creating cpu - is it possible to check and change the CN via Powershell script if the entered CN is already used in AD?

Question

For creating a computer object, we want to check if the entered CN is already used in our AD. And for that we want to use a powershell script.

An other dot is, if the entered CN is in used, so we want to add the next free number.

f.e. we entered the CN = NBTEST but the CN is in used, so the powershell script will check with adding number on CN which CN is availible.

checked: NBTEST1 NBTEST2 ...

after this check we know that the next possible CN is NBTEST3

But now we have the problem, that we dont know., how to use this "new" CN for adding the object to our AD.

the powershell script should be start before creating the computer object, right?

Thanks for your help.

Answer 1

Hello,

Yes, it is possible. Have a look at the following tutorial: https://www.adaxes.com/help/ValidateModifyUserInputWithScript.

Comments

Thank you for your reply, I will test it later.

---

ok, we have already found the document/entry too, but we are trying to change the computername during creation it (i.e. without the computer object existing in the AD) Therefore the entry is not quite correct, i think.

---

Hello,

Your assumption is not correct and the tutorial is exactly dedicated to your desired behavior. In particular, Example 3 – Rename the user if the Full Name is not unique within the OU is exactly something you need to use. The only thing is that your business rule will be triggering Before creating a computer.

---

we got this massage and creation failed.

this we tried: the variable $neuername is set in script before (here we had checked the name and added the next free number for being unique)

if ($Context.IsPropertyModified("computername") -and $Context.IsPropertyModified("samAccountName"))
{
    # Get the property value.
    $computername = $Context.GetModifiedPropertyValue("computername")
    $samAccountName = $Context.GetModifiedPropertyValue("samAccountName")

    # Modify the value.
    $computername = $neuername
    $samAccountName = $neuername+"$"

    # Update the value.
    $Context.SetModifiedPropertyValue("computername", $computername)
    $Context.SetModifiedPropertyValue("samAccountName", $samAccountName)
}
$Context.LogMessage("Der neue Computername ist: " + $neuername + " da, " + $name + " bereits verwendet wird.", "Information")

---

ok i will check again and let you know

---

sorry i was wrong. I dont see the Example 3, but now i can check the right on.

---

Hello,

I dont see the Example 3, but now i can check the right on.

What exactly do you mean?

---

ok I have understood the example and in my opinion correctly transferred it into my script, but I get an error when transferring the new name.

the variable $neuername is the new computername.

---

Hello,

Where exactly are you executing the script? Is it a business rule triggering Before creating a computer?

Please, provide the full script you are using in TXT format. You can post it here or send to us at support@adaxes.com.

---

yes it s a business rules triggering before creating a computer.

Full script:

Import-Module Adaxes
$computers = (Get-ADComputer -Filter *).Name
$name = $Context.TargetObject.Name.Substring(3)
$objekte=@()
$neuername = ''

if($name -notin $computers){
$neuername = $name
}

else{

    foreach($c in $computers){
        if($c -like "*$name*"){
            $objekte += $c 
        }
    }

    $anzahl = ($objekte | Measure-Object).Count

    for($i = 2;$i -lt 100; $i++){

        $check = $name+$i
        if($check  -notin $objekte){
        $neuername = $check
        break
        }
    }
}

#$neuername = "CN="+$neuername

#first option
$Context.SetModifiedPropertyValue("name", $neuername)

#new option
$Context.TargetObject.Put("name", $neuername)
$Context.TargetObject.Put("samAccountName", $neuername+"$")
$Context.TargetObject.SetInfo()

#both doesnt work

$Context.LogMessage("Der neue Computername ist: " + $neuername + " da, " + $name + " bereits verwendet wird.", "Information")

---

Hello,

Your script is incorrect n many places, but the main part is about generating a new value for the name property. You are trying to pass and RDN to it (e.g. CN=MyComputer) which is not allowed by AD. Below is the script that will do the trick.

function IsComputerNameUnique($computerName)
{
    # Search parameters
    $searcher = $Context.TargetObject
    $searcher.Criteria = New-AdmCriteria "computer" -Expression {cn -eq $computerName}
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SizeLimit = 1
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.VirtualRoot = $True

    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return $searchResults.Length -eq 0
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

$computerName = "%cn%"

# Check whether an object with the same name already exists.
if (IsComputerNameUnique $computerName)
{
    $Context.LogMessage("Unique initial name $computerName", "Information")
    return
}

for ($i = 1;; $i++)
{
    # Build a new name.
    $computerName = $computerName + $i

    if (IsComputerNameUnique $objectName)
    {
        # Rename the computer.
        $Context.SetModifiedPropertyValue("cn", $computerName)
        $Context.LogMessage("Full Name has been changed to $computerName.", "Information")
        break
    }
}

---

now we got this error message, again:

---

Hello,

Please, provide us with a screenshot of the business rule where the script is executed.

---

---

Hello,

Thank you for the provided screenshot. To test the script, it is required to actually create a computer. It is not possible to test such scripts by executing them in the editor or when viewing the action. The behavior is by design and cannot be changed.

---

ok I understood, but when I try to create the CPU in adaxes webapp, I get the message that the entered CPU name is in use.

And that's exactly why we want to automatically adjust the name and create the computer object with the new name.

---

Hello,

Unfortunately, the screenshot is pretty unreadable and we cannot see the actual error. However, it might be something to do with AD checks. The script currently only validates the Computer Name (schema name cn) property. If there is no script validating the sAMAccountName property, the corresponding check must be added to this script. You can find the updated script below.

function IsComputerNameUnique($computerName)
{
    # Search parameters
    $searcher = $Context.TargetObject
    $searcher.Criteria = New-AdmCriteria "computer" -Expression {cn -eq $computerName -or sAMAccountName -eq "$computerName`$"}
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SizeLimit = 1
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.VirtualRoot = $True

    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return $searchResults.Length -eq 0
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

$computerName = "%cn%"

# Check whether the same object already exists.
if (IsComputerNameUnique $computerName)
{
    return
}

for ($i = 1;; $i++)
{
    # Build a new name
    $uniqueComputerName = $computerName + $i

    if (IsComputerNameUnique $uniqueComputerName)
    {
        # Rename the computer
        $Context.SetModifiedPropertyValue("cn", $uniqueComputerName)
        $Context.SetModifiedPropertyValue("sAMAccountName", "$uniqueComputerName`$")
        $Context.LogMessage("Full Name has been changed to $uniqueComputerName.", "Information")
        return
    }
}

---

thank you very much, it works. have a nice day