Changing the incorrect homedir path of all users

Fri, 29 Dec 2006 08:02:17 GMT

This powershell script is to correct the users homedrive path in Active Directory.

The following steps are done by the script:

- First it looks up the users with an incorrect homedrive annotation

- For those users it changes the, in this case, servername to an alias

- save the info an continue with the next one.

# Powershell script

# Citrix Export published applications

# D. Verweij

###

# Connect to the AD

$root = [adsi]'LDAP://OU=users,OU=application,OU=services,DC=face,DC=foo,DC=nl'

# Configure the searcher

$searcher = new-object directoryservices.directorysearcher
$searcher.searchroot = $root
$searcher.filter = "(objectclass=user)"

# Loop up accounts with an incorrect homedrive
$searcher.findall()|where {$_.properties.item("homedirectory") -like "*servername*"}|foreach {
   $userrt="LDAP://"+$_.properties.item("distinguishedName")
   $userads = [adsi]$userrt
   $userhome=$userads.homedirectory
   $userads.put("homedirectory",$userhome.psbase.value.replace("servername","serveralias"))
   $userads.setinfo()
}

Grt

Dennis

Move computer objects in Active Directory

Thu, 28 Dec 2006 10:40:07 GMT

For our test enviroment we use a seperate OU in Active Directory to test WSUS updates and patches. Servers are put in this OU when patches have to be tested on curtain servers. To automate this, I of course, created a powershell script to do just this.

The following had to be realized:

- Create a script that moves the server to the test OU

- The script had to be launched as an Altiris job with the abbility to run it on several server at the same time

- For every server the original OU must be remembered to, with the next job, move it back

- Another job (script) has to put the computer in the original OU after the updates are finished

- One problem..the Altiris server runs in a different domain and there's no trust between the two domains

So I had to move the server to the test OU and had to remember the original OU to move it back and this for an unlimited number of servers at the same time.

Since the job must run from Altiris, dragged to a server, servergroup or scheduled on several servers, the server name must be given as a parameter.

The Altiris job does the following things:

- copy the script to the specified server in the %systemroot%\Temp directory

- start the script as in a scheduled task :

%systemroot%\system32\WindowsPowershell\v1.0\powershell.exe %systemroot%\Temp\scriptname %computername%

The following script is to move the server.

# Powershell script

# WSUS Moving computer object to the Test OU

# D. Verweij

###

# First read the given parameter in the variable $servnm

param([string]$servnm="none")

# Specify the name of the logfile to save the original OU in. This file is saved on the machine you move and run the script
$ServFL = "C:\Altiris\logfiles\$servnm"

# Specify the target OU
$patchOU="LDAP://OU=WSUSTest,OU=Services,DC=Dennis,DC=Verweij,DC=nl"

# Connect to the root of the domain
$ad1=[adsi]''

# Setup the search criteria
$ad1search = new-object directoryservices.directorysearcher
$ad1search.searchroot = $ad1
$ad1search.filter="(objectclass=computer)"
$serv2=$ad1search.findall()|where {$_.properties.item("cn") -like $servnm}
# Save the distinguishedname of the original OU in the logfile. You need the distinguished name to move it back

$serv2.properties.item("distinguishedname") > $ServFL
$servDN=$serv2.properties.item("distinguishedname")
# Connect to the computerobject

$serv=[adsi]"LDAP://$servDN"

# And move it
$serv.psbase.MoveTo($patchOU)

To move it back the Altiris job is pretty much the same except for the script name

The script to put it back:

# Powershell script

# WSUS Moving computer object to the original OU

# D. Verweij

###

# First read the given parameter in the variable $servnm

param([string]$servnm="none")

# Specify the Test OU
$patchOU="LDAP://OU=WSUSTest,OU=Services,DC=Dennis,DC=Verweij,DC=nl"

# Specify the name of the logfile the original OU is saved in
$ServFL = "C:\Altiris\logfiles\$servnm"

# Check if the logfile exists

if(test-path $ServFL)
{
# Read the logfile and get rid of the computername

gc $ServFL|%{$servDN = $_.ToUpper().replace("CN=$servnm,","")}

# Connect to the computerobject
$serv = [adsi]"LDAP://CN=$servnm,$patchOU"

# And move it back were it came from
$serv.psbase.MoveTo("LDAP://$servDN")
}

# Finally delete the logfile
del $ServFL

Hope you can do something with it!

Grt

Dennis

Just Powershell it: Active Directory

Changing the incorrect homedir path of all users

Move computer objects in Active Directory