Category Archives: Orchestrator

Move a computer to a different OU within a ConfigMgr 2012 SP1 Task Sequence. #yam

In the past we used a vbs-script in a ConfigMgr Task Sequence to detect if a computer was already added to the Active Directory. If it was detected in Active Directory it was moved to a OU with less policies. In this example I will create a System Center Orchestrator (SCOrch) Runbook which will detect if a computer is already an Active Directory member, and if so it will be moved to another predefined OU.


  • A System Center Configuration Manager 2012 SP1 infrastructure.
  • A System Center Orchestrator 2012 installation.
  • The Microsoft Deployment Toolkit 2012 Update 1 integration.
  • The Active Directory Integration Pack.
  • A Nework Access Account which has “Orchestrator User” credentials.
  • An AD service account with at least Account Operators credentials.

Configure the Active Directory Integration Pack

  • Start the System Center 2012 Orchestrator Runbook Designer.
  • Go to Options and change the SCORCH Dev – Active Directory Prerequisite Configuration.
  • Click on Add and type a Name
  • fill in the UserName, Password and the Domain name of the AD Account with Account Operators credentials
  • Click Finish.

Create a new Runbook

  • Start the System Center 2012 Orchestrator Runbook Designer
  • Create a new Runbook and rename it to ConfigMgr-TS-MoveComputerToDeploy
  • Add Initialize Data
  • Add Get Object DistiguishedName
  • Add Move AD Object
  • Create two links,
    • one between Initialize Data and Get Object Distiguished Name and
    • one between Get Object Distinguished Name and Move AD Object.
  • Open the Initialize Data Properties and click on Add.
  • Dubbelclick the Parameter 1 Activity data and change the name to Computer Name.
  • Click on Finish.
  • Open the Get Object DistinguishedName Properties.
  • Select the AD Connection Credentials under the Configuration Name properties.
  • type the DomainName.
  • Right click the field next to the Object Name Properties and select Subscribe > Published Data and select the Computer Name Activity.
  • Select computer from the drop down box under the Object Class
  • Click Finsih.
  • Open the Move AD Object Properties
  • Select the AD Connection Credentials under the Configuration Name properties.
  • Right click the field next to the Source Object LDAP Path and select Subscribe > Published Data
  •  In the Published Data, select Get Object DistinguishedName, and then select Object_LDAP_Path.
  • Click OK.
  • Right click the white field next to the Destination Container OU LDAP Path
  • And fill in the LDAP path of the Destination OU. It should look something like this: LDAP://OU=Deploy,OU=SUBOU,OU=SUBOU,DC=value,DC=kamman,DC=info
  • Click Finish.

Test de Runbook

  • Start the Runbook Tester.
  • Type the name of a machine which is a Active Directory member.
  • Step through the runbook and see if the log gifs you any errors.
  • If no errors are displayed Check In this new Runbook.

Add the Runbook to the Configuration Manager Task Sequence

  • Start the System Center 2012 Configuration Manager console
  • Go to Software Library | Operating Systems | Task Sequences
  • Create a new or edit an existing Task Sequence.
  • Add the MDT 2012 Deployment Toolkit Package to the task sequence.
  • Add the MDT/Execute Runbook step and fill in the Name, Orchestrator Server and Browse to the Runbook Move Computer.
  • Select Specify explicit runbook parameters and type next to Computer Name the variable %_SMSTSMachineName%.
  • Click Apply.