Whether you've been in the IT game for years or are just starting out, there are a few simple tools you'll find yourself relying on almost every day to do tasks so basic, you'll wonder why Microsoft doesn't make them just a little easier to do. The object of this post is to give you a couple small tools that will make your life easier.
Cmdlet 1: Get-CompOU - return the Organizational Unit of any hostname
If you manage an Active Directory network of any size, you'll probably wind up troubleshooting Group Policy, and one of the major things that decides what policies your computer receives is the Organizational Unit (OU) where your computer resides. Personally, I'm a lazy IT guy. I don't like opening ADUCs, right-clicking the domain, clicking search, typing my computer name (only to realize I forgot to select "Computer" from the drop down), clicking Search, right clicking my computer name, selecting properties, and then finding out the Object tab isn't there because I forgot to turn on Advanced Features, which means I get to close out of my search and start the whole thing over again. Even once you've found it, now you have to memorize or copy it so you can find your problem child computer and move it to the right OU.
Alternatively, you can have some simple PowerShell scripts attached to your profile that will do it all in one line. You can download the script here: https://goo.gl/Bv90kk, but I'll also go through what makes it tick.
Code:
First off, I make all of my scripts that aren't quick and dirty one-liners as Functions. This means that once I've imported my profile, I can just type "get-compou [somehostname]," and my computer will know what to do just the same as if I had typed "get-childitem" or "get-wmiobject." The "$computerName" variable is what's passed as the first argument. The second line calls get-adcomputer to return the AD computer object of the host name. Then, we check to make sure the computer name was actually found. If it wasn't, it'll tell you and return nothing. If it was found, then we find the OU that matches the one given in the Distinguished Name of the computer and return that object.Function Get-CompOU ($computerName){
$comp = get-adcomputer $computerName
if ($comp -eq $null) {write-host -ForegroundColor Red "Computer object $computerName was not found"; return}
else {
$compOU = get-adorganizationalunit ($comp.distinguishedname.substring($comp.distinguishedname.indexof(",")+1))
return $compOU
}
}
In case you're wondering why we don't just return the OU name that we extracted from the Distinguished Name, it's because I want to return an actual AD OrganizationalUnit object instead of just a string. That gives us a lot more power and freedom with what we can do. It's also why we use return at the end instead of a write-host.
For example: TechPC1 is able to run regedit no problem. TechPC2 gets an error stating that regedit is disabled by his system administrator, even though 1 and 2 should be getting the same policies. Our Sys Admin runs Get-CompOU TechPC1 and finds that PC1 is in the correct OU. Running Get-CompOU TechPC2 reveals that PC2 was accidentally placed in the same OU as the regular production user machines. From here, our Sys Admin types get-adcomputer TechPC2 | move-adobject -TargetPath (Get-CompOU TechPC1).
Viola! That computer has been moved. Personally, I find this easier than all the right clicking, searching, copying, and manually moving. The nice thing with PowerShell being so extensible is that the foreach-object cmdlet gives you the ability to run this script against an entire text file of names, or generate a report of every computer in a given OU.
I hope you've found this useful. Stay tuned for the next post.
No comments:
Post a Comment