Announcement

Collapse
No announcement yet.

DSQUERY an OU for Computers and then list what GPO "group" of the computers/servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DSQUERY an OU for Computers and then list what GPO "group" of the computers/servers

    I have a DSQUERY bat file that I use regularly to output several servers in multiple domains in which I want to list the Computers to a csv file.

    my current bat file looks something like this:
    DSQUERY COMPUTER "OU=Win2k3,OU=A,OU=Servers,OU=Location A,DC=B,DC=my,DC=domainname,DC=net" -o rdn -limit 1000 >>Win2k3OU.csv

    DSQUERY COMPUTER "OU=Win2k3,OU=Servers,OU=Location Bl,DC=C,DC=my,DC=domainname,DC=net" -o rdn -limit 1000 >>Win2k3OU.csv


    My question is how can I add to this to also output within a file to show what GPO/GROUP that each of the servers that the above dsquery prints out?

    thanks!

  • #2
    Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

    Hi,

    So you mean you want to find out what GPO is being applied to each computer and what is it's group membership.
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

      Correct I want my current Script above to output the selected OU's computers but add the option of showing what GPO is being applied to those computers in my .csv as well as there group membership. Any ideas?

      thanks!

      Comment


      • #4
        Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

        Investigate GPRESULT -- you will need to pipe your list of computers to that and then parse the output into your CSV format. Powershell probably can do it.

        I'm moving this to scripting where an expert (Rems ) will be able to give you much more help
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

          Awesome thanks! i'll look in to GPRESULT in the time being.

          Comment


          • #6
            Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

            Hi,

            Can you use QuestPowerShell command lets. I can then write a small code for you. With powershell it's also possible.
            Since you are on W2K3 you need to install .net framework 3.5 sp1 , powershell v2.0 and quest adcommandlets
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

              I'm def interested in seeing how I could do it with powershell that would be interesting!

              Comment


              • #8
                Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

                Hi,

                Here is two parts of the script. You need to save the file as .ps1 and then lauch powershell and run it as .\file.ps1

                You need to modify dn to suit your needs
                LDAP://cn=Computers,DC=bsc,DC=net

                $strFilter ="(objectCategory=Computer)"
                $objOU = New-Object System.DirectoryServices.DirectoryEntry("LDAP://cn=Computers,DC=bsc,DC=net")
                $objSearcher = New-object System.DirectoryServices.DirectorySearcher
                $objSearcher.SearchRoot = $objOU
                $objSearcher.PageSize = 1000
                $objSearcher.Filter = $strFilter
                $objSearcher.SearchScope = "Subtree"
                $objSearcher.PropertiesToLoad.AddRange(@("name"))
                $colResults=$objSearcher.FindAll()
                $colResults | FT @{label="Computers";Expression={$_.Properties.name }}

                you can use
                $colResults | FT @{label="Computers";Expression={$_.Properties.name }} | Out-File -FilePath C:\comp.txt

                Now you need to copy the contents and save it in new notepad once again remove computers and a line below it.

                now you can run this on prompt directly

                foreach($computer in $comp){gpresult /s $computer /scope computer > $computer".txt"}

                There a few catches in this. You need to make sure that the account you are using to run the above code must be logged on at least once on all the machines i.e. profile must be preset other wise gpresult will fail saying no rsop data found

                This will create gpresult out of each computer. This data can be saved in csv but that that would require a lot of parsing and searching manipulation on the raw data because the way its submitted.
                Thanks & Regards
                v-2nas

                MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                Sr. Wintel Eng. (Investment Bank)
                Independent IT Consultant and Architect
                Blog: http://www.exchadtech.blogspot.com

                Show your appreciation for my help by giving reputation points

                Comment


                • #9
                  Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

                  Thanks so much for helping me out with this. I am however a little confused on what I do after I run the powershell script. I chose to use the:

                  Code:
                  $colResults | FT @{label="Computers";Expression={$_.Properties.name }} | Out-File -FilePath C:\comp.txt
                  portion in the script.

                  what did you mean by
                  Now you need to copy the contents and save it in new notepad once again remove computers and a line below it.
                  ?

                  How do I pipe the results from C:\comp.txt above to the prompt where I run:
                  Code:
                  foreach($computer in $comp){gpresult /s $computer /scope computer > $computer".txt"}
                  thanks again for all the help! Greatly appreciate it.

                  Comment


                  • #10
                    Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

                    Thanks so much for helping me out with this. I am however a little confused on what I do after I run the powershell script. I chose to use the:

                    Code:
                    $colResults | FT @{label="Computers";Expression={$_.Properties.name }} | Out-File -FilePath C:\comp.txt
                    portion in the script.

                    what did you mean by ?
                    Save the file as .ps1 and run from powershell prompt as follow
                    c:\>.\computer.ps1

                    This is generate the list of computers and save it in comp.txt

                    The file which is saved contains carriage returns so in order to remove them we are manually copying the contents from and then pasting it. It will contain info like
                    Computers
                    -----------
                    Comp1
                    Comp2

                    so the new file will look like
                    Comp1
                    Comp2


                    How do I pipe the results from C:\comp.txt above to the prompt where I run:

                    Sorry i didn;t mention in the post
                    you can use $comp = get-content c:\Newcomp.txt


                    Code:
                    foreach($computer in $comp){gpresult /s $computer /scope computer > $computer".txt"}
                    thanks again for all the help! Greatly appreciate it.
                    Thanks & Regards
                    v-2nas

                    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                    Sr. Wintel Eng. (Investment Bank)
                    Independent IT Consultant and Architect
                    Blog: http://www.exchadtech.blogspot.com

                    Show your appreciation for my help by giving reputation points

                    Comment


                    • #11
                      Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

                      Oh OK that makes sense. When I run the script:

                      Code:
                      foreach($computer in $comp = get-content c:\Newcomp.txt){gpresult /s $computer /scope computer > $computer".txt"}
                      I get "ERROR: The RPC server is unavailable.

                      In order for this script to work I literally have to have logged on to each one of these servers at least once? That probably won't work for my scenario there are going to be roughly 1000 or more - the need of the script was to find a quicker way of grabbing this info without having to touch each machine manually.

                      Any ideas?

                      thanks!

                      Comment


                      • #12
                        Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

                        Hi,

                        Actually i was also checking. The way gpresult works is that it can run query remote computer for ROSP data however it needs to be using user profile otherwise it will not be able to get the data.

                        I will try to find another way
                        Thanks & Regards
                        v-2nas

                        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                        Sr. Wintel Eng. (Investment Bank)
                        Independent IT Consultant and Architect
                        Blog: http://www.exchadtech.blogspot.com

                        Show your appreciation for my help by giving reputation points

                        Comment


                        • #13
                          Re: DSQUERY an OU for Computers and then list what GPO "group" of the computers/serve

                          Originally posted by StephenDoesIT View Post
                          I get "ERROR: The RPC server is unavailable.

                          In order for this script to work I literally have to have logged on to each one of these servers at least once? That probably won't work for my scenario there are going to be roughly 1000 or more - the need of the script was to find a quicker way of grabbing this info without having to touch each machine manually.

                          Any ideas?

                          thanks!
                          Try this batch
                          Code:
                          @echo off
                          
                          >"Win2k3OU_.log" 2>&1 call:main & goto:EOF
                          
                          :main batch
                          
                          set "strOU=OU=Win2k3,OU=A,OU=Servers,OU=Location A,DC=B,DC=my,DC=domainname,DC=net"
                          For /f "delims=" %%* in (
                             'DSQUERY COMPUTER "%strOU%" -o samid -limit 0'
                             ) do call:machine %%~* 
                          
                          set "strOU=OU=Win2k3,OU=Servers,OU=Location Bl,DC=C,DC=my,DC=domainname,DC=net"
                          For /f "delims=" %%* in (
                             'DSQUERY COMPUTER "%strOU%" -o samid -limit 0'
                             ) do call:machine %%~* 
                          
                          
                          goto:EOF  - - - Sub routines - - -
                          :machine
                          setlocal & Set CompNB=%*
                          Set CompNB=%CompNB:$=%
                          echo.
                          echo.-----------------------------------------------------------------------
                          echo.COMPUTER NAME: [%CompNB%]
                          echo.-----------------------------------------------------------------------
                          GPRESULT.exe /s %CompNB% /scope COMPUTER /R ||ping.exe %CompNB%
                          echo.
                          endlocal
                          exit /b 0
                          On Error the remote machine is Ping'd, you see the results in the log.


                          "The RPC server is unavailable" Errors can occur when the machine can not be found by the provided name or, when the machine does not respond because a firewall is blocking the conversation.

                          Yes, the user must have a profile on the targed computer for GPResult to run.
                          You can specify a domain\username using the /USER switch of a user you know who had logged-on once to the computer.


                          \Rems
                          Last edited by Rems; 9th December 2010, 23:20.

                          This posting is provided "AS IS" with no warranties, and confers no rights.

                          __________________

                          ** Remember to give credit where credit's due **
                          and leave Reputation Points for meaningful posts

                          Comment

                          Working...
                          X