task for the person who joins the computer to the domain.
Anyhow, you could schedule this script to run every hour:
Get-ADComputer -Filter * -Properties Created -SearchBase "CN=Computers,DC=Domain,DC=COM" |
where {$_.Created -gt $((Get-Date).AddHours(-1))} |
foreach {
RunYourFunction -computerName $($_.Name)
}
This will list all computers in "CN=Computers,DC=Domain,DC=COM" that where created/joined to the domain for the last hour and the run the function "RunYourFunction" with the computername as the parameter.
So if you run this every hour then you should be able to catch'em all!
Sunday, November 3, 2013 8:03 AM
Thx Luca for feedback.
The suggested both solution i know and each of them has its disadvantage:
1. I don't want to schedule event trigger on all three DCs.
2. Our support team create computer object in appropriate OU and then join computer to domain, so Computer OU never used.
Sunday, November 3, 2013 8:09 AM
Computers is installed manually, however the provide solution looks great.
Can we make it a little more complicated :)
We have cases when support team change Office version and it's also needs to be activated. The question is, can i determinate that Office on that particularity computer is changed in order to activate it.
Please don't suggest to scan all computers daily as i have 1500 computers and scan takes a day.
Monday, November 4, 2013 6:43 AM
Thanks! you gave a good idea, startaup script. I'll do it with run once configuration and strart up script will call another script on server, which will start activate process. BTW i have installed VAMT and computers are installed with MDT, but its under responsibility of support team, meanwhile activation is our.
Monday, November 4, 2013 3:23 PM
Okey!
Why don't you just add the windows key to the MDT task sequence and add another step to activate office and then you can just spend your days drinking coffee? :)