Script to move computer to different OU in Active Directory
24 February 2008, 03:28 PM
#1
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Script to move computer to different OU in Active Directory
Hi All,
Have a current situation when deploying machines. I download an image onto a machine which then runs sysprep etc, auto logs in once to install a LANDesk agent then restarts which works great. However for this work I have to first put the computers into an unmanged OU with no group policies attached to it or the policies interfere with the deployment.
I am looking for a script that can be run from a server path which can move the computer into a different OU, then I can run the gpupdate /force command before its restarted. This would be ran from the runonce after the sysprep runs. I've tried a few VB scripts but got "could not return search values" errors etc. Im sure I ammended the relevant items etc. Does anyone have a script that they know works well. Domain is AD 2k3 SP1, PC's are XP SP2
Have a current situation when deploying machines. I download an image onto a machine which then runs sysprep etc, auto logs in once to install a LANDesk agent then restarts which works great. However for this work I have to first put the computers into an unmanged OU with no group policies attached to it or the policies interfere with the deployment.
I am looking for a script that can be run from a server path which can move the computer into a different OU, then I can run the gpupdate /force command before its restarted. This would be ran from the runonce after the sysprep runs. I've tried a few VB scripts but got "could not return search values" errors etc. Im sure I ammended the relevant items etc. Does anyone have a script that they know works well. Domain is AD 2k3 SP1, PC's are XP SP2
25 February 2008, 01:53 PM
#3
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Thanks David, I've got this script to work below (logged on as myself). The computer name is always the local machine name. On my machine running as me this works fine, however I need this to run logged on as local admin account from a server path
.
I have a domain account which has been delegated Add/Remove Computer object rights to use.
' Constants required for name translate
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' ADsPath of the container object (OU) where you want to move the
' current PC
strContainer = "ldap://OU=CCI,OU=StudentLabs,OU=ISeL...am,DC=ac,DC=uk"
'Get the NETBIOS name of the domain
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
' Get the name of the computer
set objNetwork = createobject("Wscript.Network")
strComputer = objNetwork.ComputerName
' Call function to return the distinguished name (DN) of the computer
strComputerDN = getComputerDN(strComputer,strDomain)
' Bind to the container object (OU)
set objContainer = getobject(strContainer)
' Move computer to OU
objContainer.MoveHere "LDAP://" & strComputerDN, vbNullString
function getComputerDN(byval strComputer,byval strDomain)
' Function to get the distinguished name of a computer
' from the NETBIOS name of the computer (strcomputer)
' and the NETBIOS name of the domain (strDomain) using
' name translate
Set objTrans = CreateObject("NameTranslate")
' Initialize name translate using global catalog
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Input computer name (NT Format)
objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer & "$"
' Get Distinguished Name.
getComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
end function
searching on the net i found this for a runas script
Option explicit
Dim oShell set oShell= Wscript.CreateObject("WScript.Shell")
'Replace the path with the program you wish to run c:\program files...
oShell.Run "runas /noprofile /user:uni\wsaddin ""C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"""
WScript.Sleep 100
'Replace the string --> yourpassword~ with the
'password used on your system. Include the tilde "~"
oShell.Sendkeys "xxxpasswordxxx"
Wscript.Quit
My thinking was to run the above and link it to the first script however this doesn't move the computer object. I am running these from a server path, however the computer is logged as local admin
. Part of the runonce sysprep script mapps drives X and I with domain credentials, these are where I will put the scripts.
Oh and my VB scripting are utter ****e
. I have a domain account which has been delegated Add/Remove Computer object rights to use.
' Constants required for name translate
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' ADsPath of the container object (OU) where you want to move the
' current PC
strContainer = "ldap://OU=CCI,OU=StudentLabs,OU=ISeL...am,DC=ac,DC=uk"
'Get the NETBIOS name of the domain
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
' Get the name of the computer
set objNetwork = createobject("Wscript.Network")
strComputer = objNetwork.ComputerName
' Call function to return the distinguished name (DN) of the computer
strComputerDN = getComputerDN(strComputer,strDomain)
' Bind to the container object (OU)
set objContainer = getobject(strContainer)
' Move computer to OU
objContainer.MoveHere "LDAP://" & strComputerDN, vbNullString
function getComputerDN(byval strComputer,byval strDomain)
' Function to get the distinguished name of a computer
' from the NETBIOS name of the computer (strcomputer)
' and the NETBIOS name of the domain (strDomain) using
' name translate
Set objTrans = CreateObject("NameTranslate")
' Initialize name translate using global catalog
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Input computer name (NT Format)
objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer & "$"
' Get Distinguished Name.
getComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
end function
searching on the net i found this for a runas script
Option explicit
Dim oShell set oShell= Wscript.CreateObject("WScript.Shell")
'Replace the path with the program you wish to run c:\program files...
oShell.Run "runas /noprofile /user:uni\wsaddin ""C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"""
WScript.Sleep 100
'Replace the string --> yourpassword~ with the
'password used on your system. Include the tilde "~"
oShell.Sendkeys "xxxpasswordxxx"
Wscript.Quit
My thinking was to run the above and link it to the first script however this doesn't move the computer object. I am running these from a server path, however the computer is logged as local admin
. Part of the runonce sysprep script mapps drives X and I with domain credentials, these are where I will put the scripts.Oh and my VB scripting are utter ****e
Last edited by mike1210; 25 February 2008 at 01:57 PM.
25 February 2008, 03:22 PM
#4
Scooby Regular
Join Date: May 2002
Location: Liverpool
Posts: 3,229
Likes: 0
Received 0 Likes
on
0 Posts
25 February 2008, 03:39 PM
#5
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
If I read it correctly (probably not) it searches for a certain computer then moves it into a different OU. I need the comp name as the local host name and then to move it into a different OU while logged in as local admin.
25 February 2008, 07:36 PM
#7
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
errr I suppose ... But If I run the first script I posted this does work and moves the computer im logged onto into the correct OU however, it only works when I am logged in as myself or a domain user account with appropiate rights. Under local admin it coes back access denied as (of course) the local account doesn't have any domain rights. So basically I need the script to "runas" the relevant user so to speak and that's where im stumped
... But If I run the first script I posted this does work and moves the computer im logged onto into the correct OU however, it only works when I am logged in as myself or a domain user account with appropiate rights. Under local admin it coes back access denied as (of course) the local account doesn't have any domain rights. So basically I need the script to "runas" the relevant user so to speak and that's where im stumped
Trending Topics
25 February 2008, 07:52 PM
#8
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
easy..
http://www.microsoft.com/technet/scr...6/hey0428.mspx
and for the computername:
http://www.microsoft.com/technet/scr...6/hey0428.mspx
and for the computername:
Code:
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set WshNetwork = WScript.CreateObject("WScript.Network")
objOU = GetObject("LDAP://ou=Finance,dc=fabrikam,dc=com")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='computer' " & _
"AND Name='" & wshNetwork.ComputerName & "'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strADsPath = objRecordSet.Fields("ADsPath").Value
objOU.MoveHere strADsPath, vbNullString
objRecordSet.MoveNext
Loop
26 February 2008, 06:56 PM
#10
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Thanks David, what I've done so far is copy that script onto whats mapped as X drive. called it moveou.vbs. Logged in as me this works fine
However looking at that runas article I make a batch file and place it on the local machine
contents of the batch file are as below:
runas /profile /user:uni\wsaddin "cscript.exe X:\moveou.vbs"
X is already mapped as the user wsaddin as this is what the scenario will be in deployment
However running this as local admin doesn't work, prompts for password but doesnt run
I know the VB script works as a domain user so is my runas still not right?
However looking at that runas article I make a batch file and place it on the local machine
contents of the batch file are as below:
runas /profile /user:uni\wsaddin "cscript.exe X:\moveou.vbs"
X is already mapped as the user wsaddin as this is what the scenario will be in deployment
However running this as local admin doesn't work, prompts for password but doesnt run
I know the VB script works as a domain user so is my runas still not right?
27 February 2008, 10:50 AM
#14
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
I sorted it.....when I say I sorted it I mean I asked Kevin who I work with who sorted it
'Get the NETBIOS name of the domain
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
' Get the name of the computer
set objNetwork = createobject("Wscript.Network")
strComputer = objNetwork.ComputerName
strComputerDN = "CN=" & strComputer & ",OU=NewComputers,DC=UNI,DC=glam,DC=ac,DC=uk"
'Move to
strComputerTo = "OU=CCI,OU=StudentLabs,OU=ISeLS,OU=Resources,DC=UN I,DC=glam,DC=ac,DC=uk"
set ldapObj = GetObject("LDAP:")
set adComp=ldapObj.OpenDSObject("ldap://uni-domaincontrol.uni.glam.ac.uk/" & strComputerTo,"wsaddin","xxpasswordxx",1)
' Move computer to OU
adComp.MoveHere "LDAP://" & strComputerDN, vbNullString
This script is on the server which I access logged on as local admin, the computer is at first in the NewComputers OU which then gets moved to a Student lab OU. The account wsaddin has been delegated add/remove computer objetcs in AD
'Get the NETBIOS name of the domain
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
' Get the name of the computer
set objNetwork = createobject("Wscript.Network")
strComputer = objNetwork.ComputerName
strComputerDN = "CN=" & strComputer & ",OU=NewComputers,DC=UNI,DC=glam,DC=ac,DC=uk"
'Move to
strComputerTo = "OU=CCI,OU=StudentLabs,OU=ISeLS,OU=Resources,DC=UN I,DC=glam,DC=ac,DC=uk"
set ldapObj = GetObject("LDAP:")
set adComp=ldapObj.OpenDSObject("ldap://uni-domaincontrol.uni.glam.ac.uk/" & strComputerTo,"wsaddin","xxpasswordxx",1)
' Move computer to OU
adComp.MoveHere "LDAP://" & strComputerDN, vbNullString
This script is on the server which I access logged on as local admin, the computer is at first in the NewComputers OU which then gets moved to a Student lab OU. The account wsaddin has been delegated add/remove computer objetcs in AD
03 June 2008, 11:44 PM
#16
Scooby Newbie
Join Date: Jun 2008
Posts: 1
Likes: 0
Received 0 Likes
on
0 Posts
I need a similar solution but I need the script to run on the local machine after it being imaged. For instance I am trying to have the script run and prompt for me to log in with an acct that has rights to move the computer to the new OU if needed. Sometimes I wont need to have the script run so I will just cancel out of it. I am unsure how my script needs to be set up to make this happen. I want the script to automatically find the computer name so I dont have to type it in. This is what I have at the moment and think I am pretty far off from where I should be...
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
objOU = GetObject("LDAP://OU=Hardened Computers,OU=RESSLC,OU=Offices,OU=BlueCities,OU=Ne w AD Structure,DC=XYZ,DC=com")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = InputBox("enter Username: ", "Username", "")
objConnection.Properties("Password") = InputBox("enter Password: ", "Password", "")
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Cache Results") = False
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://dc=XYZ,dc=com' WHERE objectCategory='computer' " & _
"AND Name='SSCG2LITA3721ZL'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
'Do Until objRecordSet.EOF
strADsPath = objRecordSet.Fields("ADsPath").Value
' objOU.MoveHere strADsPath, vbNullString
' objRecordSet.MoveNext
'Loop
wscript.echo strADsPath
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
objOU = GetObject("LDAP://OU=Hardened Computers,OU=RESSLC,OU=Offices,OU=BlueCities,OU=Ne w AD Structure,DC=XYZ,DC=com")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = InputBox("enter Username: ", "Username", "")
objConnection.Properties("Password") = InputBox("enter Password: ", "Password", "")
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Cache Results") = False
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://dc=XYZ,dc=com' WHERE objectCategory='computer' " & _
"AND Name='SSCG2LITA3721ZL'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
'Do Until objRecordSet.EOF
strADsPath = objRecordSet.Fields("ADsPath").Value
' objOU.MoveHere strADsPath, vbNullString
' objRecordSet.MoveNext
'Loop
wscript.echo strADsPath
04 June 2008, 04:57 PM
#17
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
so what happens at the moment does it work or not?
email me at david.wallis@callcreditgroup.com if you want a faster reply
email me at david.wallis@callcreditgroup.com if you want a faster reply
Thread
Thread Starter
Forum
Replies
Last Post
