Solved

Cleanup AD using vbs

Posted on 2009-07-01
15
746 Views
Last Modified: 2012-05-07
Hi,
I'm working to do an automated process that will move computers from a specific OU to another based on a set of rules.
The rules state that if a Computer is named XXX and the type of the OS is Windows XP then Move to ZZZ OU.
Thus creating a predetermined set of rules and run a schedule task.
Can it be done?
0
Comment
Question by:johnnyjonathan
  • 7
  • 6
15 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24761713
The below vbs checks for the existence of a string in the computer name, then checks for the existence of a string in the Operating System. If both are found, then the computer is moved to the new OU.
Just change strOS, strSearch, and objOU to suit your needs (lines 9, 10 and 11)
You can schedule this vbs to run as a scheduled task if you wish. It currently has no feedback so runs silently.
Hope this helps...

Set oRootDSE = GetObject("LDAP://RootDSE")
Set objConn = CreateObject("ADODB.Connection")
Set objComm =   CreateObject("ADODB.Command")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objComm.ActiveConnection = objConn
objComm.Properties("Page Size") = 1000
 
strSearch = "XXXX" ' The string to search for in the computer name
strOS = "XP" ' The string to search for in Operating System
Set objOU = GetObject("LDAP://OU=someOU,DC=domain,DC=local") ' The OU to move the objects to
 
strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"
strFilter = "(&(objectclass=computer)(cn=*" & strSearch & "*)(operatingSystem=*" & strOS & "*));" 
strAttrs  = "distinguishedName;"
strScope  = "subtree"
 
objComm.CommandText = strBase & strFilter & strAttrs & strScope
Set objRS = objComm.Execute
 
If objRS.RecordCount > 0 Then
	objRS.MoveFirst
	Do Until objRS.EOF
		Set objComp = GetObject("LDAP://" & Replace(objRS.Fields(0).Value,"/","\/"))
		objOU.MoveHere objComp.distinguishedName, objComp.name
		objRS.MoveNext
	Loop
End If
 
Set oRootDSE = Nothing
Set objConn = Nothing
Set objComm = Nothing
Set objOU = Nothing
Set objRS = Nothing
Set objComp = Nothing

Open in new window

0
 

Author Comment

by:johnnyjonathan
ID: 24809685
hi bluntTony, is there anyway i can also exclude specific computers from this filter with that script? it seemed to remove default machines in the ou that wern't suppose to be moved
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24812018
You can add these machine names to a text file. Any machines listed in this file will be excluded from processing in the following script.

You now also have strFile to designate the path to the text file.
Set oRootDSE = GetObject("LDAP://RootDSE")
Set objConn = CreateObject("ADODB.Connection")
Set objComm =   CreateObject("ADODB.Command")
Set objFso = CreateObject("Scripting.FileSystemObject")
Set objDict = CreateObject("Scripting.Dictionary")
 
Const ForReading = 1
 
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objComm.ActiveConnection = objConn
objComm.Properties("Page Size") = 1000
 
strSearch = "XXXX" ' The string to search for in the computer name
strOS = "XP" ' The string to search for in Operating System
strFile = "c:\test.txt"
Set objOU = GetObject("LDAP://OU=someOU,DC=domain,DC=local") ' The OU to move the objects to
 
Set objTxt = objFso.OpenTextFile(strFile,ForReading)
 
While Not objTxt.AtEndOfStream
	strLine = UCase(objTxt.ReadLine)
	objDict.Add strLine, strLine
Wend
 
strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"
strFilter = "(&(objectclass=computer)(cn=*" & strSearch & "*)(operatingSystem=*" & strOS & "*));" 
strAttrs  = "distinguishedName;"
strScope  = "subtree"
 
objComm.CommandText = strBase & strFilter & strAttrs & strScope
Set objRS = objComm.Execute
 
If objRS.RecordCount > 0 Then
        objRS.MoveFirst
        Do Until objRS.EOF
                Set objComp = GetObject("LDAP://" & Replace(objRS.Fields(0).Value,"/","\/"))
                If Not objDict.Exists(UCase(objComp.cn)) Then
                	objOU.MoveHere objComp.distinguishedName, objComp.name
	                objRS.MoveNext	
                End If
        Loop
End If
 
Set oRootDSE = Nothing
Set objConn = Nothing
Set objComm = Nothing
Set objOU = Nothing
Set objRS = Nothing
Set objComp = Nothing
Set objFso = Nothing
Set objTxt = Nothing

Open in new window

0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:johnnyjonathan
ID: 24854715
thank you Tony, i see the OU to move the objects to but where is the original OU where it takes the computer names from?

is it LDAP://" & oRootDSE?
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24857165
Yes, at the moment, the base of the search is the top of the domain and the scope is 'subtree' which basically means look everywhere in your current domain.

If you want to narrow the search, change line 26 to to DN of the OU you want to look in e.g:

strBase   =  ";"

If you want to search all OUs beneath this one, leave line 29 as it is. If you want to search in just that OU, change line 29 to:

strScope  = "onelevel"

Hope this helps!

0
 

Author Comment

by:johnnyjonathan
ID: 24859271
hi,
i get:

(39, 25) Active Directory: An invalid directory pathname was passed
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 400 total points
ID: 24859387
hmmm. Looks like a small error in my code. Try this:
Set oRootDSE = GetObject("LDAP://RootDSE")
Set objConn = CreateObject("ADODB.Connection")
Set objComm =   CreateObject("ADODB.Command")
Set objFso = CreateObject("Scripting.FileSystemObject")
Set objDict = CreateObject("Scripting.Dictionary")
 
Const ForReading = 1
 
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objComm.ActiveConnection = objConn
objComm.Properties("Page Size") = 1000
 
strSearch = "XXXX" ' The string to search for in the computer name
strOS = "XP" ' The string to search for in Operating System
strFile = "c:\test.txt"
Set objOU = GetObject("LDAP://OU=someOU,DC=domain,DC=local") ' The OU to move the objects to
 
Set objTxt = objFso.OpenTextFile(strFile,ForReading)
 
While Not objTxt.AtEndOfStream
        strLine = UCase(objTxt.ReadLine)
        objDict.Add strLine, strLine
Wend
 
strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"
strFilter = "(&(objectclass=computer)(cn=*" & strSearch & "*)(operatingSystem=*" & strOS & "*));" 
strAttrs  = "distinguishedName;"
strScope  = "subtree"
 
objComm.CommandText = strBase & strFilter & strAttrs & strScope
Set objRS = objComm.Execute
 
If objRS.RecordCount > 0 Then
        objRS.MoveFirst
        Do Until objRS.EOF
                Set objComp = GetObject("LDAP://" & Replace(objRS.Fields(0).Value,"/","\/"))
                If Not objDict.Exists(UCase(objComp.cn)) Then
                        objOU.MoveHere objComp.distinguishedName, objComp.name  
                End If
                objRS.MoveNext
        Loop
End If
 
Set oRootDSE = Nothing
Set objConn = Nothing
Set objComm = Nothing
Set objOU = Nothing
Set objRS = Nothing
Set objComp = Nothing
Set objFso = Nothing
Set objTxt = Nothing

Open in new window

0
 

Author Comment

by:johnnyjonathan
ID: 24887657
hi,
thanks for the changges but i still get:

(32, 1) Active Directory: An invalid directory pathname was passed

the only thing i'm changing is line 26
strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"

to
strBase   =  "<LDAP://OU=someOU,DC=domain,DC=local & oRootDSE.get("defaultNamingContext") & ">;"

of course with my OU's details.
same goes to line 17
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24947557
Sorry for the delay in replying. You need to remove the oRootDSE object completely. So line 26 should look like:
strBase   =  "<LDAP://OU=someOU,DC=domain,DC=local>;"
This will mean that the search will start at this OU downwards.
0
 

Author Comment

by:johnnyjonathan
ID: 24971861
Hi Tony, no problem, i've done as you requested but now i get this error -

(39, 25) Active Directory: An invalid directory pathname was passed
but only sometimes, in other times, it works but i can't see any computers moving from an OU to OU?
 
 
0
 

Author Comment

by:johnnyjonathan
ID: 25108573

I found a question that looks like mine with a solution running, however without a search for a naming based context -

http://www.experts-exchange.com/Programming/Languages/.NET/Visual_Basic.NET/Q_24102299.html?sfQueryTermInfo=1+creat+ou

can we modify it to fit my requirements?  
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 100 total points
ID: 25166296

> objOU.MoveHere objComp.distinguishedName

This line should be:

objOU.MoveHere objComp.ADSPath, vbNullString

Or:

objOU.MoveHere "LDAP://" & objComp.distinguishedName, vbNullString

Chris
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 25167419
Apologies - this one seemed to have slipped though my inbox.

Thanks for the catch, Chris.
0
 

Author Closing Comment

by:johnnyjonathan
ID: 31598809
Works perfect!
thank you!
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question