I am looking for an automated solution to a Windows 7 "rebuild" problem and here is the story:

We periodically have computer hard disk failures and the machines will be rebuilt on a new hard disk at the build center using the model-specific hardware "carcass". Once the hard disk is built, it will be sent over to the affected user and a field engineer will swap the hard disks onsite and do the domain join work and anything else necessary so as to have the old computer name back.

To explain this further, say if the computer which had a hard disk failure is 123 (i.e. the computer name), we build a new Windows 7 machine on a new hard disk with the computer name as 123X. Once this machine is fully built, we need to delete the old 123 account from the AD and rename the newly built 123X to 123 (and do the domain re-join etc...).

However, the requirement is that the old 123 computer account should still stay in the domain for some time after the new machine is built (i.e. for data recovery/bit locker operations purposes if needed) which means we do not ideally want to delete the old 123 computer account on the AD immediately, instead, we want to rename it as 123XY even though the old 123 computer is no longer physically active.

Is this technically possible? If so, can it be automated as part of SCCM OSD TS?

Hope I have not introduced too much of confusion. The problem has been reported by the build team and they have asked me to come up with an automated solution and I have tried to explain the problem above to the extent I have understood it. Currently what they do is before deleting the computer account 123 from the AD, they back up its bitlocker recovery key information manually in order to use it later on should the need arise.

Thanks in advance.

Hi,

You would have to write a custom script that checks if the computername already exists and rename it in that case there is no bultin feature for it. The biggest issue would be when this should be done or not, you don't want to rename all computers you reinstall if I am not mistaking so you need to have that as a variable or something that you can detect that it should rename it.

Regards,
Jrgen

Thanks.

When you say rename the computer account in the AD through custom script, how exactly it can be done given the original machine is no longer active?

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Hi Garth,

Owing to the complexity it would have introduced into the build process to differently process new builds/rebuilds/hard disk replacement etc. we ended up ditching that option, instead went for a PowerShell scheduled task which runs every week and dumps the bitlocker recovery info into a super-secret location :)

Below is the script if you are interested....

#Tweak the below line to point to the OU in your AD org where all the bitlockered computer objects reside
#It will run recursively against all sub-OUs.

$SearchBase = "ou=workstations,dc=contoso,dc=ad,dc=local"; 

#check if the output folder exists;Create it if it doesn't

If ((Test-Path -path "$(Split-Path $SCRIPT:MyInvocation.MyCommand.Path -parent)\Reports" -PathType Container) -eq $false) {
 
  New-Item -path (Split-Path $SCRIPT:MyInvocation.MyCommand.Path -parent) -name 'Reports' -itemtype directory | Out-Null;
  
}

#set up the output csv name. An example output csv name will be BLR_15032015_Sunday.csv

$OutputCSV = "$(Split-Path $SCRIPT:MyInvocation.MyCommand.Path -parent)\Reports\BLR_$(Get-Date -format "ddMMyyyy")_$((Get-Date).DayOfWeek).csv"

Get-ADComputer -filter * -SearchBase $SearchBase -SearchScope Subtree -ResultSetSize $null -ErrorAction SilentlyContinue | Foreach-Object { 

                                $Compname=$_.name;
                                Get-ADObject -Filter 'ObjectClass -eq "msFVE-RecoveryInformation"' -SearchBase $_.DistinguishedName -Properties created,name,msFVE-RecoveryPassword -ResultSetSize $null -ErrorAction SilentlyContinue | 
                                
                                        Select-Object @{Name="Computer Name";Expression={$Compname}},
                                                      @{Name="Date Added";Expression={$_.created}},
                                                      @{Name="Password ID";Expression={$_.name -match '\{.+\}' | Out-Null;($matches[0]).Trim();}},
                                                      @{Name="Recovery Password";Expression={$_."msFVE-RecoveryPassword"}}
                                          
             } | Sort-Object -Property @{Expression="Computer Name";Descending=$false},@{Expression="Date Added";Descending=$true} | Export-CSV  -force -Path $OutputCSV -NoTypeInformation

Probably not what you would have been hoping for but it has worked really well for us in the last 6 months and there has never been a lost bitlocker key related incidence escalated by the customer as we always have the backup reports to go back to.

Apologies, it was impolite of me not to update this thread clarifying what I ended up doing.

• Edited by Steve DSouza 11 hours 17 minutes ago