I have a powershell script that we use during a Microsoft SCCM PXE task sequence for naming a PC. It worked flawlessly until a recent upgrade to SCCM 2012 R2 by the primary server admin.
Now when the code runs search if a user is in a specified AD group needed to complete the PXE build it gives this COM error
Exception calling "FindAll" with "0" argument(s): "Unknown error (0x80005000)" At X:\Windows\System32\OSD\x86_PXE.ps1:202 char:1+ $colResults = $objSearcher.FindAll() # Finds all items that match search and put ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException+ FullyQualifiedErrorId : COMException
I have searched far and wide to try and solve this. It seems like a .Net error but I have been unsuccessful in resolving it.
Below is the relevant code. Note that this is being ran in Windows PE that is included with SCCM 2012 R2 as well as the current Windows ADK. It is most likely going to work just fine on a normal PC as it does on mine.
Things to note, you will need to change to match you environments
- $Domain
- $strFilter - specifically "Memberof=cn=<AD_group>"
- $objOU - server path
function get-humadcreds {
$global:creds = get-credential -message "Please authenticate to Domain"
$global:UserName = $creds.username
$global:encPassword = $creds.password
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encpassword)) # Converts secure string to plain text
$Domain = #Domain
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ct,$Domain
$authed = $pc.ValidateCredentials($UserName,$Password)
# Recursively requests credentials if authorization fails
if ($authed -eq $false)
{
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show("Authentication failed - please retry!")
get-humadcreds
}
}
get-humadcreds # Gets AD credentials from user
###Provisioning Authentication
$strFilter = "(&(objectCategory=user)(SAMACCOUNTNAME=$global:UserName)(|(Memberof=cn=,OU=Delegation,OU=HQ,dc=,dc=,dc=)))" # Filter for searching
$decodedpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encpassword)) # Decoded password from AD Auth
$objOU = New-Object System.DirectoryServices.DirectoryEntry("LDAP://server/OU=HQ,dc=,dc=,dc=",$global:username,$decodedpassword) # Authentication must specify domain controller
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objOU # Starts search in this OU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter # Applies filter to search
$objSearcher.SearchScope = "Subtree"
$colProplist = "name"
$isInProvGroup = $False # Defaults value to false.
echo $objSearcher >> C:\Windows\System32\OSD\results.txt
$colResults = $objSearcher.FindAll() # Finds all items that match search and puts them in array $colResults
echo $colResults
foreach ($objResult in $colResults)
{
$isInProvGroup=$True #If user is in D_HQ_AddComputers (if $colResults is not empty), result will be true
}
echo $isInProvGroupPE OS Verson 6.3.9600.16384