-
Notifications
You must be signed in to change notification settings - Fork 2
/
PrepDeploy.ps1
238 lines (215 loc) · 7.87 KB
/
PrepDeploy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
<#
.Synopsis
Removes a computer from AD and SCCM, if desired.
.Description
Passing the -Destroy flag creates a text file with the groups the computer object was a member of and then removes the object from both AD and SCCM. Passing the -Redeploy flag creates a text file with the groups the computer object was a member of and then deletes the object only from AD.
.Example
PrepDeploy.ps1 bulbasaur -Destroy
Succesful output will be:
Searching for bulbasaur in Active Directory... Success!
Retrieving current group membership... Success!
Storing group membership... Success!
Removing from Active Directory... Success!
Removing from SCCM... Success!
.Example
PrepDeploy.ps1 bulbasaur -Redeploy
Succesful output will be:
Searching for bulbasaur in Active Directory... Success!
Retrieving current group membership... Success!
Storing group membership... Success!
Removing from Active Directory... Success!
#>
param(
[Parameter(Mandatory=$true)][String] $CompName,
[switch]$Destroy,
[switch]$Redeploy
)
$Is64Bit = $false
Import-Module ActiveDirectory
## Only import this module if the shell is 32-bit
if ([IntPtr]::size -eq 4) {
Import-Module "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"
} else{
$Is64Bit = $true
}
$SCCMServer = "Itzamna"
$epoServer="https://asgard:8443"
$SiteName = "KAT"
$LogFilePath = "\\idunn\installedsoftware\groups"
$Success = 'Write-Host -ForegroundColor Green "Success!"'
$Failed = 'Write-Host -ForegroundColor Red "Failed!"'
## Test whether the current shell is 64-bit or 32-bit.
## Test the size of an Int Pointer for backwards compatability
function test-32Bit{
if ([IntPtr]::size -eq 4){
return $true
} else{
return $false
}
}
## This function tests if the computer exsists in Active Directory.
## If the computer exists then it will return the computer object.
## If the computer doesn't exist in Active Directory then the function returns $null.
function test-ADComp{
Write-Host -NoNewline "Searching for $CompName in Active Directory... "
try{
$ComputerObject = Get-ADComputer $CompName
invoke-expression $Success
}catch{
$ComputerObject = $NULL
Write-Host -ForegroundColor Red "Doesn't Exist"
}
return $ComputerObject
}
## This function stores list of AD groups in a text file to a specified location.
## Inputs: It takes an object with the list of AD groups.
## Outputs: Stores the list to a text file.
function store-GroupMembership{
param(
[object]$Groups
)
Write-Host -NoNewline "Storing group membership... "
try {
$Groups | Sort-Object | Select-Object -ExpandProperty Name | Out-File "$LogFilePath\$CompName.txt" -Encoding ASCII -Force
Invoke-Expression $Success
} catch {
Invoke-Expression $Failed
}
}
## This function retrieves what AD groups the computer is a member of.
## Input: AD Computer object.
## Output: Calls store-GroupMembership to store the group list.
function get-GroupMembership{
param(
[object]$computerobject = $null
)
Write-Host -NoNewline "Retrieving current group membership... "
try{
$Groups = Get-ADPrincipalGroupMembership ($ComputerObject.DistinguishedName)
Invoke-Expression $Success
store-GroupMembership $Groups
}catch{
Write-Host -ForegroundColor Red "Couldn't Get Group Membersheip"
Write-Host -ForegroundColor Red "Exiting Script."
}
}
## This function deletes the computer from AD.
## Input: AD Computer Object
## Output: Will out Success and Failed.
function remove-ComputerAD{
param(
[object]$ComputerObject
)
## Used to see if the computer is a VM or not.
$filter = "(&(objectClass=serviceConnectionPoint)(CN=Windows Virtual Machine))"
$isVM = Get-ADObject –LDAPFilter $filter | select -ExpandProperty Distinguishedname | where{$_ -match $CompName}
## Start the deleteing processes.
Write-Host -NoNewline "Removing from Active Directory... "
if($isVM -eq $null){
try{
Remove-ADObject -Identity ($ComputerObject.DistinguishedName) -Confirm:$false
Invoke-Expression $Success
}catch{
Invoke-Expression $Failed
}
}else{
try{
Remove-ADObject -Identity ("CN=Windows Virtual Machine," + $ComputerObject.DistinguishedName) -Confirm:$false
Invoke-Expression $Success
}catch{
Invoke-Expression $Failed
}
}
}
## This Function deletes the computer from SCCM
function remove-ComputerSCCM{
Write-Host -NoNewline "Removing from SCCM... "
try {
# Find all instances (even 'Obselete' and non-'Active' instances)
# of the computer in SCCM's database.
$ResourceID = Get-WmiObject -ComputerName $SCCMServer `
-Query "SELECT ResourceID FROM SMS_R_System WHERE Name LIKE `'$CompName`'" `
-Namespace "root\sms\site_$SiteName"
# Delete each object.
if ($ResourceID -ne $null)
{
$ResourceID | ForEach-Object {
$CompResource = [wmi]$_.__PATH
$CompResource.psbase.delete()
}
Invoke-Expression $Success
}
else
{
Write-Host -ForegroundColor Red "Doesn't Exist"
}
}catch{
Invoke-Expression $failed
}
}
#This function removes the computer object from the ePo sever
#Many thanks to the people here https://community.mcafee.com/thread/42284
#whose code is a very big influence on the code in this function
function remove-ePo{
#Allows server certificate validation
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$passed = $false
while ($passed -eq $false) {
#Asks for ePo credentials and saves as variables
$Credential=Get-Credential -Message "Enter ePO Credentials:"
$epoUser=$Credential.GetNetworkCredential().username
$epoPassword=$Credential.GetNetworkCredential().password
#Creates WebClient to pass commands through
$wc=new-object System.net.WebClient
$wc.Credentials = new-object System.Net.NetworkCredential -ArgumentList ($epoUser, $epoPassword)
#Passes the computer name to the delete command, loops if credentials are entered incorrectly
$passed = $true
try {
$wc.DownloadString("$epoServer/remote/system.delete?names=$CompName")
}
catch [system.management.automation.methodinvocationexception] {
$error[0]
Write-Host "Username or password incorrect"
$passed = $false
}
}
}
#This function clears the Required PXE Deployments on the Computer object
#in SCCM, so that it can initiate a new task sequence deployment.
function clear-PXE{
& $env:systemroot\SysWOW64\WindowsPowerShell\v1.0\powershell.exe `
"Import-Module 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'; `
Push-Location ${SiteName}:; `
Clear-CMPxeDeployment -DeviceName $CompName; `
Pop-Location;"
}
if (($Destroy -eq $True) -and ($Redeploy -eq $True))
{
Write-Host -ForegroundColor Red "Both Destroy and Redeploy can't be selected together, please select only one."
}
elseif ($Destroy -eq $True)
{
$ADObject = test-ADComp $CompName
if($ADObject -ne $null){
get-GroupMembership $ADObject
remove-ComputerAD $ADObject
}
remove-ComputerSCCM;
remove-epo
}
elseif ($Redeploy -eq $True)
{
$ADObject = test-ADComp $CompName
if($ADObject -ne $null){
get-GroupMembership $ADObject
remove-ComputerAD $ADObject
clear-PXE
}
remove-ePo
}
else
{
Write-Host -ForegroundColor Red "Please specify flag:"
Write-Host -ForegroundColor Red "-Destroy if you want to delete from AD and SCCM"
Write-Host -ForegroundColor Red "-Redeploy if you want to delete from AD only"
}