Solved

How to move system in AD to another group with GPO

Posted on 2016-09-23
2
69 Views
Last Modified: 2016-10-03
I have systems that I need to have move to a group when they join the domain based on the system name format.  

so if a systems name begins with pc- I need to be able to have them automatically moved to a group when they are added to the domain.

thanks
0
Comment
Question by:rdefino
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41812581
The most that AD can do natively is to put all new systems in a specified OU. By default it is the 'Computer' container, and you can change it to something else. However, you want to modify the group membership according to the system name used to join the computer.

One way to achieve it is to create a manual script that reads the computers that are located in the OU/Container of new PCs and then this scripts read the names there and according to the name it changes the system membership and move the computer somewhere else (it will avoid further processing of the same system). Then you can configure that script to run on a regular basis.
0
 
LVL 6

Accepted Solution

by:
sAMAccountName earned 500 total points
ID: 41812623
If you are grouping clients based on what role they play (i.e. workstation vs server), Its more reliable to use the "OperatingSystemVersion" property on the object:
PS C:\> (get-adcomputer servername -Properties OperatingSystemVersion).OperatingSystemVersion
6.3 (9600)

Open in new window


I wouldnt rely on a naming convention.  As stated above, the way to solve this is through a task/job which queries the default computers container or some other target (i.e. domain root) for computers which arent in your wanted groups and add them to the right one based on OS version.

Ive done almost identical work at a few different places to good effect.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question