Solved

Cleanup AD using vbs

Posted on 2009-07-01
15
743 Views
Last Modified: 2012-05-07
Hi,
I'm working to do an automated process that will move computers from a specific OU to another based on a set of rules.
The rules state that if a Computer is named XXX and the type of the OS is Windows XP then Move to ZZZ OU.
Thus creating a predetermined set of rules and run a schedule task.
Can it be done?
0
Comment
Question by:johnnyjonathan
  • 7
  • 6
15 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24761713
The below vbs checks for the existence of a string in the computer name, then checks for the existence of a string in the Operating System. If both are found, then the computer is moved to the new OU.
Just change strOS, strSearch, and objOU to suit your needs (lines 9, 10 and 11)
You can schedule this vbs to run as a scheduled task if you wish. It currently has no feedback so runs silently.
Hope this helps...

Set oRootDSE = GetObject("LDAP://RootDSE")

Set objConn = CreateObject("ADODB.Connection")

Set objComm =   CreateObject("ADODB.Command")

objConn.Provider = "ADsDSOObject"

objConn.Open "Active Directory Provider"

Set objComm.ActiveConnection = objConn

objComm.Properties("Page Size") = 1000
 

strSearch = "XXXX" ' The string to search for in the computer name

strOS = "XP" ' The string to search for in Operating System

Set objOU = GetObject("LDAP://OU=someOU,DC=domain,DC=local") ' The OU to move the objects to
 

strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"

strFilter = "(&(objectclass=computer)(cn=*" & strSearch & "*)(operatingSystem=*" & strOS & "*));" 

strAttrs  = "distinguishedName;"

strScope  = "subtree"
 

objComm.CommandText = strBase & strFilter & strAttrs & strScope

Set objRS = objComm.Execute
 

If objRS.RecordCount > 0 Then

	objRS.MoveFirst

	Do Until objRS.EOF

		Set objComp = GetObject("LDAP://" & Replace(objRS.Fields(0).Value,"/","\/"))

		objOU.MoveHere objComp.distinguishedName, objComp.name

		objRS.MoveNext

	Loop

End If
 

Set oRootDSE = Nothing

Set objConn = Nothing

Set objComm = Nothing

Set objOU = Nothing

Set objRS = Nothing

Set objComp = Nothing

Open in new window

0
 

Author Comment

by:johnnyjonathan
ID: 24809685
hi bluntTony, is there anyway i can also exclude specific computers from this filter with that script? it seemed to remove default machines in the ou that wern't suppose to be moved
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24812018
You can add these machine names to a text file. Any machines listed in this file will be excluded from processing in the following script.

You now also have strFile to designate the path to the text file.
Set oRootDSE = GetObject("LDAP://RootDSE")

Set objConn = CreateObject("ADODB.Connection")

Set objComm =   CreateObject("ADODB.Command")

Set objFso = CreateObject("Scripting.FileSystemObject")

Set objDict = CreateObject("Scripting.Dictionary")
 

Const ForReading = 1
 

objConn.Provider = "ADsDSOObject"

objConn.Open "Active Directory Provider"

Set objComm.ActiveConnection = objConn

objComm.Properties("Page Size") = 1000

 

strSearch = "XXXX" ' The string to search for in the computer name

strOS = "XP" ' The string to search for in Operating System

strFile = "c:\test.txt"

Set objOU = GetObject("LDAP://OU=someOU,DC=domain,DC=local") ' The OU to move the objects to

 

Set objTxt = objFso.OpenTextFile(strFile,ForReading)
 

While Not objTxt.AtEndOfStream

	strLine = UCase(objTxt.ReadLine)

	objDict.Add strLine, strLine

Wend
 

strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"

strFilter = "(&(objectclass=computer)(cn=*" & strSearch & "*)(operatingSystem=*" & strOS & "*));" 

strAttrs  = "distinguishedName;"

strScope  = "subtree"

 

objComm.CommandText = strBase & strFilter & strAttrs & strScope

Set objRS = objComm.Execute

 

If objRS.RecordCount > 0 Then

        objRS.MoveFirst

        Do Until objRS.EOF

                Set objComp = GetObject("LDAP://" & Replace(objRS.Fields(0).Value,"/","\/"))

                If Not objDict.Exists(UCase(objComp.cn)) Then

                	objOU.MoveHere objComp.distinguishedName, objComp.name

	                objRS.MoveNext	

                End If

        Loop

End If

 

Set oRootDSE = Nothing

Set objConn = Nothing

Set objComm = Nothing

Set objOU = Nothing

Set objRS = Nothing

Set objComp = Nothing

Set objFso = Nothing

Set objTxt = Nothing

Open in new window

0
 

Author Comment

by:johnnyjonathan
ID: 24854715
thank you Tony, i see the OU to move the objects to but where is the original OU where it takes the computer names from?

is it LDAP://" & oRootDSE?
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24857165
Yes, at the moment, the base of the search is the top of the domain and the scope is 'subtree' which basically means look everywhere in your current domain.

If you want to narrow the search, change line 26 to to DN of the OU you want to look in e.g:

strBase   =  ";"

If you want to search all OUs beneath this one, leave line 29 as it is. If you want to search in just that OU, change line 29 to:

strScope  = "onelevel"

Hope this helps!

0
 

Author Comment

by:johnnyjonathan
ID: 24859271
hi,
i get:

(39, 25) Active Directory: An invalid directory pathname was passed
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 400 total points
ID: 24859387
hmmm. Looks like a small error in my code. Try this:
Set oRootDSE = GetObject("LDAP://RootDSE")

Set objConn = CreateObject("ADODB.Connection")

Set objComm =   CreateObject("ADODB.Command")

Set objFso = CreateObject("Scripting.FileSystemObject")

Set objDict = CreateObject("Scripting.Dictionary")

 

Const ForReading = 1

 

objConn.Provider = "ADsDSOObject"

objConn.Open "Active Directory Provider"

Set objComm.ActiveConnection = objConn

objComm.Properties("Page Size") = 1000

 

strSearch = "XXXX" ' The string to search for in the computer name

strOS = "XP" ' The string to search for in Operating System

strFile = "c:\test.txt"

Set objOU = GetObject("LDAP://OU=someOU,DC=domain,DC=local") ' The OU to move the objects to

 

Set objTxt = objFso.OpenTextFile(strFile,ForReading)

 

While Not objTxt.AtEndOfStream

        strLine = UCase(objTxt.ReadLine)

        objDict.Add strLine, strLine

Wend

 

strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"

strFilter = "(&(objectclass=computer)(cn=*" & strSearch & "*)(operatingSystem=*" & strOS & "*));" 

strAttrs  = "distinguishedName;"

strScope  = "subtree"

 

objComm.CommandText = strBase & strFilter & strAttrs & strScope

Set objRS = objComm.Execute

 

If objRS.RecordCount > 0 Then

        objRS.MoveFirst

        Do Until objRS.EOF

                Set objComp = GetObject("LDAP://" & Replace(objRS.Fields(0).Value,"/","\/"))

                If Not objDict.Exists(UCase(objComp.cn)) Then

                        objOU.MoveHere objComp.distinguishedName, objComp.name  

                End If

                objRS.MoveNext

        Loop

End If

 

Set oRootDSE = Nothing

Set objConn = Nothing

Set objComm = Nothing

Set objOU = Nothing

Set objRS = Nothing

Set objComp = Nothing

Set objFso = Nothing

Set objTxt = Nothing

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:johnnyjonathan
ID: 24887657
hi,
thanks for the changges but i still get:

(32, 1) Active Directory: An invalid directory pathname was passed

the only thing i'm changing is line 26
strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"

to
strBase   =  "<LDAP://OU=someOU,DC=domain,DC=local & oRootDSE.get("defaultNamingContext") & ">;"

of course with my OU's details.
same goes to line 17
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24947557
Sorry for the delay in replying. You need to remove the oRootDSE object completely. So line 26 should look like:
strBase   =  "<LDAP://OU=someOU,DC=domain,DC=local>;"
This will mean that the search will start at this OU downwards.
0
 

Author Comment

by:johnnyjonathan
ID: 24971861
Hi Tony, no problem, i've done as you requested but now i get this error -

(39, 25) Active Directory: An invalid directory pathname was passed
but only sometimes, in other times, it works but i can't see any computers moving from an OU to OU?
 
 
0
 

Author Comment

by:johnnyjonathan
ID: 25108573

I found a question that looks like mine with a solution running, however without a search for a naming based context -

http://www.experts-exchange.com/Programming/Languages/.NET/Visual_Basic.NET/Q_24102299.html?sfQueryTermInfo=1+creat+ou

can we modify it to fit my requirements?  
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 100 total points
ID: 25166296

> objOU.MoveHere objComp.distinguishedName

This line should be:

objOU.MoveHere objComp.ADSPath, vbNullString

Or:

objOU.MoveHere "LDAP://" & objComp.distinguishedName, vbNullString

Chris
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 25167419
Apologies - this one seemed to have slipped though my inbox.

Thanks for the catch, Chris.
0
 

Author Closing Comment

by:johnnyjonathan
ID: 31598809
Works perfect!
thank you!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now