Re: Redirect computers to a specific OU by IP Address

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


Ryan,

Much appreciate the response

To be more succinct:

I do agree with you on the site v's OU model. However because this is
an environment where its become more or less a free for all (prior to
me coming on board) where there has been appprox 15 seperate admins
(with sufficient damage priveleges) joining computer accounts to a
W2K3 domain without any thought as to where they should be placed
thereafter. All workstations will be static from that respect (any
laptops can be moved into a seperate OU).

I'm in the process of disabling computer accounts that have not been
used for approx 180-240 days (as there is over 1000 computer accounts
currently held in the Computer container).

Like I said , I want to try to put a policy in place that will
automatically place any new computers into the relevant Site/Sub-
Container (Remote Site -> Computers_OU) if the site admin does not
move it after creation.

My problem is that I can't curtail the additions of new/rebuilt PC's
in the remote locations (very loose corporate enforcement policy) so I
want to attempt to put a cleanup process in place automatically in HQ.

My biggest problem is that I just dont know where to start the script
at....

:)


Hoot

On Jun 26, 5:36 am, Ryan Hanisco
<RyanHani...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
SpamShoe... <G>

There are two answers to your question:

1. Remember that computer accounts' site membership is determined by subnet
at the time. Since Site is one of the three places where you can bind a
Group Policy, it is relatively easy to create policies by site without having
to create OUs.

2. This flexibility is a blessing and a curse. If all your workstations are
static, it isn't a big deal. So something like folder redirection becomes
easy as you always bind to the local site. With mobile computers, the site
affinity changes as they move, making it more complicated. Even with
statically assigned OUs, you'll run into this problem. So you could write a
script to add computers to an OU, but what if they move -- or worse, what if
they're not at their primary site when the script runs?

You'll need to look at what you're really trying to do befor eyou pick a
solution. Are you jsut trying to apply a policy by site or is there
something else you gain by OUs? If you need something flexible enough to
allow computers to move, do you need a replicated environment like DFS or SAN
GeoSynch?

There is a bit to consider here and it all must be carefully planned.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.



"is.that.spam.on.my.s...@xxxxxxxxx" wrote:
Hi,

I've seen relevant posts in the past for various queries on the
"Default Computers" OU ,which work great. However I have come across a
legacy site with a very loose AD environment where hundreds of
computer accounts are unaccounted for (forgive the pun) scattered
within this AD environment.
The main problems are:

- No computer naming convention (various flavours of different Depts)
- No policies in place previously to move new accounts out of the
default container.
- Distributed remote sites.

I was wondering how to go about marrying a script to perform the
following:

- Parsing the machines by / for its IP address (approx 15 different
subnets assigned through DHCP)
- Once the machine subnet has been identified - then the PC's are
moved into their new site specific OU where the local GP can be
enforced.

This will then be added as a startup or shutdown script and linked to
a "Default Computers" OU ( will create a new OU for existing
container to support this task).

Am I being too vague or too ambitious ?

Could anyone point me to rough script since I'm a complete novice and
rely on seasoned veterans to post miracle scripts on a regular basis.

kind Regards

Hoot.- Hide quoted text -

- Show quoted text -


.

Relevant Pages

  • Re: DST Updates Deployed via Group Policy
    ... include a breakdown of computer accounts by OS, I would have to still move the computer accounts to a new OU before it works. ... See, I have our OU's broken down by office location, then by Computers, Users, and then another OU. ... Link the script policy to the root of the office locations OU. ... Depending on how many computers within this office structure lie, you might want to test this whole thing with a "harmless" policy or a script .. ...
    (microsoft.public.windows.group_policy)
  • Re: Script to determine OS version domain wide
    ... environment. ... >> workstations have not been patched to SP 1. ... > There's lot's of good examples in the TechNet Script Center: ... > OS of all computer accounts: ...
    (microsoft.public.windows.server.scripting)
  • Re: Startup Script To Map Printer depending on OU
    ... If you are running a startup script are computer accounts in this OU where ... On which operating system are you running these scripts? ... check RSoP to see if the policy gets applied? ... > Me and my colleague have been trying for a while now to create a script to ...
    (microsoft.public.windows.server.setup)
  • Re: Possible to define a variable for only certain directories?
    ... allows such customizations upon the environment on a per- ... this is useful only if the user or script ... configuration files, environment variables, command line options, and ... commands to the CDE Window Manager from a shell ...
    (comp.unix.shell)
  • Re: Planning A Group Policy Deployment
    ... construct for admin/mgmt of the computing environment (i.e. ... In a more ideal world one gets to factor policy settings so ... network functionality and domain wide network access issues. ... I am prejudiced when it comes to the guides you mention (as ...
    (microsoft.public.windows.group_policy)