0 votes

hello!

We are trying to clean up our AD specifically the computer portion. We want to match up the computers w/ the user or rather have an organized idea of what machines belong to who and place it in a group for easy modification as the need arise.

Essentially, we'd like to see if a computer name contains a username, and if the department of that user = IT for instance, move the computer object into the comp_IT group.

sounds a bit confusing, but hopefully you understand, or perhaps there's a better way to execute this?

Any help would be appreciated. Thank you

by (1.7k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Essentially, we'd like to see if a computer name contains a username, and if the department of that user = IT for instance, move the computer object into the comp_IT group.

This can be easily achieved with the help of a PowerShell script. For example the following script can be used to locate a computer object whose name contains the username of the user on which the script is executed. If such a computer is found, the script adds it to the group that corresponds to the user's department.

Also, you can create a Scheduled Task that will run the script on a certain periodic basis to keep in sync with changes in your AD. For information on how to create a Scheduled Task, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... gement.htm. To add a script to a Scheduled Task, use the Run a program or PowerShell script action.


In the script, $departmentInfos specifies a hash table of all the departments and matching AD groups.

The script:

$departmentInfos = @{
    "Sales" = "Comp_Slaes"
    "IT" = "Comp_IT"
} # TODO: modify me. Example $departmentInfos = @{"<department name>" = "<group_name>"}

function GetObjectPath($filter, $domainName)
{
    $searcher = $Context.BindToObject("Adaxes://$domainName/rootDSE")
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500

    try
    {
        $searchResult = $searcher.ExecuteSearch()
        $objects = $searchResult.FetchAll()

        if ($objects.Count -eq 0)
        {
            return $NULL
        }

        return $objects[0].AdsPath
    }
    finally
    {
        $searchResult.Dispose()
    }
}

# Get the user's computer path
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$computerPath = GetObjectPath "(&(objectCategory=computer)(sAMAccountName=*%username%*))" $domainName
if ($computerPath -eq $NULL)
{
    $Context.LogMessage("A user's computer could not be found", "Warning")
    return
}

# Search group matching the department
$groupName = $departmentInfos["%department%"]
if ($groupName -eq $NULL)
{
    $Context.LogMessage("No group specifieded for department '%department%'", "Warning")
    return
}
$groupPath = GetObjectPath "(&(objectCategory=group)(sAMAccountName=$groupName))" $domainName
if ($groupPath -eq $NULL)
{
    $Context.LogMessage("Group '$groupName' does not exist", "Warning")
    return
}

# Add the computer to group
$group = $Context.BindToObject($groupPath)
$group.Add($computerPath)

Related questions

0 votes
1 answer

the script repo examples are almost entirely written in ADSI, however powershell is now far more widely used, is it possible to have all scripts written in both ADSI and powershell.

asked Jan 5 by i*windows (300 points)
0 votes
1 answer

Hi Are there any plans to allow the creation of approval requests via PowerShell? My client has a requirement to allow staff to request new Teams, but the Team needs to ... could be a balance of both automated approval emails and not as required. Thanks Matt

asked Oct 12, 2023 by chappers77 (2.0k points)
0 votes
1 answer

Dear support, The current limitation of powershell 2.0 in script is getting more and more a problem for us. I am for instance unable to use the ConverTo-Json cmdlet what ... in version 3.0 that is very very handy when working with web services. Regards,

asked Jan 22, 2016 by Pierre (750 points)
0 votes
0 answers

Hello, I'm writing another approval cleanup script but i cannot seem to find the attribute I am looking for. When u check the Adaxes Console u can see a request date ... ://&lt;GUID=$guid&gt;" $request = $admService.OpenObject($requestPath, $NULL, $NULL, 0) }

asked Jul 14, 2015 by kerremansserge (470 points)
0 votes
1 answer

I have a number of custom Powershell scripts that add users to Teams, groups, etc. I re-use these scripts dozens of times for different conditions and only change one ... possible to convert this script to a custom command and pass parameters to it instead?

asked Dec 16 by cwyant-hfg (40 points)
3,589 questions
3,278 answers
8,303 comments
548,122 users