-
Notifications
You must be signed in to change notification settings - Fork 0
/
SCCM - Create AD Containers.ps1
67 lines (59 loc) · 2.29 KB
/
SCCM - Create AD Containers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#Requires -version 2.0
# ***************************************************************************
#
# File: SystemManagement.ps1
#
# Version: 1.0
#
# Author: Michael Niehaus
#
# Purpose: Create the AD "System Management" container needed for
# ConfigMgr 2007 and 2012, and grant access to the current
# computer account.
#
# This requires PowerShell 2.0 and Windows Server 2008 R2.
#
# Usage: Run this script as a domain administrator, from the ConfigMgr
# server. No parameters are required.
#
# ------------- DISCLAIMER -------------------------------------------------
# This script code is provided as is with no guarantee or waranty concerning
# the usability or impact on systems and may be used, distributed, and
# modified in any way provided the parties agree and acknowledge the
# Microsoft or Microsoft Partners have neither accountabilty or
# responsibility for results produced by use of this script.
#
# Microsoft will not provide any support through any means.
# ------------- DISCLAIMER -------------------------------------------------
#
# ***************************************************************************
$SCCMServer = "sccmserver01"
# Load the AD module
Import-Module ActiveDirectory
# Figure out our domain
$root = (Get-ADRootDSE).defaultNamingContext
# Get or create the System Management container
$ou = $null
try
{
$ou = Get-ADObject "CN=System Management,CN=System,$root"
}
catch
{
Write-Verbose "System Management container does not currently exist."
}
if ($ou -eq $null)
{
$ou = New-ADObject -Type Container -name "System Management" -Path "CN=System,$root" -Passthru
}
# Get the current ACL for the OU
$acl = get-acl "ad:CN=System Management,CN=System,$root"
# Get the computer's SID
#$computer = get-adcomputer $env:ComputerName
$Computer = get-adcomputer $SCCMServer
$sid = [System.Security.Principal.SecurityIdentifier] $computer.SID
# Create a new access control entry to allow access to the OU
$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $sid, "GenericAll", "Allow", "All"
# Add the ACE to the ACL, then set the ACL to save the changes
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"