none
Add laptop to particular group in AD RRS feed

  • Question

  • I want to create a script which monitors AD for new Laptop addition and whenever there is addition of laptop in AD it should be added to particular group. I know how to manually add Laptop in group with batch when i have the hostname of laptop. what i want is a script which monitors AD for new entries in Laptop and add it automatically to the required group like say xyz group. I have searched all over net but don't understand scripts much as I am new to AD and scripting.

    \m/

    Wednesday, February 5, 2014 7:16 AM

Answers

  • Hi Khushboopatel,

    sry, my error. This would probably happen when it encounters a laptop OU that has no new Laptops. here's a small revision that hopefully circumvents that particular problem:

    # Prepare a bit
    $group = Get-ADGroup "gIN-WIFI-Laptops"
    $filter = "*" + $group.DistinguishedName + "*"
    
    # Stuff all computers in a laptop-OU that are not yet group-members into this variable
    $comp = @()
    
    # Iterate over all OUs and fill comp
    Get-ADOrganizationalUnit -Filter {Name -like "*laptop*"} | ForEach {
    	$comp += Get-ADComputer -Filter {memberof -notlike $filter} -Searchbase $_.DistinguishedName -ErrorAction 'SilentlyContinue'	
    }
    
    # If any new Laptops were found, add them
    if ($comp.Length -gt 0){$group | Add-ADGroupMember -Members $comp}

    What this does, is search for all new Laptops and only adds them all at the final steps. That way, computers that have already been added won't be a problem and OUs that have no computers yet will not have any action applied to them.

    What's more, this way you do not execute a write command when there is no need (when no new Laptop has been added at all, all it does is read).

    Cheers,
    Fred


    There's no place like 127.0.0.1

    • Marked as answer by KhushbooPatel Monday, February 10, 2014 3:49 AM
    Thursday, February 6, 2014 1:01 PM
  • Tis may work even better:

    $group=Get-ADGroup gIN-WIFI-Laptops
    Get-ADOrganizationalUnit -Filter {Name -like '*laptop*'} | 
         ForEach-Object{
    	Get-ADComputer -Filter * -Searchbase $_	
         } |
         ForEach-Object{
            Add-ADGroupMember $group -Members $_
         }

    You don't need to exclude the ones already in the group as they will just be nullops.


    ¯\_(ツ)_/¯

    • Marked as answer by KhushbooPatel Monday, February 10, 2014 3:48 AM
    Friday, February 7, 2014 6:51 AM

All replies

  • Hi KhushbooPatel,

    you'd need something to distinguish Laptops from desktop clients (since both use the same OS, I think). If however you store all laptops in a single OU (for example "OU Computer\OU Laptops"), it's easy:

    $comp = Get-ADComputer -Filter * -Searchbase [DN of OU Laptop]
    Get-ADGroup [NameOfGroup] | Add-ADGroupMember -Members $comp -ErrorAction 'SilentlyContinue'

    Execute this at a regular intervall and you're set :)

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Wednesday, February 5, 2014 7:41 AM
  • i have a laptop OU but there are many laptop OU's under different OU's will this work for all the laptop OU's?

    for example i have USA one OU under which i have Laptop Ou then there is INDIA OU under which also there is Laptop OU. Like wise i have 100's of Laptop OUs .


    \m/

    Wednesday, February 5, 2014 10:45 AM
  • that will work. However, you'll need to either specify each OU, or they need to have something in common that other OUs don't have. For example, if each of them - and only them - contains the word "laptop" in the name, then this would work:

    Get-ADOrganizationalUnit -Filter {Name -like "*laptop*"} | ForEach {
    	$comp = Get-ADComputer -Filter * -Searchbase $_.DistinguishedName -ErrorAction 'SilentlyContinue'
    	Get-ADGroup [NameOfGroup] | Add-ADGroupMember -Members $comp -ErrorAction 'SilentlyContinue'
    }

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Wednesday, February 5, 2014 11:03 AM
  • When you join the computer you can specify the target OU.  That is the best time to make this decision.

    If you do not specify the target OU at join time the computer will be placed in the default container.  The default container is NOT an OU it is a simple container.   Get-ADOrganizationalUnit will not find the newly joined computers.

    Here is how to join and place in a specific OU:

    add-computer -DomainName <name> -OUPath 'ou=laptops,ou=india,dc=domain,dc=com'


    ¯\_(ツ)_/¯

    Wednesday, February 5, 2014 1:31 PM
  • hi FWN the command is working totally fine when i use it once. After i make new entries to AD it does not add the new machines in the group. When i remove all members from group and add it adds them . 

    it gives following error:

    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not 
    null or empty and then try the command again.
    At C:\Users\sccmadmin\Desktop\groupLaptop.ps1:3 char:65
    +     Get-ADGroup "gIN-WIFI-Laptops" | Add-ADGroupMember -Members $comp -ErrorActi ...
    +                                                                 ~~~~~
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember


    \m/


    Thursday, February 6, 2014 12:35 PM
  • Hi Khushboopatel,

    sry, my error. This would probably happen when it encounters a laptop OU that has no new Laptops. here's a small revision that hopefully circumvents that particular problem:

    # Prepare a bit
    $group = Get-ADGroup "gIN-WIFI-Laptops"
    $filter = "*" + $group.DistinguishedName + "*"
    
    # Stuff all computers in a laptop-OU that are not yet group-members into this variable
    $comp = @()
    
    # Iterate over all OUs and fill comp
    Get-ADOrganizationalUnit -Filter {Name -like "*laptop*"} | ForEach {
    	$comp += Get-ADComputer -Filter {memberof -notlike $filter} -Searchbase $_.DistinguishedName -ErrorAction 'SilentlyContinue'	
    }
    
    # If any new Laptops were found, add them
    if ($comp.Length -gt 0){$group | Add-ADGroupMember -Members $comp}

    What this does, is search for all new Laptops and only adds them all at the final steps. That way, computers that have already been added won't be a problem and OUs that have no computers yet will not have any action applied to them.

    What's more, this way you do not execute a write command when there is no need (when no new Laptop has been added at all, all it does is read).

    Cheers,
    Fred


    There's no place like 127.0.0.1

    • Marked as answer by KhushbooPatel Monday, February 10, 2014 3:49 AM
    Thursday, February 6, 2014 1:01 PM
  • Hi fred,

    the previous one was also working and this one does not add ... When i try printing $comp it gives me empty output. As below :

    image


    \m/

    • Marked as answer by KhushbooPatel Monday, February 10, 2014 3:48 AM
    • Unmarked as answer by KhushbooPatel Monday, February 10, 2014 3:49 AM
    Friday, February 7, 2014 6:14 AM
  • This may avoid certain issues with syntax and other structural behaviors:

    $group=Get-ADGroup gIN-WIFI-Laptops
    Get-ADOrganizationalUnit -Filter {Name -like '*laptop*'} | 
         ForEach-Object{
    	Get-ADComputer -Filter "memberof -notlike '*$($group.DistinguishedName)*'" -Searchbase $_	
         } |
         ForEach-Object{
            Add-ADGroupMember $group -Members $_
         }


    ¯\_(ツ)_/¯



    • Edited by jrv Friday, February 7, 2014 6:50 AM
    Friday, February 7, 2014 6:48 AM
  • Tis may work even better:

    $group=Get-ADGroup gIN-WIFI-Laptops
    Get-ADOrganizationalUnit -Filter {Name -like '*laptop*'} | 
         ForEach-Object{
    	Get-ADComputer -Filter * -Searchbase $_	
         } |
         ForEach-Object{
            Add-ADGroupMember $group -Members $_
         }

    You don't need to exclude the ones already in the group as they will just be nullops.


    ¯\_(ツ)_/¯

    • Marked as answer by KhushbooPatel Monday, February 10, 2014 3:48 AM
    Friday, February 7, 2014 6:51 AM
  • Thanks Fred & jrv it worked. 

    \m/

    Monday, February 10, 2014 3:48 AM