<

[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x

Automated object placement using AutoAD

Published on
3,377 Points
177 Views
2 Endorsements
Last Modified:
Shaun Vermaak
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units?

This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.

Implementation


1) Computer Description Update Process


a) Delegation

To be able to update computer descriptions you need to delegate rights.


Add the following permissions to Active Directory either to the root of the domain or any other Organizational Unit. You would add it to an Organizational Unit if you only want to use this process for some computers



b) Powershell Script

Below is the Powershell script used to update the computer description.


It is important to note that you should not change the format of the message if you are planning to use my automated object placement process.


This script will be used within a group policy in step c


try
    {
        # Get current user name
        $strUserName = $env:username;

        # Get current computer name
        $strComputerName = $env:computername;

        $objADSystemInfo = New-Object -ComObject ADSystemInfo;
        $objType = $objADSystemInfo.GetType();

        # Get current site name
        $strSiteName = $objType.InvokeMember('SiteName', 'GetProperty', $null, $objADSystemInfo, $null);

        # Get current date and time
        $strLogonDate = Get-Date -Format "dd-MM-yyyy HH:mm:ss";

        # Build message
        $strMessage = "$($strUserName) logged in on $($strLogonDate) at $($strSiteName) site";

        # Get computer object from Active Directory
        $strFilter = "(&(objectCategory=Computer)(name=$strComputerName))"
        $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
        $objSearcher.Filter = $strFilter
        $objPath = $objSearcher.FindOne()
        $objComputer = $objPath.GetDirectoryEntry()

        # Update computer object description with message in Active Directory
        $objComputer.InvokeSet("Description", $strMessage)
        $objComputer.CommitChanges()
    }
catch
    {
        throw
    }


c) Group Policy Object

Create a GPO and link it to the root of a domain or Organizational Unit used in step a


Add the PowerShell script from step b as a User Logon script 



d) Result

After these steps, notice how the computer descriptions are automatically populated once the users log on to their computers




2) AutoAD


a) Download and extract AutoAD.zip (here is VirusTotal scan) to a folder of your choice on the computer which it will be scheduled to run on.


b) Run Configurator.exe (Configurator Editor).


c) On the Encrypt tab, enter the password for the account that will be performing the automated placement task. Encrypt it with key 2xCJvezFBYWQPBeHy7USdajK55M8skww and record encrypted password



d) On the Settings tab, enter the domain information, connection user name and the encrypted password recorded in step 2c.


Specify which objects AutoAD should create automatically



e) Specify Active Directory information. The format for these are Subnet/Bit Mask|AD Site Name|Computer DN|User DN


Subnet/Bit Mask: The subnet and mask (in bit format) for the specific entry

AD Site: The Active Directory site to which the subnet belongs

Computer DN: The distinguished name of the organizational unit where to move computers to for computer objects in this subnet

User DN: The distinguished name of the organizational unit where to move users to for user objects in this subnet


Please Note: Ensure that you do not allow users/admins to gain any additional permissions by moving users from one container to another. The reason for this is that a user move might be forced to an incorrect OU if descriptions are tampered with. 



f) Specify any user DNs that should be skipped



g) Specify any computer DNs that should be skipped



Demo Execution


After implementing ComputerDescriptionUpdate.ps1 notice how computer descriptions are automatically updated


AutoAD.exe output


Sites and subnets automatically created by AutoAD


Organizational Units automatically created by AutoAD


Object placement (example 1)


Object placement (example 2)


Object placement (example 3)


Object placement (example 4)


Conclusion


Using this process will keep Active Directory organized and objects in the correct Organizational Units


Please do not forget to press the "Thumb's Up" button if this article was helpful and valuable for EE members.


It also provides me with positive feedback. Thank you!

2
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Join & Write a Comment

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month