You are here:   Research
  |  Login

Welcome to my blog, quickest way to find articles is usually to search for them.

Minimize
Search in All Title Contents
 
     

ADSI plugin for WinPE 5.0

Dec 05 2013

Back in 2005 I wrote my first ADSI for plugin WinPE (WinPE 2005 or v1.6), and per request I have since then updated it for every WinPE release... This is the release for WinPE 5.0 (part of ADK 8.1).

Note: I don't recommend using ADSI in WinPE. It's not supported by Microsoft, and this release is only intended to support existing solutions using it. Instead you really should use web services to interact with Active Directory from WinPE. Check out https://prettygoodfrontend.codeplex.com for ready-made web services for Active Directory, including source code.

Update 2014-04-08: You can also import this plugin as a driver to MDT (using Out-Of-Box Drivers), thanks bseifert55 for the tip. So it's automatically being added when updating the boot image.

WinPE 5.0 ADSI Plugin download

Detailed installation instructions can be found in the archive Readme.txt file.

Previous ADSI Plugin releases are found on the following links:

WinPE 4.0 ADSI Plugin
http://www.deploymentresearch.com/Research/tabid/62/EntryId/74/ADSI-plugin-for-WinPE-4-0.aspx

WinPE 3.0 ADSI Plugin
http://www.deployvista.com/Repository/tabid/71/EntryId/60/DMXModule/396/language/sv-SE/Default.aspx

WinPE 2.0 ADSI Plugin
http://www.deployvista.com/Repository/WindowsPE20/tabid/73/language/sv-SE/Default.aspx

WinPE 1.6 ADSI Plugin
http://www.myitforum.com/articles/2/view.asp?id=8810

Additional Info

image

 

Note: If your domain controllers are running Windows Server 2012 or Windows Server 2012 R2, the ADSI connection (which is using NTLM) may be restricted (default configuration). If NTLM is restricted, you get the following error when trying to run the built-in sample script (Connect_to_DC_Sample.vbs): Active Directory: The server is not operational

Workaround: You can relax (and audit) the settings for NTLM, by configuring a group policy that sets the following:

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers = Audit All
Network security: Restrict NTLM: Audit NTLM authentication in this domain = Enable all
Network security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable auditing for all accounts

image

In addition to allowing the traffic, you can then see the audit logs in the Event Viewer (Event Viewer (Local)\Applications And Services Logs\Microsoft\Windows\NTLM\Operational)

image

 

Happy Deployment,
/Johan








Happy deployment, and thanks for reading!
/ The Deployment Research team



Ami Casto

Johan Arwidmark

Blog Archive

Minimize