I have a powershell script that we use during a Microsoft SCCM PXE task sequence for naming a PC. It worked flawlessly until a recent upgrade to SCCM 2012 R2 by the primary server admin.
Now when the code runs search if a user is in a specified AD group needed to complete the PXE build it gives this COM error
Exception calling "FindAll" with "0" argument(s): "Unknown error (0x80005000)"
At X:\Windows\System32\OSD\x86_PXE.ps1:202 char:1
+ $colResults = $objSearcher.FindAll() # Finds all items that match search and put ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : COMException
I have searched far and wide to try and solve this. It seems like a .Net error but I have been unsuccessful in resolving it.
Below is the relevant code. Note that this is being ran in Windows PE that is included with SCCM 2012 R2 as well as the current Windows ADK. It is most likely going to work just fine on a normal PC as it does on mine.
Things to note, you will need to change to match you environments
function get-humadcreds {
$global:creds = get-credential -message "Please authenticate to Domain"
$global:UserName = $creds.username
$global:encPassword = $creds.password
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encpassword)) # Converts secure string to plain text
$Domain = #Domain
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ct,$Domain
$authed = $pc.ValidateCredentials($UserName,$Password)
# Recursively requests credentials if authorization fails
if ($authed -eq $false) {
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show("Authentication failed - please retry!")
get-humadcreds
}
}
get-humadcreds # Gets AD credentials from user
###Provisioning Authentication
$strFilter = "(&(objectCategory=user)(SAMACCOUNTNAME=$global:UserName)(|(Memberof=cn=,OU=Delegation,OU=,dc=,dc=,dc=)))" # Filter for searching
$decodedpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encpassword)) # Decoded password from AD Auth
$objOU = New-Object System.DirectoryServices.DirectoryEntry("LDAP://server/OU=,dc=,dc=,dc=",$global:username,$decodedpassword) # Authentication must specify domain controller
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objOU # Starts search in this OU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter # Applies filter to search
$objSearcher.SearchScope = "Subtree"
$colProplist = "name"
$isInProvGroup = $False # Defaults value to false.
echo $objSearcher >> X:\Windows\System32\OSD\results.txt
$colResults = $objSearcher.FindAll() # Finds all items that match search and puts them in array $colResults
echo $colResults
foreach ($objResult in $colResults){
$isInProvGroup=$True #If user is in a group to add PCs (if $colResults is not empty), result will be true
}
echo $isInProvGroup
PE OS Verson 6.3.9600.16384
Welp.. found my answer, fixed it Aug 11th. Reddit thread.
Previously in SCCM 2012 prior to R2 the boot image was a Windows 8 PE4 image in which we had to integrated ADSI back into to using a version of it written by Johan Arwidmark. This can be found here for reference.
This time around after the R2 update and subsequently the forced upgrade of the boot images to 8.1 PE5 since no prior boot images would boot from PXE we had to add ADSI back in again this time from here. Previously and this time it was done through the configuration manager under drivers, its added as a driver with its required files and is added as a driver component into the boot.wim but in reality after digging for quite some time I found that it wasn't actually adding the needed dll files into the image even though the operation returned successful.
What I ended up doing was manually mounting the wim file on my PC with DISM, adding the driver from a folder, allowing unsigned ones to be installed. then manually verified the dlls were put into place in the mounted System32 folder. After I did that I was able to unmount the wim committing changes, replace the boot wim used by the server, distribute content and test it. Which was successful.
Just as a reference, the required files are listed below and are also in the readme's. In my case they had to come from a Windows 8.1 32bit install. If going for 64bit they have to come from a computer or image with Windows 8.1 64bit