Select Computer from Computer Container and do grouping in AD.....

Discussion in 'Scripting' started by Terence, Mar 10, 2005.

  1. Terence

    Terence Guest

    I am new in scripting and I really need help from some one who can provide me
    with the solution of the below scenario.

    Our organization currently have more than 2500 users that distributed in 42
    different OUs. My task is to write a script to select their computer(s) from
    the computer container and add-in to the user group according to their
    department, respectively. Note that a single user might have more than 1
    computer with different computer name assinged to them.

    A user with user ID: ABC, currently hold 2 computers with different PC name
    assinged to him, said ABC-1 and ABC-2 in Computer Container. This user is
    belong to Marketting OU. The script is to be able to determine the users are
    from which OU and automatically adding their PCs to the particular group,
    respectively. In this case, the script will find that user ABC is from
    Marketting Ou, and the script will adding the user's PCs (both ABC-1 and
    ABC-2) to the Marketting group.

    Since our organization have 42 OUs, therefore I have a difficulty to write a
    script to select users' PCs from Computer Container and do a self check and
    finally adding these PCs to their respective group.

    I really appreciate anyone who can help.........

    Thank you very much...

    Terence, Mar 10, 2005
    1. Advertisements

  2. You mention adding computers to a group, but I suspect that you are not
    referring to security groups but to the OU's that the users are in - is that

    Seems an interesting problem, but I am not clear on a few details. Supposing
    my user ID was "BigAl". Would all of the computers that I "hold" have names
    starting with "BigAl-", for example, "BigAl-1" and "BigAl-2"? What if the
    next person named "Al" was assigned a user name of "BigAl-Smith". Would his
    computers start with "BigAl-Smith-"? And, if so, how would it be determined
    which of us owned a computer that happened to be named "BigAl-Smith-1"? Note
    that that name starts with my "BigAl-" prefix and with the other Al's
    "BigAl-Smith-" prefix.

    This method of assigning computers to those who "hold" them, might work,
    depending on the parts of your naming convention that you have not
    described. But another way would be to fill in the "ManagedBy" field of each
    computer with the name of the person that "holds" that computer. This would
    be a completely unambiguous method to arbitrate computer ownership such that
    it did not depend on the computer name.

    Regardless, the way I would approach this would not be to enumerate the
    users in the 42 OU's but the computers in the single computer OU. Untested
    air pseudo code would be:

    for each computer in the computers ou
    deduce the sAMAccountName of the user
    use nametranslate to convert sAMAccountName to DN
    bind to the user DN
    use the .parent attribute to determine the OU in which the user
    acount is located
    move the computer there

    Not sure what you mean by doing a "self check", but the above approach
    includes no guarantee that every user will wind up with one of the

    I appreciate that this is a rather sketchy response, but so was the question
    to some degree. If you provide a bit more detail, perhaps more of a solution
    will present itself.

    Al Dunbar [MS-MVP], Mar 10, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.