Adaxes

Move computer object and set extended attribute

0 votes

Hello.

I'm fairy new with script on in Adaxes but like to make a business rule that moves computer to the correct OU and set an extended attribute with a numeric value.
I found that when we install a computer with Microsoft Configuration manager 2012R2 the computer account is created in AD and not Adaxes so we cannot use business rules.

Ok, I’ll make a script that I run on a schedule or interactively, maybe interactively within the instsallation process of Configruation Manager.

I make a script but it doesn’t work. I get an error that indicates that the script does not get the computer name from Adaxes.
The syntax of our computer names is. Site-Department-User-computer type. Ex. SV-IT-John-VM

import-module adaxes
$datornamn = $Context.TargetObject.Name #should return ‘SV-IT-John-VM’
$avdelning = [string]$datornamn.name.split('-')[1] #returns ’IT’
$datornamnAD = Get-AdmComputer $datornamn 
#array with OU and costID
$OuLista = @(('IT','OU=IT,OU=Stod-Support,OU=Personal,OU=Company,DC=Company,DC=se',14),
         @('dep1','OU=Fastighet,OU=Stod-Support,OU=Personal,OU=Company,DC=Company,DC=se',17),
….
        @('dep15','OU=Personal,OU=Company-Assistans,DC=Company,DC=se',99)
       )

$ou = $OuLista | where {$_[0] -match $avdelning} 
if ($ou)
    {
       Move-AdmObject $datornamnAD -TargetPath $ou[1]
       Set-AdmComputer $datornamnAD -add @{extensionattribute2=$ou[2]}
       $loggtext = $datornamn.name " should be in OU "$ou[1] " mwith cosst ID "$ou[2]
       $Context.LogMessage($loggtext, "Information") 
    }
else
    {
       $Context.LogMessage("Computer not placed in OU", "Information") 
    }

I don’t get any computer name in row 2. How do I get that.

Is there a smarter way to place computers in correct OU?

by (460 points)
0

Hello,

First of all, how do you launch your script? The thing is that the $Context built-in variable represents the execution context for any script run as a part of a Business Rule, Custom Command or Scheduled Task. If you run your script outside of Adaxes, for example, directly from the Windows PowerShell Console, any calls to the $Context variable will simply return a null value. Thus, if you are running your script from the Windows PowerShell Console, this line simply doesn't return anything:

$datornamn = $Context.TargetObject.Name #should return ‘SV-IT-John-VM’

I found that when we install a computer with Microsoft Configuration manager 2012R2 the computer account is created in AD and not Adaxes so we cannot use business rules.

Adaxes doesn't have its own database of AD objects or something like that. Everything is done by Adaxes directly in AD. However, a Business Rule can be launched only if an operation is made via Adaxes service. That is, in your case, a Business Rule will be triggered only for computer accounts that are created via Adaxes. So, you can't get the Business Rule to run because you create computers via the Configuration Manager.

You have 2 options how you can achieve your task.

  • As far as we know, the Configuration Manager can run PowerShell scripts. So, you can create a script that will move and update the computer object in AD using Adaxes cmdlets once you create a computer in the Configuration Manager.

  • As far as we know, the Configuration Manager supports management using PowerShell and even has its own PowerShell module. So, you can do as follows:

    • Create a PowerShell script that would perform all the actions required to set up a new computer using Configuration Manager cmdlets.
    • Create a Business Rule in Adaxes that would automatically run the script after creating a new computer account.

    In this case, you can create new computers via Adaxes, and the Business Rule will automatically run the configuration script to set up the new computer. Also, the Business Rule will perform all the other actions (move the computer account to the necessary OU, add the necessary properties etc).

by (216k points)
0

Hello and thank you for your quick answer.

I’ve tried to run the script two ways.
1. In the Powershell script editor of Adaxes pressing ‘F5’ and then selection a Computer to run the script against/on.
2. Right click a computer in the AD tree and expand ‘All task’ and then chose my script.
I get the same result – nothing.

by (460 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

OK. we've found a couple of errors in your script. Also, we've rewritten the script to use ADSI interfaces only, which will work faster. Here's a version of your script that will work:

$OuLista = @{
    "IT" = "OU=IT,OU=Stod-Support,OU=Personal,OU=Company,DC=Company,DC=se", "14";
    "dep1" = "OU=Fastighet,OU=Stod-Support,OU=Personal,OU=Company,DC=Company,DC=se", "17";
...
    "dep15" = "OU=Personal,OU=Company-Assistans,DC=Company,DC=se", "99";
}

$datornamn = $Context.TargetObject.Name # returns ‘SV-IT-John-VM’
$avdelning = $datornamn.split('-')[1] # returns ’IT’

$ou = ($OuLista[$avdelning])[0]
if (-not([System.String]::IsNullOrEmpty($ou)))
    {
       $extensionAttribValue = ($OuLista[$avdelning])[1]
       $Context.TargetObject.Put("extensionattribute2", $extensionAttribValue)
       $Context.TargetObject.SetInfoEx(@("extensionattribute2"))
       $ouObj = $Context.BindToObjectByDN("$ou")
       $ouObj.MoveHere($Context.TargetObject.AdsPath , $NULL)
       $Context.LogMessage($datornamn + " should be in OU " + $ou + " mwith cosst ID " + $extensionAttribValue, "Information")
    }
else
    {
       $Context.LogMessage("Computer not placed in OU", "Information")
    }

For more information, see:

0

Hello.
Thank you for your input. I had some problems with some of your code that did not work but I’m happy camper.
$Context.TargetObject.Name returns CN=AA-BB-CC so I had to remove the ‘CN=’ bit.
$ou = ($OuLista[$avdelning])[0] did not work at all, nether in PS 3-4 or in Adaxes. I changed that to $ou = $OuLista | where {$_[0] -match $avdelning}
Really quick and relevant support. Thank you!

by (460 points)
0

Hello,

Thank you for your good words, we really appreciate it!

by (216k points)

Related questions

0 votes
1 answer
Can we assign computer objects to users and create custom command to move them to proper OU's

I would like to know if it is possible to create a field in the web UI under user management to "assign" a machine to a user. I would like to be able to put the ... be moved to "workstation OU. Is there s custome field that can be used to accomplish this?

asked Oct 22, 2020 by copatterson (70 points)
0 votes
0 answers
Move User Logic and Object Viewing

I have a business rule that moves a users account to different OU's based on it's value e.g. when set as 'Normal' the account is moved to the 'Normal User' ... is any other way to construct the underlying business rule to take this issue into account? Regards

asked May 10, 2013 by firegoblin (1.6k points)
0 votes
1 answer
Adaxes cannot find object after Move operation

Hi again, My user object creation process use many business rules, one of these moving the object to the right container according to somme attributes. The problem is that sometimes, ... . I run the latest version of Adaxes (3.2.7831). Thanks for your help

asked Feb 10, 2012 by sroux (800 points)
0 votes
1 answer
Reset Computer object

Hello, How can I grant right for Service Desk to reste a Computer Object? Thanks.

asked Jun 27, 2016 by tentaal (1.1k points)
0 votes
1 answer
Create Computer object

I'm trying to get the function to let a normal user join a computer to the domain by using the Create Computer command in Adaxes. The task I want to fulful is to ... join operation was not successful.. .access is denied." Anyone that knows what I'm missing?

asked Feb 15, 2016 by niclas.eriksson (260 points)
3,538 questions
3,229 answers
8,224 comments
547,747 users