#137790 - 2005-04-13 07:30 AM
move computer to new container in AD
|
jechilt
Starting to like KiXtart
Registered: 2000-12-01
Posts: 102
Loc: Denver Colorado
|
I have been looking over the inContainer, TranslateName, ADsearch.
When new computers are added to our AD, the computer is put in a "default" container. However, we need it to be moved to it's permanent container. I want to automate this through the login script for our techs so after the computer is joined, it will be moved to the new container at next login.
Any ideas or suggestions?
Thanks!
_________________________
John LM Contractor One of the 2 dads
|
|
Top
|
|
|
|
#137792 - 2005-04-13 12:36 PM
Re: move computer to new container in AD
|
jechilt
Starting to like KiXtart
Registered: 2000-12-01
Posts: 102
Loc: Denver Colorado
|
NTDOC,
Thanks for the reply.
We are only one of many sites in the OU. As it was explained to me, the workstations when added to the domain by the technician will default to a 'generic' container. After the computer is added, it has to be moved by the tech to the permanent OU.
If there is a better way for us to add the computers to the domain, then I am all ears. I will dig through my book again and see if I can find something else to work with.
I know I have seen some scripts on moving workstations to different OU's and thought they were in the kix forum, but I cant find those references so it could have been a different forum 
Thanks for the info!
_________________________
John LM Contractor One of the 2 dads
|
|
Top
|
|
|
|
|
#137793 - 2005-04-13 02:22 PM
Re: move computer to new container in AD
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
here is some code to look through.
Code:
$newName = $ComputerBox.text
$domain = $DomainBox.text
$password = $PasswordBox.text
$user = $AdminBox.text
$OU = $OUCombo.text
$JOINType = 1 + 2 + 32
$objNetwork = CreateObject("WScript.Network")
if not @error
$strComputer = $objNetwork.ComputerName
$objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\"+$strComputer+"\root\cimv2:Win32_ComputerSystem.Name='"+$strComputer+"'")
$ReturnValue = $objComputer.JoinDomainOrWorkGroup($Domain, $password, $Domain+"\"+$user, $OU, $JOINtype)
If $ReturnValue
Status("Failed joining "+@wksta+" to "+$domain)
Status($ReturnValue)
return
EndIf
Status("waiting 15 seconds")
sleep 15
Status("Renaming")
$objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" + $strComputer + "\root\cimv2")
$colComputers = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
For Each $objComputer in $colComputers
$err = $objComputer.Rename($NewName, $password, $Domain + "\" + $user)
If $err
Status("Failed Renaming "+@wksta+" to "+$NewName)
Status($err)
return
endif
Next
I pulled this from an existing kixform I'm developing
Edited by Radimus (2005-04-13 02:24 PM)
|
|
Top
|
|
|
|
|
#137794 - 2005-04-13 02:23 PM
Re: move computer to new container in AD
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Heres a snippet of our code for moving workstations, basically you bind to the target OU, then "move" from the source ou into that. We use this code to have NT4 workstations "join and move themselves" into AD.
If you have any questions, feel free to ask.
Code:
$WKSTA = "hostname"
$USERID = "domain\userid"
$PASSWORD = "********"
$SERVER = "dcservername"
$SOURCEOU = "LDAP://CN=$WKSTA,CN=COMPUTERS,DC=XXX,DC=YYY,DC=ZZZ,DC=CA"
$TARGETOU = "LDAP://$SERVER/OU=AAA,OU=BBB,OU=CCC,DC=XXX,DC=YYY,DC=ZZZ,DC=CA"
;======================
; GET HANDLE TO LDAP...
;======================
$ROOT = GETOBJECT("LDAP:")
IF @ERROR
EXIT 102
ENDIF
;======================
; BIND TO TARGET OU ...
;======================
$ADS_SERVER_BIND = 512
$TARGET = $ROOT.OPENDSOBJECT($TARGETOU, $USERID, $PASSWORD, $ADS_SERVER_BIND)
IF @ERROR
EXIT 103
ENDIF
;=============================================
; MOVE WORKSTATION FROM SOURCE OU TO TARGET OU
;=============================================
$= $TARGET.MOVEHERE($SOURCEOU,"CN=$WKSTA")
IF @ERROR
EXIT 104
ENDIF
|
|
Top
|
|
|
|
|
#137800 - 2005-04-13 03:10 PM
Re: move computer to new container in AD
|
jechilt
Starting to like KiXtart
Registered: 2000-12-01
Posts: 102
Loc: Denver Colorado
|
Quote:
Why not simply create the computer account in the correct OU before joining it?
Joining a new workstation to a domain using AD puts the workstation into the main computer container by default. each of our OU have GPO's applied and certain workstations must go into the respective OU. It is my understanding that GPO can not be applied to the default computer OU...
_________________________
John LM Contractor One of the 2 dads
|
|
Top
|
|
|
|
|
#137802 - 2005-04-13 03:56 PM
Re: move computer to new container in AD
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
Quote:
Ok the truth then ;0) - I didn't feel like doing an inventory on 10,000 machines, then write some script that pre-creates all these accounts, and deal with all the failed attempts with unjoins and rejoins. ;0)
Me neither
|
|
Top
|
|
|
|
|
#137803 - 2005-04-13 04:16 PM
Re: move computer to new container in AD
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Quote:
Joining a new workstation to a domain using AD puts the workstation into the main computer container by default.
Well, thats true when joining a machine using NETDOM on NT4, the Win2K and above version of NETDOM does allow you to join directly into an OU. We probably would have done it this way if we could (but we couldn't).
The other thing is, we wanted to fully automated our NT4 migration. Since we didn't have an inventory of machines (and didn't want to do one), our machines just magically "pop" into AD, as they are migrated. No need to have technicians pre-create accounts (and maybe screwing things up). No need to have our AD administrators on "stand-by" 7/24 ... we didn't have that luxury anyways.
-Shawn
|
|
Top
|
|
|
|
|
#137804 - 2005-04-14 05:49 AM
Re: move computer to new container in AD
|
jechilt
Starting to like KiXtart
Registered: 2000-12-01
Posts: 102
Loc: Denver Colorado
|
Quote:
Maybe you missed what I said. If you create the computer account in the right OU BEFORE you join it to the domain, it will not end up in the DEFAULT container. We have dozens of techs doing it that way ever day.
Sorry Les, did not catch that first time around.
I am trying to build a script that will look at our SQL database and check if the computername has been used in the past. If not, have it look at AD to double check and then add the new name. Will add the account to the new OU and then have the tech add it to the domain. I am curious though how I can do this if the computer is not yet part of the domain, or if it is possible to run from that machine. I am thinking I need a seperate script that is already on the domain. Any ideas or suggestions?
_________________________
John LM Contractor One of the 2 dads
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 302 anonymous users online.
|
|
|
