?
Solved

Automatically Join Computers in an OU to a security group

Posted on 2013-01-11
9
Medium Priority
?
2,295 Views
Last Modified: 2013-01-14
Hello, in our domain we have multiple offices across the country. Each of these offices has it own OU, eg London, Manchester, Liverpool etc.

Each Citys OU contains child OUs for objects eg Users, Laptops, Desktops, Security Groups, Distribution Groups etc

I have a security group that is for the whole of the domain, what I want to do is automatically make any laptop in every city City a member of the security group.

Is there a way to do this? I would mind a powershell script running every so often. ut it would be nice to be able to put in some sort of policy that forces a member of an OU into a group.
0
Comment
Question by:infradatel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38767434
Try this:

Get-QADComputer -SearchRoot "OU=NAMEOF OU,OU=NAMEOFCITYOU,DC=Test,DC=local" | Add-QADGroupMember "TEST\GROUPNAME"

You will need to specify the search root to each laptop OU. You will also need the Quest AD CMDLets.

http://www.quest.com/powershell/activeroles-server.aspx
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38767435
Set it up as a scheduled task and you are good to go!
0
 

Author Comment

by:infradatel
ID: 38767565
Is there a way to do this without installing the Quest Modules?
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 22

Accepted Solution

by:
Joseph Moody earned 1600 total points
ID: 38767583
Yes - if you have a 2008 R2 web services, you can use the AD builtin powershell cmdlets.

Just replace qad- with ad-

The Quest Modules are very nice though and super simple! You just need them on a workstation.
0
 

Author Comment

by:infradatel
ID: 38767593
Ok thanks will go e it a try now I have a server with web services on
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 400 total points
ID: 38768234
Hi.

Have a look at the concept of shadow groups. http://www.youtube.com/watch?v=HMixa01i78g In the descriptive text, a script is linked.
0
 

Author Closing Comment

by:infradatel
ID: 38774065
With the help of both of you I have managed to get this working as required, using shadow groups I have even managed to get it to automate deletion of computers removed from the OU. THanks Guys.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38774096
Awesome!

If you can, post your script. Others may find it useful!
0
 
LVL 56

Expert Comment

by:McKnife
ID: 38775292
Could you do all you wanted using shadow groups?
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question