ADSI plugin for WinPE 5.0

Back in 2005 I wrote my first ADSI for plugin WinPE (WinPE 2005 or v1.6), and per request I have since then updated it for every WinPE release… This is the release for WinPE 5.0 (part of ADK 8.1).

Note: I don't recommend using ADSI in WinPE. It's not supported by Microsoft, and this release is only intended to support existing solutions using it. Instead you really should use web services to interact with Active Directory from WinPE. Check out http://prettygoodfrontend.codeplex.com for ready-made web services for Active Directory, including source code.

Update 2014-04-08: You can also import this plugin as a driver to MDT (using Out-Of-Box Drivers), thanks bseifert55 for the tip. So it's automatically being added when updating the boot image.

WinPE 5.0 ADSI Plugin download

Detailed installation instructions can be found in the archive Readme.txt file.

WinPE 4.0 ADSI Plugin
https://deploymentresearch.com/Research/tabid/62/EntryId/74/ADSI-plugin-for-WinPE-4-0.aspx

WinPE 3.0 ADSI Plugin
http://www.deployvista.com/Repository/tabid/71/EntryId/60/DMXModule/396/language/sv-SE/Default.aspx

WinPE 2.0 ADSI Plugin
http://www.deployvista.com/Repository/WindowsPE20/tabid/73/language/sv-SE/Default.aspx

WinPE 1.6 ADSI Plugin
http://www.myitforum.com/articles/2/view.asp?id=8810

Additional Info

image

Note: If your domain controllers are running Windows Server 2012 or Windows Server 2012 R2, the ADSI connection (which is using NTLM) may be restricted (default configuration). If NTLM is restricted, you get the following error when trying to run the built-in sample script (Connect_to_DC_Sample.vbs): Active Directory: The server is not operational

Workaround: You can relax (and audit) the settings for NTLM, by configuring a group policy that sets the following:

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers = Audit All
Network security: Restrict NTLM: Audit NTLM authentication in this domain = Enable all
Network security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable auditing for all accounts

image

In addition to allowing the traffic, you can then see the audit logs in the Event Viewer (Event Viewer (Local)/Applications And Services Logs/Microsoft/Windows/NTLM/Operational)

image

Happy Deployment,
/Johan

About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
18 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Finbom
Finbom
8 years ago

Hello Johan,Thanks for the reply. I did try the dll-files from both a "RTM 8.1 x64" AND a "8.1 with Update x64" but it failed.But I uninstalled the ADK and downloaded an older version of ADK and then it worked! 🙂I first had ADK 8.59.25584 and that failed.But with ADK release 8.100.26866 It worked fine! Thanks for nice support and all great help you provide. ps, I'd love to use web services and will take time to work with that, someday. 🙂After all, the ADSI support is working very perfect and we use it to AD-authenticate that the Client operator… Read more »

Finbom
Finbom
8 years ago

Hello Johan,Thanks for the reply. I did try the dll-files from both a "RTM 8.1 x64" AND a "8.1 with Update x64" but it failed.But I uninstalled the ADK and downloaded an older version of ADK and then it worked! 🙂I first had ADK 8.59.25584 and that failed.But with ADK release 8.100.26866 It worked fine! Thanks for nice support and all great help you provide. ps, I'd love to use web services and will take time to work with that, someday. 🙂After all, the ADSI support is working very perfect and we use it to AD-authenticate that the Client operator… Read more »

Admin
Admin
8 years ago

Make sure you got the binaries from a x64 Windows 8.1 for the x64 boot image. If it still fails contact me offline, and I'll try to help (contact info is on the about page).

And please use webservices instead of ADSI 🙂

/ Johan

Finbom
Finbom
8 years ago

Hi Johan, I have been using the previous ADSI-plugin for many years for WInPE 3.0 and now we are moving to SCCM2012.We are in the situation that we need to both a 32 and 64-bit WinPE.I had no issues with getting x86 into the x86-image. (I imported the driver into the console and added it through the GUI. Great!) But I cannot install the 64-bit driver into my 64-bit image. And I even tried to create a new PE by using your default cmd-file.(I have taken the ddll's from a "Windows 8.1 with update Enterprise" installation) But it fails with… Read more »

Admin
Admin
8 years ago

Sorry nope. If you want to sign it you need to get a cert from digicert, costs approx 200 USD per / year.

/ Johan

nathanjohnsoniii
nathanjohnsoniii
8 years ago

Hello-

Any chance we can get the plug in as a signed driver so we can get SCCM to add it as a driver to our PE boot image automatically?

Admin
Admin
9 years ago

Haven't tried in WinPE 5.1, in general you don't need that version.

You may have to use files from a Windows 8.1 Update, or just make sure you have the right x86/x64 version of the dll's.

/ Johan

jer393
jer393
9 years ago

Hello,

I was wondering if anyone has tried the ADSI plugin with WinPE 5.1 instead of WinPE 5.0. Whenever I tried running a script from a WinPE 5.1 instance that attempts to connect to AD, I received a message indicating that x:windowssyste32adsldp.dll is either not designed to run on Windows or it contains an error. I copied the dll's out of the system32 directory on a Windows 8.1 computer.

Any help is greatly appreciated.

Regards,

Jason

Admin
Admin
9 years ago

You need to copy files with the correct architecture, as well as modify the sample script to fit your environment.

Send me an email, and I can help you offline. You find contact info on the About page.

/ Johan

prtkdv
prtkdv
9 years ago

I have copied all 6 DLLs from Windows 8.1 C:WindowsSystem32 but couldn't run the vb script to connect DC. X:WindowsSystem32adsldp.dll is either not designed to run on Windows or it contains error. Any suggestions. I have tried copying 6 dlls from C:Windowssystem32 to C:PluginsADSIx86. and C:WindowsSysWOW64 to C:PluginsADSIx64. But no luck so far.

Admin
Admin
9 years ago

Thanks, will update the post with that info…

/ Johan

bseifert55
bseifert55
9 years ago

Thank you Johan for creating this plugin! I was having issues with our MDT task sequences randomly stopping/rebooting the workstation in the post install phase. I determined it was due to the PC sitting in an AD OU (from it's previous deployment) with some restrictive GPO's. We have an in house application that performs the AD OU moves, but it wasn't working in WinPE due to the lack of ADSI support. I was able to take your ADSIx86.inf and the 6 required DLL's and put them all in an "Out-of-box Drivers" folder. Then I added the new folder to the… Read more »

bsz_yrdsb
bsz_yrdsb
9 years ago

Thanks Johan.

I sent a message yesterday, so hopefully you'll be able to shed some light onto this.

bsz_yrdsb
bsz_yrdsb
9 years ago

Thanks Johan.

I sent a message yesterday, so hopefully you'll be able to shed some light onto this.

Admin
Admin
9 years ago

Hi, bsz_yrdsb, if you email me the script I can take a quick look.. The scripts I've been using works fine in both WinPE 4.0 and WinPE 5.0, but I haven't tested against Win2k3 servers. You find my contact info on the About page.

/ Johan

bsz_yrdsb
bsz_yrdsb
9 years ago

I'm having a similar issue. I just built a brand new winpe boot image with Windows 8.1 adk and dll's from my win 8.1 enterprise machine, and my script which worked on winpe 4 no longer works. I'm trying to create a connection in powershell to perform an ldap query and it's throwing an error 80005000. I've tried with creds that work on winpe4, and my own, same issue. Servers I'm connecting to are Win2k3 servers. The only that changes between the two is the winpe version. Do you have any suggestions?

Thanks

Admin
Admin
9 years ago

Did you add new binaries from Windows 8.1? I have tested the plugin in WinPE 5.0, and it worked fine, at least for my code.

/ Johan

pccarrick
pccarrick
9 years ago

Hi could you please advise i have upgraded to SCCM 2012 R2 and i am no longer able to run ADSI queries in my OSD. It worked fine with the plugin 4.0 created but when i updated the DP it stopped working.I have now ran you script and creaded a new WinPE 5.0 boot image but it still won't run the boot image create's fine but i am still unable to run ADSI queries.
Any ideas would be gratefully welcomed.

Thanks in advance


>