Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Intel RCS creates a computer object with the same attributes as the corresponding windows computer object

SysArch
New Contributor I
1,510 Views

Hi

 

I use Intel RCS 12.1.0 to configure Intel AMT devices. All devices are Windows domain members and AMT Active Directory integrated. The Active Directory computer objects created by Intel RCS, have the same CN and Name attributes as the windows computer object . So, if I search for the computername "client1" in active directory I get two computerobjects (the amt and windows object), altough SamAccountName and distinguished name is unique.

 

The problem ist, that some applications (like Microsoft LAPS UI) no longer work because they can no longer uniquely identify the windows computer object by name.

 

Does Intel have a solution for this problem? Can the RCS create the computer object with a different CN than the Windows computerobject?

 

Best regards, fabian

0 Kudos
6 Replies
SergioS_Intel
Moderator
1,281 Views

Hello Sysarch,

 

Please help us provide with some information about your system configuration:

 

How many systems configure with AMT you have?

Can you please provide us with the manufacturer of your systems?

What operating system are you currently running?

 

Best regards,

Sergio S.

Intel Customer Support Technician

 

0 Kudos
SysArch
New Contributor I
1,282 Views

Hi Sergio

 

How many systems configure with AMT you have? About 15'000

Can you please provide us with the manufacturer of your systems? Flytech

What operating system are you currently running? Windows 10

 

Best regards, fabian

 

0 Kudos
SergioS_Intel
Moderator
1,282 Views

Hello Sysarch,

 

We appreciate the additional information, allow us to check with upper-level support and we will get back to you.

 

Best regards,

Sergio S.

Intel Customer Support Technician

 

0 Kudos
SergioS_Intel
Moderator
1,282 Views

Hello Sys Arch,

 

Using the LAPS tool, when you search for an object, you have to use the full LDAP address and the unique object will show. Alternatively, you can use a PowerShell command. The first command “Get’s” the password from the object and the second command “Reset’s” the password:

 

Get LAPS Password (when you also have AMT computer objects):

[CmdletBinding()]

Param([Parameter(Mandatory =$true, position=0, HelpMessage="Enter the Computer Name")][String]$ComputerName)

$RealComputer = Get-ADComputer -Identity $ComputerName

Get-AdmPwdPassword -ComputerName $RealComputer

 

Reset LAPS Password (when you also have AMT computer objects):

[CmdletBinding()]

Param([Parameter(Mandatory =$true, position=0, HelpMessage="Enter the Computer Name")][String]$ComputerName,

[Parameter(Mandatory =$true, position=1, HelpMessage="Enter the new date")][datetime] $NewPasswordDate)

$RealComputer = Get-ADComputer -Identity $ComputerName

$Status = (Reset-AdmPwdPassword -ComputerName $RealComputer -WhenEffective $NewPasswordDate).status

Write-Host "The new password date is $NewPasswordDate"

 

Best regards,

Sergio S.

Intel Customer Support Technician

0 Kudos
SysArch
New Contributor I
1,282 Views

Hi Sergio

 

Thanks for your response but I think you misunderstood me. LAPS was just an example of an application that has a problem. There are several applications that have a problem with identical CNs. So I want to fix the problem at the source and not figure out a workaround for every application.

 

In addition, the overview in AD users and computers management console is poor if the support employee finds two identical computer objects.

 

Best regards, fabian

WPort3
Beginner
1,282 Views

I am also running into this issue. Seems the identical CNs are in conflict with a our 3rd party whitelisting solution.

0 Kudos
Reply