Announcement

Collapse
No announcement yet.

Forcing PC into OU

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Forcing PC into OU

    Hi all Experts,

    I have 50 PC to join to my domain.
    All this PC's needs to go into a certain OU.
    Iwas wondering is there a way to automate the process by
    forcing all these PCs to that certain OU, once i join them to my domain?

    Thanks,
    SL

  • #2
    Re: Forcing PC into OU

    Create the computer account in the OU you require the PC to be in.

    If you have a pc called client01 then create a computer account called computer01 in the required OU

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Forcing PC into OU

      Thanks m80arm,
      i thought about this solution..
      Still that means creating 50 accounts manually..
      I was thinking maybe i could use something else that would automate the
      Process with out the need of manual account creation..
      Any ideas?

      SL.

      Comment


      • #4
        Re: Forcing PC into OU

        We have a script that automaticall adds the comp to the domain in a specified OU. This happens after a sysprep installation though.

        I'll dig it out it may be of some use to you.

        Comment


        • #5
          Re: Forcing PC into OU

          Thanks wulieb1,
          i will need to change the PCs name anyway..so maybe it would be
          wiser to just sysprep them, duplicate few cd's and let it rip...
          if you could find that script for me it would be great!

          Thanks,
          SL

          Comment


          • #6
            Re: Forcing PC into OU

            Code:
            Option Explicit
            
            Dim strComputer, strComputerUser
            Dim objRootDSE, objContainer, objComputer
            Dim objSecurityDescriptor, objDACL
            Dim objACE1, objACE2, objACE3, objACE4, objACE5
            Dim objACE6, objACE7, objACE8, objACE9
            
            strComputer = "atl-pro-002"
            strComputerUser = "fabrikamlewjudy"
            
            ' ADS_USER_FLAG_ENUM
            Const ADS_UF_PASSWD_NOTREQD = &h0020
            Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
            
            ' ADS_ACETYPE_ENUM
            Const ADS_ACETYPE_ACCESS_ALLOWED = &h0
            Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &h5
            
            ' ADS_FLAGTYPE_ENUM
            Const ADS_FLAG_OBJECT_TYPE_PRESENT = &h1
            
            ' ADS_RIGHTS_ENUM
            Const ADS_RIGHT_GENERIC_READ = &h80000000
            Const ADS_RIGHT_DS_SELF = &h8
            Const ADS_RIGHT_DS_WRITE_PROP = &h20
            Const ADS_RIGHT_DS_CONTROL_ACCESS = &h100
            
            'controlAccessRight rightsGuid values
            Const ALLOWED_TO_AUTHENTICATE = "{68B1D179-0D15-4d4f-AB71-46152E79A7BC}"
            Const RECEIVE_AS = "{AB721A56-1E2f-11D0-9819-00AA0040529B}"
            Const SEND_AS = "{AB721A54-1E2f-11D0-9819-00AA0040529B}"
            Const USER_CHANGE_PASSWORD = "{AB721A53-1E2f-11D0-9819-00AA0040529b}"
            Const USER_FORCE_CHANGE_PASSWORD = "{00299570-246D-11D0-A768-00AA006E0529}"
            Const USER_ACCOUNT_RESTRICTIONS = "{4C164200-20C0-11D0-A768-00AA006E0529}"
            Const VALIDATED_DNS_HOST_NAME = "{72E39547-7B18-11D1-ADEF-00C04FD8D5CD}"
            Const VALIDATED_SPN = "{F3A64788-5306-11D1-A9C5-0000F80367C1}"
            
            Set objRootDSE = GetObject("LDAP://rootDSE")
            Set objContainer = GetObject("LDAP://cn=Computers," & _
            objRootDSE.Get("defaultNamingContext"))
            
            Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
            objComputer.Put "sAMAccountName", strComputer & "$"
            objComputer.Put "userAccountControl", _
            ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
            objComputer.SetInfo
            
            Set objSecurityDescriptor = objComputer.Get("ntSecurityDescriptor")
            Set objDACL = objSecurityDescriptor.DiscretionaryAcl
            
            Set objACE1 = CreateObject("AccessControlEntry")
            objACE1.Trustee = strComputerUser
            objACE1.AccessMask = ADS_RIGHT_GENERIC_READ
            objACE1.AceFlags = 0
            objACE1.AceType = ADS_ACETYPE_ACCESS_ALLOWED
            
            ' objACE2 through objACE6: Extended Rights
            Set objACE2 = CreateObject("AccessControlEntry")
            objACE2.Trustee = strComputerUser
            objACE2.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
            objACE2.AceFlags = 0
            objACE2.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE2.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE2.ObjectType = ALLOWED_TO_AUTHENTICATE
            
            Set objACE3 = CreateObject("AccessControlEntry")
            objACE3.Trustee = strComputerUser
            objACE3.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
            objACE3.AceFlags = 0
            objACE3.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE3.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE3.ObjectType = RECEIVE_AS
            
            Set objACE4 = CreateObject("AccessControlEntry")
            objACE4.Trustee = strComputerUser
            objACE4.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
            objACE4.AceFlags = 0
            objACE4.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE4.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE4.ObjectType = SEND_AS
            
            Set objACE5 = CreateObject("AccessControlEntry")
            objACE5.Trustee = strComputerUser
            objACE5.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
            objACE5.AceFlags = 0
            objACE5.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE5.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE5.ObjectType = USER_CHANGE_PASSWORD
            
            Set objACE6 = CreateObject("AccessControlEntry")
            objACE6.Trustee = strComputerUser
            objACE6.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
            objACE6.AceFlags = 0
            objACE6.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE6.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE6.ObjectType = USER_FORCE_CHANGE_PASSWORD
            
            ' objACE7: Property Sets
            Set objACE7 = CreateObject("AccessControlEntry")
            objACE7.Trustee = strComputerUser
            objACE7.AccessMask = ADS_RIGHT_DS_WRITE_PROP
            objACE7.AceFlags = 0
            objACE7.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE7.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE7.ObjectType = USER_ACCOUNT_RESTRICTIONS
            
            ' objACE8 and objACE9: Validated Rights
            Set objACE8 = CreateObject("AccessControlEntry")
            objACE8.Trustee = strComputerUser
            objACE8.AccessMask = ADS_RIGHT_DS_SELF
            objACE8.AceFlags = 0
            objACE8.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE8.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE8.ObjectType = VALIDATED_DNS_HOST_NAME
            
            Set objACE9 = CreateObject("AccessControlEntry")
            objACE9.Trustee = strComputerUser
            objACE9.AccessMask = ADS_RIGHT_DS_SELF
            objACE9.AceFlags = 0
            objACE9.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
            objACE9.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
            objACE9.ObjectType = VALIDATED_SPN
            
            objDACL.AddAce objACE1
            objDACL.AddAce objACE2
            objDACL.AddAce objACE3
            objDACL.AddAce objACE4
            objDACL.AddAce objACE5
            objDACL.AddAce objACE6
            objDACL.AddAce objACE7
            objDACL.AddAce objACE8
            objDACL.AddAce objACE9
            
            objSecurityDescriptor.DiscretionaryAcl = objDACL
            objComputer.Put "ntSecurityDescriptor", objSecurityDescriptor
            objComputer.SetInfo
            This was taken straight from www.scriptinganswers.com

            I'm still looking for the file.

            Comment


            • #7
              Re: Forcing PC into OU

              Code:
              Const sstrUsername="Your Domain\Your Domain Username"
              Const sstrPasswd="Your Domain Password"
              Const sstrLocalUsername="Your Local Username"
              Const sstrLocalPasswd="Your Local Passowrd"
              Const sstrDomainname="Your Domain"
              Const sstrOU="Your OU"
              
              
              	Set objWMIService1 = GetObject("Winmgmts:root\cimv2")
              	
              	For Each objComputer in objWMIService1.InstancesOf("Win32_ComputerSystem")
              		Return = objComputer.JoinDomainOrWorkGroup(sstrDomainName, sstrPasswd, sstrUsername, sstrOU, 3)
                      If Err.Number <> 0 Then
                         WScript.Echo "Join Domain failed. Error = " & Return & "  " & Err.Number
                      Else
                         WScript.Echo "Join Domain succeeded." & " Reboot to go into effect"
                      End If
              	Next
              	
              End Sub
              Try this and see if it works.

              It is spread over quite a large script so i've tried to seperate it.

              Comment


              • #8
                Re: Forcing PC into OU

                In W2K3 AD you can use "redircmp" utility:
                http://support.microsoft.com/default...b;en-us;324949
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment

                Working...
                X