It looks like other tasks run fine at startup, I was mistaken on what was actually going on. For some reason this script task just sits at "Running...." and doesn't finish when part of the image workflow when no user is logged in.
I can run the same script without issue manually, but I believe I was always logged into the workstation when I tested it.
I also couldn't get the domain join via sysprep to work without putting a password in via clear text (would still like to learn how to do that).
I found a work around though. I changed my unattend file to force 2 auto logins, so after domain join it auto logs in one more time, then runs my script without issue, and I added a restart after that so machine is back to sitting at CTRL ALT DEL when it's done completing its tasks.
Here's my script to add a computer to a security group if anyone should need something similar in the future. I wish I could credit where I found it. Make sure you run it with user credentials for someone who can edit the group membership in AD.
Option Explicit
Dim objSysInfo, objComputer, strComputerDN
Dim objComputerGroup
' Retrieve DN if user and local computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strComputerDN = objSysInfo.ComputerName
' Bind to user and computer objects.
Set objComputer = GetObject("LDAP://" & strComputerDN)
' Bind to groups. You must specify the full Distinguished Names.
Set objComputerGroup = GetObject("LDAP://CN=NameOfGroup,OU=OUComputer,OU=NestedOU,DC=company,DC=com")
' Add user and computer to groups, if not already members.
If (objComputerGroup.IsMember(objComputer.AdsPath) = False) Then
objComputerGroup.Add(objComputer.AdsPath)
End If