Zoho Banner September 2011

Posts tagged ‘Windows Server 2008 R2’

I was recently involved in a task to consolidate an OU structure.  Part of this involved moving user objects from one OU to another and re-linking GPOs that were linked to the old OU to the new OU.  There were a large number of links and I didn’t fancy adding them manually, so I spent a little time writing a PoSH script to do it.   Enjoy!  As always, please post a comment if know of a better/different way to do the same thing.

######################################################### 
# 
# Name: CopyGPOLinks.ps1 
# Author: Tony Murray 
# Version: 1.0 
# Date: 26/10/2010 
# Comment: PowerShell 2.0 script to copy GPO links from 
# one OU to another 
# 
######################################################### 

# Import the Group Policy module 
Import-Module GroupPolicy 

### Set global variables 

# Source for GPO links 
$Source = "OU=Sales,DC=contoso,DC=com" 
# Target where we want to set the new links 
$Target = "OU=Logistics,DC=contoso,DC=com" 

### Finished setting global variables 

# Get the linked GPOs 
$linked = (Get-GPInheritance -Target $source).gpolinks 

# Loop through each GPO and link it to the target 
foreach ($link in $linked) 
{ 
    $guid = $link.GPOId 
    $order = $link.Order 
    $enabled = $link.Enabled 
    if ($enabled) 
    { 
        $enabled = "Yes" 
    } 
    else 
    { 
        $enabled = "No" 
    } 
    # Create the link on the target 
    New-GPLink -Guid $guid -Target $Target -LinkEnabled $enabled -confirm:$false 
    # Set the link order on the target 
    Set-GPLink -Guid $guid -Target $Target -Order $order -confirm:$false 
}

Tony

Sometimes it’s useful to pre-create computer objects in the correct OU before joining them to the domain.  This way, you know that they will immediately pick up whatever Group Policies have been assigned to the OU.  Of course, you can create the computer objects in AD manually using Active Directory Users and Computers (dsa.msc) or the new Active Directory Administrative Center (dsac).  However, if you’ve got more than a few computer objects to create it might be helpful to have a script.  Here’s a Powershell 1.0 sample:

########################################################## 
# Name: PreSeedComputerObjects.ps1 
# Author: Tony Murray 
# Version: 1.0 
# Date: 12/04/2010 
# Comment: PowerShell 1.0 script to 
# pre-create AD Computer objects from csv file 
# 
#########################################################     

# Set the target OU where the computer objects will be created 
$ComputerOU  = [ADSI]“LDAP://OU=Workstations,DC=contoso,DC=com“     

# Specify the folder and CSV file to use 
$folder = "C:\util\csv" 
Set-Location $folder     

$csv = Import-Csv “import.csv”     

# Parse the CSV file line by line 
foreach($line in $csv) { 
# Assign variables to each attribute 
$ComputerName = $line.ComputerName 
$samname = $ComputerName + "$" 
$Computer = $ComputerOU.create(“Computer”,”cn=$ComputerName”)     

# Populate the minimum set of attributes needed for computer objects 
$Computer.put(“sAMAccountName”,$samname) 
$Computer.put(“userAccountControl”,4128) 
# Commit the changes 
write-host "Adding $ComputerName to target OU" 
$Computer.setinfo() 
# Capture any errors (e.g. object already exists) and move on 
        trap 
            { 
            write-host "Error: $_" 
            continue 
            } 
} 
#End

The format of the CSV file is simply as follows:

ComputerName
<netbios_name_of_computer>

e.g.
ComputerName
wkstn001
wkstn002
wkstn003

The only other point of interest is that we need to define the sAMAccountName and the userAccountControl attributes in the script.  The sAMAccountName is simply the NetBIOS name of the machine with a “$” suffix.  It is also important to specify an appropriate value for userAccountControl – in this case a decimal value of 4128 which corresponds to 0×1020 (hex) or (PASSWD_NOTREQD | WORKSTATION_TRUST_ACCOUNT ).

As always, please let me know if you can think of ways to improve the script.  Yes, that includes you Brandon!

Note: When copying the script from the web site, replace the double-quotes before you try it. WordPress does some funky format changes!