Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to move system in AD to another group with GPO

Posted on 2016-09-23
2
Medium Priority
?
82 Views
Last Modified: 2016-10-03
I have systems that I need to have move to a group when they join the domain based on the system name format.  

so if a systems name begins with pc- I need to be able to have them automatically moved to a group when they are added to the domain.

thanks
0
Comment
Question by:rdefino
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41812581
The most that AD can do natively is to put all new systems in a specified OU. By default it is the 'Computer' container, and you can change it to something else. However, you want to modify the group membership according to the system name used to join the computer.

One way to achieve it is to create a manual script that reads the computers that are located in the OU/Container of new PCs and then this scripts read the names there and according to the name it changes the system membership and move the computer somewhere else (it will avoid further processing of the same system). Then you can configure that script to run on a regular basis.
0
 
LVL 6

Accepted Solution

by:
sAMAccountName earned 2000 total points
ID: 41812623
If you are grouping clients based on what role they play (i.e. workstation vs server), Its more reliable to use the "OperatingSystemVersion" property on the object:
PS C:\> (get-adcomputer servername -Properties OperatingSystemVersion).OperatingSystemVersion
6.3 (9600)

Open in new window


I wouldnt rely on a naming convention.  As stated above, the way to solve this is through a task/job which queries the default computers container or some other target (i.e. domain root) for computers which arent in your wanted groups and add them to the right one based on OS version.

Ive done almost identical work at a few different places to good effect.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question