locked
Moving computers from default OU in AD RRS feed

  • Question

  • Since group policy cannot be applied to the default Computers container in AD, I have been looking for a script that I can set to run every hour that will move new computers to their appropriate container. Most of the scripts I have found online deal with only one computer, not multiple ones to multiple sites, or they say to use Quest tools, which we don't have. For a little background, we are a K-12 school system that has field techs that work in the schools. Daily, they are imaging or needing to add computers to AD. Right now, I try to remember to check the Computers container periodically throughout the day to move them to their appropriate school containers so they can receive group policy. I really need help with a script that can search the Computers container and based on the beginning name prefix (which is the school initials), move them to their proper school container. Below is a script that I have been toying with, but have never gotten to work properly. This is just the first few lines. There is a foreach statement for each of our other sites. Any help would be greatly appreciated. Thanks.

    Import-module ActiveDirectory
    $Computers = Get-ADComputer -filter * -SearchBase 'CN=Computers,DC=lcpsad,DC=internal'
    foreach ($Computer in $Computers) {if($Computer.Name -like "crms-*")
    {if(!(Move-ADObject $Computer -TargetPath 'OU=002,OU=LCPS Computers,OU=Policy Groups,OU=Groups,OU=LCPS,DC=lcpsad,DC=internal')) {$Status = "SUCCESS"} else {$Status = "There are no computers with this prefix"}}}

    James

    Tuesday, March 5, 2013 8:32 PM

Answers

All replies

  • YOU can alter AD to redirect all newly created computer accounts to a new default location.  This is the intended mechanism and teh 'Computers' container is just a default to allow for some anmount of control.

    All methods of joining a domain allow selection of the target OU except when using the GUI.


    ¯\_(ツ)_/¯

    Tuesday, March 5, 2013 9:51 PM
  • Here is the MS KB article describing how to corerctly set this up for all object classes.

    http://support.microsoft.com/kb/324949


    ¯\_(ツ)_/¯

    • Proposed as answer by Richard MuellerMVP Tuesday, March 5, 2013 11:05 PM
    • Marked as answer by IamMred Wednesday, April 3, 2013 10:21 PM
    Tuesday, March 5, 2013 9:54 PM
  • This can be done but my personal preference and what we have done in our oganization is script it out so that when you join a machine to the domain it joins to the correct OU.
    Wednesday, March 6, 2013 4:57 PM
  • This should work but may need some tweaking to work in your environment.

    $Domain = [ADSI]""
    [string]$DomainName = $Domain.DistinguishedName
    
    $NewComputers = Get-ADComputer -filter {Name -like "SCHOOL1*" -or name -like "SCHOOL2*"} -SearchBase "CN=Computers,$DomainName"
    
    ForEach ($Computer in $NewComputers){
            $Prefix = [string]$Computer.Name.Substring(0,3)
            write-host $Computer.Name, $Prefix
        
            Switch ($Prefix)
                {
                    SCHOOL1 {Move-ADObject $Computer -TargetPath "OU=SCHOOL1,$DomainName"}
                    SCHOOL2  {Move-ADObject $Computer -TargetPath "OU=SCHOOL2,$DomainName"}
                   
                }
    }



    • Edited by Tim.Harris Wednesday, March 6, 2013 6:19 PM
    Wednesday, March 6, 2013 5:01 PM
  • This can be done but my personal preference and what we have done in our oganization is script it out so that when you join a machine to the domain it joins to the correct OU.

    Here is how we join a machine to a domaojn and ahave it placed in teh correct container.

    add-computer -Domain mydom.com -credential $cred -OUPath 'ou=somou,dc=mydom,dc=com'

    Simple and all in one line.

    The same can be done with WMI and vbscript.


    ¯\_(ツ)_/¯

    Wednesday, March 6, 2013 5:22 PM
  • YOu can aslo tag an event on the Event Log that can trigger whaen a new computer shows up in the 'Computers' container.

    ¯\_(ツ)_/¯

    Wednesday, March 6, 2013 5:23 PM