[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Automatically Join Computers in an OU to a security group

Posted on 2013-01-11
9
Medium Priority
?
2,398 Views
Last Modified: 2013-01-14
Hello, in our domain we have multiple offices across the country. Each of these offices has it own OU, eg London, Manchester, Liverpool etc.

Each Citys OU contains child OUs for objects eg Users, Laptops, Desktops, Security Groups, Distribution Groups etc

I have a security group that is for the whole of the domain, what I want to do is automatically make any laptop in every city City a member of the security group.

Is there a way to do this? I would mind a powershell script running every so often. ut it would be nice to be able to put in some sort of policy that forces a member of an OU into a group.
0
Comment
Question by:infradatel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38767434
Try this:

Get-QADComputer -SearchRoot "OU=NAMEOF OU,OU=NAMEOFCITYOU,DC=Test,DC=local" | Add-QADGroupMember "TEST\GROUPNAME"

You will need to specify the search root to each laptop OU. You will also need the Quest AD CMDLets.

http://www.quest.com/powershell/activeroles-server.aspx
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38767435
Set it up as a scheduled task and you are good to go!
0
 

Author Comment

by:infradatel
ID: 38767565
Is there a way to do this without installing the Quest Modules?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 22

Accepted Solution

by:
Joseph Moody earned 1600 total points
ID: 38767583
Yes - if you have a 2008 R2 web services, you can use the AD builtin powershell cmdlets.

Just replace qad- with ad-

The Quest Modules are very nice though and super simple! You just need them on a workstation.
0
 

Author Comment

by:infradatel
ID: 38767593
Ok thanks will go e it a try now I have a server with web services on
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 400 total points
ID: 38768234
Hi.

Have a look at the concept of shadow groups. http://www.youtube.com/watch?v=HMixa01i78g In the descriptive text, a script is linked.
0
 

Author Closing Comment

by:infradatel
ID: 38774065
With the help of both of you I have managed to get this working as required, using shadow groups I have even managed to get it to automate deletion of computers removed from the OU. THanks Guys.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38774096
Awesome!

If you can, post your script. Others may find it useful!
0
 
LVL 56

Expert Comment

by:McKnife
ID: 38775292
Could you do all you wanted using shadow groups?
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question