Move Computer Objects Based on Operating System Version ~ Santhosh Sivarajan's Blog

Tuesday, July 12, 2011

Move Computer Objects Based on Operating System Version

Tuesday, July 12, 2011 9:44 AM Blog-5 3 comments

This logic can be used move computer objects in Active Directory based based on their Operating System version.

Option #1 – DS Commands

dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=6.1))" | dsmove -newparent OU=Win7,OU=ComputerAccounts,DC=santhosh,DC=lab

The above command will move all Windows 7 computers to OU=Win7,OU=ComputerAccounts,DC=santhosh,DC=lab OU.

dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=5.1))" | dsmove -newparent OU=WinXP,OU=ComputerAccounts,DC=santhosh,DC=lab

The above command will move all Windows XP computers to OU=WinXP,OU=ComputerAccounts,DC=santhosh,DC=lab OU.

Option #2 – Ver or systeminfo Commands

In option #1, I am verifying the OperatingSystem or OperatingSystemVersion values from Active Directory attribute. You can also verify these values from the actual computer objects using the following method:

http://portal.sivarajan.com/2011/03/operating-system-infobatch-file.html

Filter

You can update the filter based on OperatingSystem or OperatingSystemVersion values. Also, I have used the default computer location (CN=Computers,DC=santhosh,DC=lab) query.

operatingSystemVersion - http://msdn.microsoft.com/en-us/library/ms724832(v=vs.85).aspx

operatingSystem - http://msdn.microsoft.com/en-us/library/aa370556(v=vs.85).aspx

Server Object Filter

If your goal is to move all “severs”, you can modify the search using the "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystem=*server*)) filter. This filter will verify the”server” string the operatingSystem attribute value.

Domain Controller Filter

If you want to exclude all Domain Controllers, you can use the following userAccountControl filter (Active Directory and userAccountControl Attribute).

(&(ObjectClass=computer)(objectCategory=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=8192))

Automation

You can create a batch file with these commands or create a schedule task to achieve this goal. If you really want to automate this process, you attach this script to an event ID using Attach Task To This Event option.

http://portal.sivarajan.com/2010/04/generate-email-alert-to-event-attach.html

Posted in: Active Directory,Microsoft,script,Windows,Windows 2008 R2,Windows 7,Windows Server 2008 R2,Windows Vista,Windows XP Mode

3 comments:

Anonymous says:

July 23, 2015 at 9:30 PM

This is incorrect. The pipe passes the results before the dsmove command, and the command errors out.

Blog-5 says:

March 9, 2016 at 10:56 AM

This comment has been removed by the author.

Richard Majece says:

August 3, 2018 at 7:59 AM

What is really important for me is to talk more about peace. That's why I found https://essayclick.net/blog/world-peace-essay and expressed my opinion about it in my essay.

Santhosh Sivarajan's Blog

Tuesday, July 12, 2011

Move Computer Objects Based on Operating System Version

3 comments:

Post a Comment

Popular Posts

Share

Email Subscription