Back in 2005 I wrote my first ADSI for plugin WinPE (WinPE 2005 or v1.6), and per request I have since then updated it for every WinPE release… This is the release for WinPE 5.0 (part of ADK 8.1).
Note: I don't recommend using ADSI in WinPE. It's not supported by Microsoft, and this release is only intended to support existing solutions using it. Instead you really should use web services to interact with Active Directory from WinPE. Check out http://prettygoodfrontend.codeplex.com for ready-made web services for Active Directory, including source code.
Update 2014-04-08: You can also import this plugin as a driver to MDT (using Out-Of-Box Drivers), thanks bseifert55 for the tip. So it's automatically being added when updating the boot image.
WinPE 5.0 ADSI Plugin download
Detailed installation instructions can be found in the archive Readme.txt file.
Previous ADSI Plugin releases are found on the following links:
WinPE 4.0 ADSI Plugin
https://deploymentresearch.com/Research/tabid/62/EntryId/74/ADSI-plugin-for-WinPE-4-0.aspx
WinPE 3.0 ADSI Plugin
http://www.deployvista.com/Repository/tabid/71/EntryId/60/DMXModule/396/language/sv-SE/Default.aspx
WinPE 2.0 ADSI Plugin
http://www.deployvista.com/Repository/WindowsPE20/tabid/73/language/sv-SE/Default.aspx
WinPE 1.6 ADSI Plugin
http://www.myitforum.com/articles/2/view.asp?id=8810
Additional Info
Note: If your domain controllers are running Windows Server 2012 or Windows Server 2012 R2, the ADSI connection (which is using NTLM) may be restricted (default configuration). If NTLM is restricted, you get the following error when trying to run the built-in sample script (Connect_to_DC_Sample.vbs): Active Directory: The server is not operational
Workaround: You can relax (and audit) the settings for NTLM, by configuring a group policy that sets the following:
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers = Audit All
Network security: Restrict NTLM: Audit NTLM authentication in this domain = Enable all
Network security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable auditing for all accounts
In addition to allowing the traffic, you can then see the audit logs in the Event Viewer (Event Viewer (Local)/Applications And Services Logs/Microsoft/Windows/NTLM/Operational)
Happy Deployment,
/Johan
Hello Johan,Thanks for the reply. I did try the dll-files from both a "RTM 8.1 x64" AND a "8.1 with Update x64" but it failed.But I uninstalled the ADK and downloaded an older version of ADK and then it worked! 🙂I first had ADK 8.59.25584 and that failed.But with ADK release 8.100.26866 It worked fine! Thanks for nice support and all great help you provide. ps, I'd love to use web services and will take time to work with that, someday. 🙂After all, the ADSI support is working very perfect and we use it to AD-authenticate that the Client operator… Read more »
Hello Johan,Thanks for the reply. I did try the dll-files from both a "RTM 8.1 x64" AND a "8.1 with Update x64" but it failed.But I uninstalled the ADK and downloaded an older version of ADK and then it worked! 🙂I first had ADK 8.59.25584 and that failed.But with ADK release 8.100.26866 It worked fine! Thanks for nice support and all great help you provide. ps, I'd love to use web services and will take time to work with that, someday. 🙂After all, the ADSI support is working very perfect and we use it to AD-authenticate that the Client operator… Read more »
Make sure you got the binaries from a x64 Windows 8.1 for the x64 boot image. If it still fails contact me offline, and I'll try to help (contact info is on the about page).
And please use webservices instead of ADSI 🙂
/ Johan
Hi Johan, I have been using the previous ADSI-plugin for many years for WInPE 3.0 and now we are moving to SCCM2012.We are in the situation that we need to both a 32 and 64-bit WinPE.I had no issues with getting x86 into the x86-image. (I imported the driver into the console and added it through the GUI. Great!) But I cannot install the 64-bit driver into my 64-bit image. And I even tried to create a new PE by using your default cmd-file.(I have taken the ddll's from a "Windows 8.1 with update Enterprise" installation) But it fails with… Read more »
Sorry nope. If you want to sign it you need to get a cert from digicert, costs approx 200 USD per / year.
/ Johan
Hello-
Any chance we can get the plug in as a signed driver so we can get SCCM to add it as a driver to our PE boot image automatically?
Haven't tried in WinPE 5.1, in general you don't need that version.
You may have to use files from a Windows 8.1 Update, or just make sure you have the right x86/x64 version of the dll's.
/ Johan
Hello,
I was wondering if anyone has tried the ADSI plugin with WinPE 5.1 instead of WinPE 5.0. Whenever I tried running a script from a WinPE 5.1 instance that attempts to connect to AD, I received a message indicating that x:windowssyste32adsldp.dll is either not designed to run on Windows or it contains an error. I copied the dll's out of the system32 directory on a Windows 8.1 computer.
Any help is greatly appreciated.
Regards,
Jason
You need to copy files with the correct architecture, as well as modify the sample script to fit your environment.
Send me an email, and I can help you offline. You find contact info on the About page.
/ Johan
I have copied all 6 DLLs from Windows 8.1 C:WindowsSystem32 but couldn't run the vb script to connect DC. X:WindowsSystem32adsldp.dll is either not designed to run on Windows or it contains error. Any suggestions. I have tried copying 6 dlls from C:Windowssystem32 to C:PluginsADSIx86. and C:WindowsSysWOW64 to C:PluginsADSIx64. But no luck so far.
Thanks, will update the post with that info…
/ Johan
Thank you Johan for creating this plugin! I was having issues with our MDT task sequences randomly stopping/rebooting the workstation in the post install phase. I determined it was due to the PC sitting in an AD OU (from it's previous deployment) with some restrictive GPO's. We have an in house application that performs the AD OU moves, but it wasn't working in WinPE due to the lack of ADSI support. I was able to take your ADSIx86.inf and the 6 required DLL's and put them all in an "Out-of-box Drivers" folder. Then I added the new folder to the… Read more »
Thanks Johan.
I sent a message yesterday, so hopefully you'll be able to shed some light onto this.
Thanks Johan.
I sent a message yesterday, so hopefully you'll be able to shed some light onto this.
Hi, bsz_yrdsb, if you email me the script I can take a quick look.. The scripts I've been using works fine in both WinPE 4.0 and WinPE 5.0, but I haven't tested against Win2k3 servers. You find my contact info on the About page.
/ Johan
I'm having a similar issue. I just built a brand new winpe boot image with Windows 8.1 adk and dll's from my win 8.1 enterprise machine, and my script which worked on winpe 4 no longer works. I'm trying to create a connection in powershell to perform an ldap query and it's throwing an error 80005000. I've tried with creds that work on winpe4, and my own, same issue. Servers I'm connecting to are Win2k3 servers. The only that changes between the two is the winpe version. Do you have any suggestions?
Thanks
Did you add new binaries from Windows 8.1? I have tested the plugin in WinPE 5.0, and it worked fine, at least for my code.
/ Johan
Hi could you please advise i have upgraded to SCCM 2012 R2 and i am no longer able to run ADSI queries in my OSD. It worked fine with the plugin 4.0 created but when i updated the DP it stopped working.I have now ran you script and creaded a new WinPE 5.0 boot image but it still won't run the boot image create's fine but i am still unable to run ADSI queries.
Any ideas would be gratefully welcomed.
Thanks in advance