Workflow to add computer to Active Diretory

Similar Messages

• Orchestrator Active Directory Add Computer to Group

  Having trouble with the Add Computer to Group activity. I can't seem to find the right reference for an OU in my active directory forest (/Servers/KC). Any help?
  William Busby, PMP

  Hi William,
  you can use the "Get Computer" and "Get Group" Activities to get all the information for the Group and Computer including the Distinguished Name. In the Filter tab of the two "Get-Activities" you can filter with name and other things.
  The you can right click on the field for the Distinguished Names in the "Add Computer To Group" Activity and click Subscribe -> Publihed Data and choose the Distinguished Names you get as result from the Activities before.
  Regards,
  Stefan
  German Orchestrator Portal ,
  My blog in English

• Unable to launch Lumira when BO Analysis for Office add-in is active

  Hi guys,
  Has anyone else noticed that you don't seem to be able to launch Lumira when the BusinessObjects Analysis for Office add-in is active? Is it just me or is this a bug?
  Thanks,
  Stephen

  I'm not. Where can I download this from as the free download is still 1.8. Thanks as alwasy. And p.s. do you ever sleep ?
  Thanks,
  Stephen

• Can I add a second activity indicator? (Or more)

  I have Firefox 4.0.1 Just wanted to know if it's possible to add a second activity indicator or more.

  You can't add a second AGP card (there is only one AGP slot on the motherboard). You could add a PCI graphics card, but you will get much better performance by replacing your current AGP card with one that supports two monitors. There are various options depending on whether you have a display using ADC, how much performance you want, and price.
  If you need ADC and don't want to buy a DVI to ADC adapter, you can look for a used Macintosh NVIDIA GeForce 2 MX Twinview or NVIDIA GeForce 4 Titanium. These don't support Core Video, so will not be able to take advantage of some features and speed improvements in Tiger.
  If you don't need ADC, or get a DVI to ADC adapter, you can get much better performance. The best (but expensive) is the ATI Radeon 9800 Pro Mac Edition 256MB. It has a DVI and a VGA port.
  A lot cheaper, and a bit slower, is the ATI Radeon 9600 Pro Power Mac G5 edition, modified to work in a G4 Quicksilver. See:
  <http://eshop.macsales.com/item/Apple/630ATI96G4/>
  With this card you will need an ADC to VGA adapter to run your second monitor. The other port is DVI.
  Beware of the ATI Radeon 9600 Pro PC & Mac Edition 256MB card. It will not work in some Quicksilver modes.

• How to add "Computer Description" locally to 300 Servers in our domain via PowerShell.

  I'd like to use Powershell to add "Computer Description" locally to 300 Servers in domain.
  I found a solution here which works but it adds "Computer Description" only to a single computer.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/a777f07c-f9be-4eb5-8788-de7e5c068411/changing-computer-descriptions-remotely-using-powershell?forum=winserverpowershell
  I do have a CSV file with two column headers "Server" and "Description" containing Computer Description for all 300 Servers. 
  I'm new to Powershell and would appreciate a step by step method.
  Thanks.
  st

  Hi Mike Laughlin,
  Your Script worked beautifully on most Servers.
  There were some Servers on which it did not work. It showed this error in red color:
  Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT:
  0x800706BA)
  At line:2 char:17
  +     $OSValues = Get-WmiObject -Class Win32_OperatingSystem -ComputerName
  $_.Serv ...
  +
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMExcept
     ion
      + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands
     .GetWmiObjectCommand
  Property 'Description' cannot be found on this object; make sure it exists and
  is settable.
  At line:3 char:5
  +     $OSValues.Description = $_.Description
  +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
      + FullyQualifiedErrorId : PropertyNotFound
  You cannot call a method on a null-valued expression.
  At line:4 char:5
  +     $OSValues.Put()
  +     ~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
      + FullyQualifiedErrorId : InvokeMethodOnNull
  Hi tommymaynard,
  Should I now try your Script ?

• Itunes match set up fine on my mac. my man's pc only creates a limited match page without graphics and won't allow add computer. why?

  have set up itunes match on mac. this works fine linked to apple tv. my man wants to 'add computer' from itunes held on a pc. he is unable to do this. link to the apple store takes a while, can sign in using apple id but....accessto itunes match is very slow and only brings up a limited page with no graphics. there is an option for 'add computer' but it does nothing. missing something?

  To add another computer, that computer must be signed into your iTunes Store account.

• SCCM 2007 OSD to add computer account to domain

  Running SCCM 2007 R2 OSD to add computer account to domain has always been working, until recently after I added Intel 217/218 NIC drivers to the PE boot image.
  The task sequence "Apply Network Settings" runs successfully though. It broke other TS steps too, such as enabling BitLocker, because, I guess, if the computer is not domain-joined, it won't be able to write recovery key to AD. I can use the same
  network account to manually add the computer to domain. This doesn't seem to be a network issue, because the NIC drivers are applied, and software installation in the TS runs with no issue.
  Here's the deployment log:
  ==============================[ OSDNetSettings.exe ]===========================
  Command line: "osdnetsettings.exe" configure Setting %SystemRoot% to "D:\Windows"
  Loading existing answer file "D:\Windows\panther\unattend\unattend.xml"
  Configuring global network settings
  Join type: 0 Joining domain: MyDomainName
  Getting namespace "Microsoft-Windows-UnattendedJoin" for architecture "amd64"
  DNS domain:  DNS domain search order:  IP filter sec enabled: false
  No adapters found in environment. 
  Performing global configuration only.
  Writing configuration information to D:\Windows\panther\unattend\unattend.xml
  Successfully saved configuration information to D:\Windows\panther\unattend\unattend.xml
  Configuring "OSDNetSettings.exe finalize" to run on first boot OSDNetSettings
  finished: 0x00000000
  Thanks and regards.

  Running SCCM 2007 R2 OSD to add computer account to domain has always been working, until recently after I added Intel 217/218 NIC drivers to the PE boot image.
  The task sequence "Apply Network Settings" runs successfully though. It broke other TS steps too, such as enabling BitLocker, because, I guess, if the computer is not domain-joined, it won't be able to write recovery key to AD. I can use the same
  network account to manually add the computer to domain. This doesn't seem to be a network issue, because the NIC drivers are applied, and software installation in the TS runs with no issue.
  Here's the deployment log:
  ==============================[ OSDNetSettings.exe ]===========================
  Command line: "osdnetsettings.exe" configure Setting %SystemRoot% to "D:\Windows"
  Loading existing answer file "D:\Windows\panther\unattend\unattend.xml"
  Configuring global network settings
  Join type: 0 Joining domain: MyDomainName
  Getting namespace "Microsoft-Windows-UnattendedJoin" for architecture "amd64"
  DNS domain:  DNS domain search order:  IP filter sec enabled: false
  No adapters found in environment. 
  Performing global configuration only.
  Writing configuration information to D:\Windows\panther\unattend\unattend.xml
  Successfully saved configuration information to D:\Windows\panther\unattend\unattend.xml
  Configuring "OSDNetSettings.exe finalize" to run on first boot OSDNetSettings
  finished: 0x00000000
  Thanks and regards.

• Using Poweshell Add-Computer on Script startup

  Is it possible to user Add-Computer in a Startup script in windows2008r2? 
  The script works after the computer has been boot, however when we added into the startup script it fails. 
  Any other way to do this on startup 

  Let me explain a little bit more the question, I know I wasn't clear. 
  I have a EC2 AMI (Amazon Image) which has things preinstalled. Windows instances are created using the image. 
  As part of the image we have some startup script that perform tasks given the instance. As part of this initial setup we want the instance "auto" register to the AD server. 
  Using a powershell script we able to detect whether the instance is part of the domain, if not we added to the domain using Add-Computer. This means that only when the instance is created the script will register to AD, otherwise it will ignore the command. 
  A snipped of the script is:
  if ((gwmi win32_computersystem).partofdomain -eq $true) {
          //DO other things since it is already joined
        }else{
          $username = 'user';
          $domain = 'domain.com';
          $password = 'pass';
          $credential = (New-Object System.Management.Automation.PSCredential ($username, (ConvertTo-SecureString $password -AsPlainText -Force)))
          add-computer -domain $domain -credential $credential -OUPath '#{node["ad"]["ou_string"]}' 
  The script is not the issue. The question is when/where to run the script on startup? 
  Any suggestions? 

• Content of add-ons, except Weatherbug, periodically requiring deletion of all cookies, restart of compute and re-sign in to Google and YahooMail; the links associated with the add-on remain active

  The content of my add-ons, except Weatherbug, periodically disappear. I have to delete all cookies, restart compute and re-sign-in to Google and YahooMail. Everything is fine for a while and then the content of the add-ons goes away again. The links associated with the add-on remains at the top of the now content-vacant boxes and still work. This problem appears to have cropped-up after the last Firefox update.

  To: David Messner,
  As we cannot login we cannot raise a ticket with billing or anything else for azure.
  Have two valid azure subscriptions, one microsoft account (ex-liveid/ex-officelive) and an organisation account (err microsoft office365).
  Cannot access the azure portal!
  Please raise a ticket for my as it is impossible for me to do so, the system is broken, the website workflow is flawed.
  Dave
  ps: cleared cache several times, IE11, does not work from Win 8.1, 8.0 or 7. It is broken totally.
  The only possible advised support is "
  United Kingdom   
          +44   
          (0)844 800 2400
  and believe my that is not a real option. The two times in the past I phoned in I got absolutely nowhere after weeks and the communication just died. Yes, it is that bad.
  Dave Baker | AIDE for LightSwitch | Xpert360 blog | twitter : @xpert360 | Xpert360 website | Opinions are my own. For better forums, remember to mark posts as helpful/answer.

• SharePoint 2013 Workflow (SPD 2013) fails for Active Directory Group members

  Hi
  I have a SharePoint 2013 site called "Team Meetings". There are a number of lists and an InfoPath form library.
  The site's SharePoint Group "Team Meeting Members" has two Active Directory groups (All Club Managers and All Club Police) as members. Those two AD groups contain all the people that I want to have  access to the library and list, except for
  a few additional folk who I have made individual members. 
  My PROBLEM:
  I  have created a SharePoint 2013 Workflow using SPD 2013 associated with the  Form Library. Workflow is set to start on new or modified item. The first action is to write to history list, then determine the status (Submitted or Pending) of
  the form and go to different Stages depending on that status.
  The workflow works perfectly for any user who has been added directly to the SharePoint group (Team Meetings Members) BUT FAILS at the very first action for anyone who is a member of one of the AD groups. I know the Workflow is fine because I've tested it
  with numerous people who are direct members of the SharePoint Group, but whenever a person who is a member of the AD group tries it the Workflow just fails.
  Here's a print of the info from the Workflow Status page (I don't have access to server logs):
  RequestorId: 4494760f-92ff-2e8c-90d2-cc7df0e6baa4. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPRequestGuid":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"request-id":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
  RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Mon, 10 Mar 2014 01:31:42 GMT"],"Server":["Microsoft-IIS\/8.0"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]}
  The HTTP response content could not be read. 'Error while copying content to a stream.'. at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance
  instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor 
  Members of the SharePoint Group "Team Meetings Members" have Contribute Access to both the form library and another list that the workflow writes to as well as the Workflow History list (which in SP 2013 uses the credentials of the
  user who started the workflow, unlike 2010 which used System Account).
  All members of the Team Meetings Members group, whether they are individual members or part of one of the AD groups, have no problems opening and saving forms etc. It's just the Workflow that doesn't like them...
  I am stumped. I've spent many hours searching for a reason for this. There are about 200 people in the two AD groups so I really don't want to have to add them all individually - especially when these groups are managed in AD for a whole bunch of other reasons
  and using the AD groups means I'll basically never have to worry about modifying the SharePoint access permissions.
  Does anyone have any ideas why this is happening and what I can try to fix it?
  Mark

  Hi Lars,
  I'm afraid not so far but we are trying a few things today so I will post back with results.
  First thing we are doing is making the AD Group universal because one of our (external provider) gurus remembers seeing something about that. He also sent me a link to a post where they were talking about earlier
  versions but having similar issues and their solution was to make sure the app pool account has sufficient permissions in AD::
  http://social.msdn.microsoft.com/Forums/sharepoint/en-US/27a547da-5cc0-49d7-8056-6eb40b4c3242/failed-to-start-workflow-access-is-denied-exception-from-hresult-0x80070005-eaccessdenied
  This part of that thread looks interesting but we haven't checked it yet as were trying the universal setting first:
  "If the users participating in the workflows have been added to the SharePoint site via Active Directory groups, SharePoint has to update the user’s security token periodically by connecting to
  the domain controller. By default, the token times out every 24 hours. But if the application pool account did not have the right permissions on the domain controller to update the user’s token, user will keep getting the access denied error. The error was
  intermittent because when the user browsed to any page other than the workflow form, the token was getting updated successfully.
  You can try to fix it through granting the application pool account the appropriate permission by adding the account to the group “Windows Authorization Access Group” in Active Directory."
  I'll update when we try these ideas. If you have any luck please do the same.
  Mark
  (sorry about formatting - using my phone....)
  Mark

• Add Computer Name to Format-Table output?

  I'm trying to run a simple little script to check against all the servers in a specific Active Directory OU.  It just runs a quick WMI check for the account that the services are starting up as.
  I need to add the name of the computer to the output.
  $strFilter = "computer"
  $objDomain = New-Object System.DirectoryServices.DirectoryEntry
  $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
  $objSearcher.SearchRoot = "LDAP://OU=Servers,OU=IT,DC=mydomain,DC=mytld"
  $objSearcher.SearchScope = "Subtree"
  $objSearcher.PageSize = 20
  $objSearcher.Filter = "(objectCategory=$strFilter)"
  $colResults = $objSearcher.FindAll()
  foreach ($i in $colResults)
  $objComputer = $i.GetDirectoryEntry()
  Get-WmiObject win32_service -ComputerName $objComputer.name | where {$_.startname -like '*mydomain*'} | ft name, startname, startmode
  Output is like:
  name startname
  startmode
  MSSQL$GIS mydomain\serviceaccount
  Auto
  SQLAGENT$GIS
  mydomain\serviceaccount
  Auto
  etc

  This is actually faster and eliminates all of the code that you are not using.  Because of the "$obj" I can tell that you copied some very old code.  We don't really do that in PowerShell.
  This is more concise and easier to understand as well as being faster.
  $searcher =[adsisearcher]'objectCategory=computer'
  #$searcher.SearchRoot='LDAP://OU=Servers,OU=IT,DC=mydomain,DC=mytld'
  $searcher.FindAll() |
  ForEach-Object{
  $computer=$_.Properties['name'][0]
  Get-WmiObject win32_service -ComputerName $computer -Filter "startname like '%TESTNET%'"
  } |
  ft PsComputerName, name, startname, startmode
  ¯\_(ツ)_/¯

• How to add outcome to activity step

  Hello everyone. Does anyone know how to add a possible outcome to an activity step that is not of type user decision? I know this is possible as I have seen workflows like this. Please help. Generous points will be awarded!

  Hi,
  I don't think OO does result parameters. To be honest, I've never really liked them due to the way that the outcome definition is so far removed from WF. This makes it easy for someone to change the domain without updating the WF and mess things up. There's no simple "where used" that tells an ABAPer about such usage in WF.
  So just bind back a value and check it in a separate condition step. Or use exception classes. If they are subclasses of CX_BO_ERROR they will automatically appear as outcomes. Which way you choose is a matter of semantics - if the results are 'nonstandard' situations then they could be exceptions. If it's a set of choices then a condition will do. There's no major performance hit for a condition or container operation step.
  Hope that helps,
  Mike

• Add computer to Acrobat subscription

  My Acrobat subscription allows up to 2 machines.  I want to add a 2nd machine.  How do I go about downloading, activating etc on 2nd machine.

  Bigwood you would use the same process as was used on the first computer.  For more details please see Install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html.

• SPD 2010 Workflow "Collect Data From User" activity + Multi User selection

  Creating a SPD 2010 workflow. Trying to do something that I think should be simple.
  Use a “Collect Data From a User” activity to collect 0 to many “people” that should be affiliated with a piece of content (Discussion).
  After the assigned user completes the task (and after ensuring that there have actually been people associated from the task) I want to take the “people” from the Task list item and move them over to a field on the core Discussion item,
  that is also setup as a Person/Group field (allowing multiple).
  I have tried using both the “Set Field in Current Item” and “Update List Item” activities to map the data over (pulling from the Task item) and in both cases tried using every combination of “Return field as”
  values to do the mapping (i.e. ‘String’, ‘Display Names, Semicolon Delimited’, ‘User Ids, Semicolon Delimited’, etc). In some cases I get vague errors about not being able to do mapping (I get it), in others, it sets the
  data, but only to the first user entered in the Task’s instance of the field.
  After researching a bit, I find that the task from which I am pulling the data only contains one value, eventhough when I submitted the InfoPath form for the task, it accepted my data entry of two
  different users. So I think somewhere between the data entry into the custom task's infopath form, and the update of the same data field in the Task list, the value is being lost.
  I am sure this would be trivial with a custom activity, but we are exploring OOB ways of doing things and I have to imagine this is possible.
  Am I missing something here? This seems “buggy”…
  I am able to repro this in two different environments, using an out-of-box Discussion Board on an out-of-box Team Site.  If it matters Claims Based Auth against Windows only...
  TIA!
  Brian McCullough

  Hi brianpmccullough,
  Collect Data from a user action can only use to collect data from one user, and if you need to collect data from one than one user, please use “Assign
  a Form to a Group” instead, then it will create separate task for each user.
  And if we need to update a user and group field which with multiple selections enabled, we can only use lookup field to get only the one user. And
  to add multiple users to this field, we can only use String Builder, type the user account directly or get information from multiple fields.
  Best regards
  Emir Liu
  TechNet Community Support

• Workflow not going to next activity

  Hi Experts,
  It seems like my Workflow is going into the self loop, i.e instead of proceeding to the next level it is calling first activity againa and adding same approvers.
  The systems behaviour is as below
  1. Level 1 - Prescript could add approvers successfully
  2. Level 1 Approvers received email to approve
  3. Level 1 Approver approves the request
  4 Workflow is again adding Level 1 approvers again and send emails to the same set of level 1 approvers.
  After looking at the logs, it is clear that, the flow is not going to the 'pre-script' of level 2.
  Any idea?
  Cheers
  Yogesh

  Thanks Baski,
  Yes, It was the xpdl issue. What I tried to do is, I opened the XPDL created in the together 1.1 version in the together 4.1 version. And tried to recttify some errors.
  After rectifying errors, the XPDL was looking ok in the viewer,but it seems it had some missing elements.
  Somehow I could manage to get the together 1.1 version and created the XPDL again and it stared working fine.
  Thanks
  Yogesh