Results 1 to 6 of 6

Thread: Batch script to move users to different OUs

  1. #1
    Join Date
    Oct 2008
    Posts
    7

    Batch script to move users to different OUs

    Hi there,
    We're almost ready to re-direct the default computers location and to set up a GPO startup script to move the machines from the default location to a OU based on their hardware type. This move is based on a file which is created when the machine is imaged.

    Here is the batch script, please let me know if you see any problems...
    I've replaced all site specifics with placeholders in []s

    @echo off
    setlocal enabledelayedexpansion
    set SEPARATOR=/
    set currentline=
    set LogFile=%Temp%\%~n0.log

    set MoveUser=[Domain user with priviledges to move computers]
    set MovePwd=[Above user's password[
    set Root=dc=[something],dc=[somewhere],dc=[somewhere]
    set ComputersDN=ou=Workstations,%root%
    set Desktop=ou=Desktops,ou=Workstations,%root%
    set Laptop=ou=ou=Laptops,Workstations,%root%
    set TargetDN=

    if not exist C:\WINDOWS\[FOLDER]\SysInfo\CHASSIS.TXT goto end
    for /f %%a in (C:\WINDOWS\[FOLDER]\SysInfo\CHASSIS.TXT) do (
    set currentline=%%a
    )
    if /i %currentline% == LAPTOP set TargetDN=%Laptop%
    if /i %currentline% == DESKTOP set TargetDN=%Desktop%

    echo %Date% %Time% About to move "%ComputerName%" to "%TargetDN%":
    >>"%LogFile%" echo %Date% %Time% About to move "%ComputerName%" to "%TargetDN%":

    dsquery computer "%ComputersDN%" -name %ComputerName% | dsmove computer -newparent "%TargetDN%" -u %MoveUser% -p %MovePwd% >>"%LogFile%" 2>&1

    :end

    Thanks in advance

  2. #2
    Join Date
    Jan 2006
    Posts
    605

    Re: Batch script to move users to different OUs

    I think that you can also move the computer accounts using a text file with computer names. You can use WMI to read your chassis.txt file, but better is to use WMI to read the chassis type directrly. It will require a VBScript or PowerShell program, check below for instance:

    http://www.microsoft.com/technet/scr..._cpm_btnz.mspx

  3. #3
    Join Date
    Oct 2008
    Posts
    7

    Re: Batch script to move users to different OUs

    Thanks for the reply.

    Yes it does display the password in cleartext :( I'm thinking about using something like bat to exe converter to make it alittle harder to figure out what it is.

    We're looking at redirecting the default computers location to point to a new OU with the following command ran from the primary DC: redircmp OU=Default Computer Location,DC=[domain],DC=co,DC=nz

    We'd then move all computer objects from what was the default container to the new one and link a GPO which runs the script in my first post as a startup script.

    The CHASSIS.TXT file is created by the build process and isn't something we can change, it simply contains the text "Desktop" or "Laptop".

    We've tested the script as far as we can without running it "for real", with the output being: Mon 22/12/2008 15:45:15.83 About to move "[HOST NAME]" to "ou=ou=laptops,workstations,dc=[DOMAIN],dc=ac,dc=nz":
    I've blanked out site specifics again, with hostname and domain :)

    I'm not 100% about the dsquery though and was looking to confirm this is a method similar to what others have working in production? It seems to follow Microsoft recommendations: http://support.microsoft.com/kb/324949

    Thanks for your thoughts and comments

  4. #4
    Join Date
    Oct 2008
    Posts
    7

    Re: Batch script to move users to different OUs

    Just removed a extra ou= in the line
    set Laptop=ou=laptops,workstations,%root%

    Opps :)

  5. #5
    Join Date
    Jan 2006
    Posts
    6,878

    Re: Batch script to move users to different OUs

    It will be a bad idea because if someone reads the script then they can do what they want, since the password will be in clear text, to these computer accounts including deleting them and if you have auditing enabled then it will show this account as the problem which wont help. You must be able to write a script to output hardware type and from there you can either manually move these or batch move them.

  6. #6
    Join Date
    Oct 2008
    Posts
    7
    We've already got scripts that show the hardware types (and collate them)

    The issue is that we'd prefer for these machine to manage themselfs.
    I understand the security concerns and simply won't release the script in plaintext as it is here. I'm working on encrypting the password and changing the script so its not plain text as well.

    Besides the plaintext password, which is obviously a no-go, is there anything wrong with moving machines automatically this way rather then manually shifting them?

Similar Threads

  1. Batch Script Issue
    By spmaguire in forum Software Development
    Replies: 3
    Last Post: 04-09-2013, 10:41 AM
  2. batch script to find a file
    By stevenwhite in forum Software Development
    Replies: 1
    Last Post: 10-04-2012, 12:55 PM
  3. Batch Script to Convert PNG to XPM
    By BRIGHID in forum Operating Systems
    Replies: 3
    Last Post: 22-08-2010, 03:25 AM
  4. Batch File to Move or Copy Files
    By Pratim in forum Windows Software
    Replies: 6
    Last Post: 21-03-2010, 09:32 PM
  5. Need a batch script to map drive
    By Common in forum Networking & Security
    Replies: 3
    Last Post: 06-07-2009, 07:42 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,708,187.60987 seconds with 17 queries