If you are like me and use "All Unknown Computers" to deploy your OSD to you will also be fairly familiar of making sure you have cleared an object from the SCCM Database before trying to re-image, otherwise ... well its not Unknown now is it?
Typically this would involve a tech opening AD searching for the computer and removing it, then opening the SCCM console and doing the same. I have spent some time adding to a tool i previously released , adding many more functions.
I have expanded the tool and added further features which
allows you to
- Remove AD Objects
- Remove SCCM Objects
- Remove both SCCM/AD objects
- View LAPS (Local Admin Password)
- View additional machine details
- Remote control
Download Tool - if LAPS is deployed in your environment
Requirements of Tool.
2. Tool will need to be launched with credentials sufficient for the functions you plan to use. ( Tool doesn't prompt for credentials)
Under the hood.
The "Remove Objects" tool is written in PowerShell and compiled. The tool essentially looks at all computer objects (taken from settings file), does a lookup in AD for these objects, then scans your SCCM instance for the same name. It will then merge all the information together.
Settings for your environment are referenced in the file "settings.xml"
Settings.XML
SCCMServer:
Location of SCCM instance
SearchBase: the root location for workstations (in format of DistinguishedName)
SCCMSite: your SCCM Site Code
SystemOUName: Same path as SearchBase , but in the format of CanocialName
CMRCViewer: Location of the SCCM Remote control viewer files - see below for more info
Spaces in the search base should be accepted without worry.
Ensure that you set these values to match your environment. The settings file MUST reside in the same root folder as the Remove Objects executable, if not you will see this error.
Logging
You will get an output file stored in the same location as the executable, this will be recreated each time the "search/filter" button is used, this is used in case you face issues with objects not being found.
Remote Control
The Remove Objects tool has the ability to remote control a workstation. Remote control is issued through CmRcViewer. CmRcViewer is installed locally when you have the SCCM Console installed on your machine. To avoid installing the full SCCM console on every machine you with to run "Remove Objects" you can copy these files to each machine. The files required for remote viewing are seen in the screenshot below:
I have provided a "InstallRemote.cmd" which would copy these files to the default path in C:\Program Files (x86)\ConfigMgrConsole\bin\i386 . I haven't included the actual remote control files in my download as these are copyrighted.
Usage.
When the tool launches, you will see the following, press
Search/Filter to list objects
(Note: If you dont have LAPS deployed, script will still work but you will not see the column for it)
When search is complete, you will be presented with all
objects. The Data source for the objects listed is as follows:
Name: Active Directory
Description: Active Directory
Operating System: Active Directory
IPV4Address: SCCM
Enabled: Active Directory
LAPS Password: Active Directory
MAC Address: SCCM
SCCMResourceID: SCCM
You
can search/filter off any value, for example, name.
The function controls are self-explanatory. All functions
(except remote) will prompt for confirmation. All cells can be copied to
clipboard.
NB. To perform any function, you must highlight
the computer name from the NAME column.
All options chosen will prompt for confirmation, except for "Remote Control".
Remote Control: This uses CmRcViewer.exe which is either
a. Bundled when installing the SCCM Console
b. Installed from the InstallRemote.cmd as mentioned earlier.
Remove AD Object: Removes AD Object
Remove
SCCM Object:
Removes SCCM Object
Remove SCCM/AD Object: Removes SCCM and AD Object – This is the default function you should use to clear a machine for reimaging.
Cells highlighted in yellow indicate that a computers SCCM resource ID
has been removed or not found. This would happen if you were to use the "Remove from SCCM" option only.
Note, your SystemOUName variable should be the root location for your workstations, if your system OU name doesnt match your searchbase, items will be shown as yellow , as they cannot be matched against the same computer names in AD.
The lookup code that manages this is: $sccmQuery = get-wmiobject -query "select * from SMS_R_SYSTEM WHERE Name like '%' " -computername $sccmserver -namespace "ROOT\SMS\site_$sccmsite" | Where-Object { $_.SystemOUName -contains $SystemOUName }
This code exists to ensure that you dont return other SCCM objects such as servers or mobile devices.
A block of code will run for each computer loaded that will check that each AD Hostname has a matching record in the above lookup code, if the Hostname is not found, the row will be shown as yellow.
Code for that lookup is :
if ($datagridviewResults.Rows[$i].Cells['SCCMResourceID'].Value -eq $null)
{
$row.defaultcellstyle.backcolor = 'yellow'
}
Limitations.
In further releases i will include a settings option to either use SCCM remote control OR Microsoft Remote Assistance.
Because the tool scans AD then matches the host names of computers to their object names in SCCM, machines that have been removed from AD and still exist in SCCM will not be shown.
Disclaimer.
Be sure to read the "readme" file in the download package for all T's and C's. All efforts have been put into testing this application.
Full code can be viewed
here - Note this is created with PS studio therefore all object controls are held separately, if you would like the full code export with object controls, let me know.