Page 2 of 3 <123>
Topic Options
#205629 - 2012-08-31 08:57 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
I got the same error as you when I put an invalid path in. Once I changed it to a good path it returned the computers. It's throwing that error because it doesn't know what to do with that filter assignment if it didnt successfully get the LDAP object.
Top
#205630 - 2012-08-31 09:05 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
which error is that? I have fixed the path issue, so I believe that the path is not the problem now. I don't think that dispatch pointers have anything to do with the path.
Top
#205631 - 2012-08-31 09:18 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Im sorry...There was a typo in that last script. Fixed now, try it again.
Top
#205632 - 2012-08-31 09:35 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Oh thanks Shane, I was just about to post to say that I have finally found the solution.

If you want to make an official UDF for enumerating computers/users etc in an OU using this coding, I think that would be fantastic. As you can see, I had found your typo by the time that I returned to the kixtart forum. I have also modified your script to remove your last line "get $" as I don't see the point in that line as the script works perfectly without the line.

 Quote:
Dim $objAdsPath, $obj, $filter[0]
$filter[0] = "Computer"
$objADsPath = GetObject("LDAP://OU=IT Suite,OU=Computers,OU=whatever,DC=domain,DC=internal")
If @Error = 0
$objAdsPath.filter = $filter
For Each $obj In $objAdsPath
? $obj.Name
Next
Else
? "Not able to connect to LDAP path."
Endif


Give credits to yourself and to Arend for this script. I think that this should be in an official UDF because I think that this is an incredibly useful function, because in my search for this solution, I came across hundreds of posts asking pretty much the same question.

Before you do that, I have encountered one strange thing. If I run the script on an OU with computers, groups and users etc, it will return only the computers, but when I changed this line
 Quote:
$filter[0] = "Computer"
to read as this
 Quote:
$filter[0] = "User"
, the script runs and it returns the names of all users as expected, BUT it also returns the names of the computers ???? I cannot understand why it returns computers names if the filter is for users.


Edited by Robdutoit (2012-08-31 10:47 PM)
Edit Reason: forgot to remove real domain name

Top
#205633 - 2012-08-31 09:40 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
To Mart thanks for your coding, but as you probably realised, I was not looking to find out the OU that the computer belongs to, but rather to find out what computers exist in an OU!

Allen, I tried your coding. I had to modify it as it came up with errors. Once I got rid of all the errors, the script seemed to enumerate all the Organistional Units rather than the computers within, so I will go with the script that Arend and Shanep put together as this script does the job beautifully.

In case anyone wonders why I was having problems with the path, its because I was doing the OU nesting backwards ie I should have put OUA in OUB in OUC, not OUC, OUB, OUA if that makes sense.

Top
#205634 - 2012-08-31 10:47 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
I have modified the script to remove the CN= part of the computer name. We don't want to have the computer name returned as CN="computername", we want to see just computer name.

I have changed the script to delete the "CN=" part of the return.
 Quote:

Dim $objAdsPath, $obj, $filter[0]
$filter[0] = "computer"
$objADsPath = GetObject("LDAP://OU=IT Suite,OU=Computers,OU=whatever,DC=domain,DC=internal")
If @Error = 0
$objAdsPath.filter = $filter
For Each $obj In $objAdsPath
? $obj.name
$PcName = SUBSTR($obj.name, 4)
? $PcName
Next
Else
? "Not able to connect to LDAP path."
Endif


Thanks Rob


Edited by Robdutoit (2012-08-31 10:50 PM)
Edit Reason: copied wrong

Top
#205635 - 2012-08-31 11:13 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Well glad you got it working! Just so you know, the "get $" at the end is simply a way to keep the console window open until a key is pressed.
Top
#205636 - 2012-08-31 11:28 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
And I have not been able to reproduce your filter results. If I change the filter to "User" it only displays the users.
Top
#205637 - 2012-08-31 11:56 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
 Quote:
I cannot understand why it returns computers names if the filter is for users.


Ahhh, now its coming back to me why I stopped working on this, every time I turned around I was hunting for something else that didn't make sense. I think I know how to fix this though... All of this is in the function I referred you too ealier.

 Code:
Dim $objAdsPath, $obj, $filter[0]
$filter[0] = "computer"
$objADsPath = GetObject("LDAP://OU=IT Suite,OU=Computers,OU=whatever,DC=domain,DC=internal")
If @Error = 0
  $objAdsPath.filter = $filter
  For Each $obj In $objAdsPath
    if $filter[0]="User"
      if $obj.class="user"
        ? $obj.name
      endif
    else
      ? $obj.name
    endif
  Next
Else
  ? "Not able to connect to LDAP path."
Endif 


By the way, instead of using the quote tags, use the code tags instead, which is the next one beside the quote tag button.

Top
#205638 - 2012-09-01 12:10 AM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Here's a start to the function, if you want to test it out.
 Code:
Function ObjectsInOU(OPTIONAL $OU, OPTIONAL $filter)
   Dim $f[0],$objs[0],$x,$objADsPath,$obj
   If not $OU
      $OU = GetObject("LDAP://"+CreateObject("ADSystemInfo").ComputerName).Parent
      If @Error
         Exit @Error
      Endif
   Endif
   $objADsPath = GetObject($OU)
   If @Error = 0
      If $filter
         $f[0] = $filter
         $objAdsPath.filter = $f
      Endif
      $x = 0
      For Each $obj In $objAdsPath
         If $filter="user"
            If $obj.Class="User"
               $objs[$x] = Split($obj.Name,"=")[1]
               $x = 1+$x
               ReDim Preserve $objs[$x]
            Endif
         Else
            $objs[$x] = Split($obj.Name,"=")[1]
            $x = 1+$x
            ReDim Preserve $objs[$x]
         Endif
      Next
      If UBound($objs) > 0
         ReDim Preserve $objs[UBound($objs)-1]
      Endif
      $ObjectsInOU = $objs
   Else
      Exit @Error
   Endif
EndFunction

It would be called like so...
 Code:
$objects = ObjectsInOU("LDAP://OU=folder,...","Computer")

If @Error = 0
   For each $o in $objects
      ? $o
   Next
Else
   ? "Error: "+@Error
Endif


Edited by ShaneEP (2012-09-01 12:13 AM)

Top
#205639 - 2012-09-01 12:18 AM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Hi Allen, the code that you provided fixed the user issue. Now can you explain to me why the original coding works for Shanep, but not for me and secondly why does one need to add the
if $filter[0]="User"
if $obj.class="user" if we want to use $filter[0] = "user"

if we don't need to do this for the $filter[0] = "computer" Its not a major problem as I only want the coding to return computers, which it does. I am just a bit puzzled as to why the coding for the users works differently - particularly when it works fine on Shanep's computer. I will have a look at the coding tags next time. Thanks

Top
#205640 - 2012-09-01 12:33 AM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Not sure where the glitch is there Rob. When I ran it earlier on an OU that contained multiple types of objects it seemed to work. But if I run it on an OU that has ONLY computers, it doesn't work as suspected. I accounted for it in the UDF I posted above however.
Top
#205641 - 2012-09-01 12:44 AM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Hi Shanep, I will test out your UDF tomorrow morning as its now midnight here and I need my beauty sleep. My only question at this point is why its necessary to change the script so much for the udf. We didn't need redim and ubounds and why can't we use a simple
 Code:
$Domain=@domain
GetObject("LDAP://" + $namesOfOus + "/"  + $Domain)

instead of your
 Code:
GetObject("LDAP://"+CreateObject("ADSystemInfo").ComputerName).Parent

where does this creatobject(ADSysteminfo) do?

Top
#205642 - 2012-09-01 12:49 AM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Most of the complication in the function comes in storing all the results into an array that can be used in whatever way you want. The ReDims are necessary as the function never knows how many objects are going to be found...It essentially adds an element to the array for each object.

This line...
 Code:
GetObject("LDAP://"+CreateObject("ADSystemInfo").ComputerName).Parent
simply pulls in the OU of the current computer, which is then used only if an OU is not specified when the function is called.


Edited by ShaneEP (2012-09-01 12:50 AM)

Top
#205645 - 2012-09-01 04:10 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
I've created a proper UDF out of my code, and added Allen's proper way of filtering.
Top
#205652 - 2012-09-01 08:34 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Who would have thought that my little question would raise so much interest that I get a UDF created just for little ol' me ! (Well and a few million other users lol). I appreciate all the help on this question. Ironically all I wanted the server to do was to shutdown certain computers at the end of the day and I was looking for a simple way to read the list of computers within an OU or group and shut those ones down.
Hopefully the new UDF will be very useful for a lot of people. Many thanks Rob

Top
#205674 - 2012-09-06 04:50 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
So to finish off the thread, the code would look something like:

(untested)
 Code:
$OU="OU of computers"
$OUfilter="computer"
for each $pc in ListOUObjects($OU,$OUfilter)
  if osping($PC)
    $rc=fnwmishutdown($PC,1)
  endif
next



ListOUObjects - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=205644
OSPing - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=156097
fnWMIShutdown - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=83746

How to use UDFs -
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=81943#Post81943

The rest of the UDFs are here -
http://www.kixtart.org/forums/ubbthreads.php?ubb=postlist&Board=7&page=1

Top
#205686 - 2012-09-07 08:26 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Thank you for that Allen. I had already created a shutdown script, although its not as fancy as yours. But as it works, I will leave it for the moment, as I have other parts of the script to get working. But I have copied the code and will test it when I have time in a few weeks. Thank you.
Top
#205694 - 2012-09-08 09:04 AM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Why not use a scheduled task on the local computer? Easier and more powerful if you use a Domain Account that has local admin rights.

Run the Scheduled Task with an account from the Domain that you control that is a member of a Global Group that is added to ALL workstations. Members of that control group can then have Admin rights on all local workstation computers.

Then from there you can do a couple things. Have the task simply shut down the computer when you want or you can have it run multiple times or at specific times where it reaches out to a shared directory from a server that you control rights on and it reads and looks for it's name and if found it shuts down. The you can add the names of any computers you want to to a control file and have it either shutdown or restart, sort of on a delayed demand


Top
#205695 - 2012-09-08 05:09 PM Re: how to list computers that are a member of an active directory group or OU [Re: NTDOC]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
To NTDOC. What I wanted to accomplish was the following. I want to shut down all computers within an OU or a group. I don't want to have to remember to add PC xyz to the shutdown script, so I don't want to have to add computers names to the control script. I could in theory use a scheduled task on the local computer but is easier if I have the scheduled task on the server and I can change the times/days easily on the server. The scheduled task on the server runs the kix script and it shuts down all the computers within the OU. I see no benefit to having the scheduled task on the individual computers.
Top
Page 2 of 3 <123>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.076 seconds in which 0.027 seconds were spent on a total of 14 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org