Category Archives: 16078

Locating AD Computer Objects with PowerShell

Yesterday I was asked how you can find the locations of a list of computer objects in the Active Directory. Not an issue if all of your computers are in Computers, but we’ve got a structure of OUs that would put any ant colony to shame, so it’s a valid question.


My answer was as follows:


Put your list of machines in a file (c:\temp\machine.txt – one computer name per line) and depending on where you’re going to run this it’s a bit different. If you were on a Server 2008 R2 server which has the Active Directory cmdlets, then you need to do:


Get-Content c:\temp\machine.txt | Foreach-Object{
Get-ADComputer $_
} | Select-Object name,@{
name=”ou”;expression={
$_.distinguishedname.substring($_.name.length+4)
}
} | Format-Table -AutoSize


If not, I would suggest installing the AD cmdlets from Quest (http://www.quest.com/powershell/activeroles-server.aspx) and doing this:


Get-Content c:\temp\machine.txt | Foreach-Object{
Get-QADComputer $_
} | Select-Object name,parentcontainer | Format-Table –AutoSize



I’m just outputting to a table because I wasn’t told how the output was going to be used. You could use Export-Csv instead to pop it in a file. I should also point out that each of those examples works as a single line of code. I’ve just put it on different rows to stop my blog wrapping it in a confusing place – they’re actually pretty easy to read as a single line.


Now those are the ways that I would do it, but if you have to do something without the Microsoft or Quest AD cmdlets (if your environment is really locked down), all is not lost. This should work anywhere in your domain you can run PowerShell:


$ds = New-Object DirectoryServices.DirectorySearcher
$ds.SearchRoot=”LDAP://DC=yourdomain,DC=com”
Get-Content c:\temp\machine.txt | Foreach-Object{
$ds.Filter=”(&(objectclass=computer)(name=$_))”
$ds.FindOne() | Select-Object path

Pre-staging Computers in Active Directory for WDS with PowerShell and Quest AD cmdlets

One of the most common issues when buidling computers with Windows Deployment Services (WDS, and RIS before that) are typos in the GUIDs used to net-boot the PCs. When you’re entering them by hand as you pre-stage the computer objects in Active Directory it’s very easy to make mistakes, especially when you’re entering a lot of them. It’s also extremely time consuming if you have to boot each machine to the point of PXE displaying the MAC and GUID – that’s why the smart move is to request that information from the supplier, preferably before they deliver the machines.


Anyone who has pre-staged a computer object before will be aware of the jiggery-pokery that goes on with switching round the first half of the GUID, so that when you view it later in ADUC, you see something significantly different to what you typed in. It appear that this conversion is done by the GUI when you create the object, so when you’re adding them programatically, you need to change the format yourself.


Microsoft published a VBScript function to reformat the GUIDs so they could be added to AD by a script, but I haven’t seen similar in PowerShell, so here it is:


function flip-guid ([string]$g) {
    $g = $g.replace(“-“,””).replace(” “,””)
    -join $g.substring(0,16).tochararray()[6,7,4,5,2,3,0,1,10,11,8,9,14,15,12,13] + $g.substring(16,16)
}


The function takes the GUID as a string and first removes any dashes or spaces (since I’ve received them from suppliers with both at different times). Next it converts the first half into an array of characters, selects them back in the new order and uses the join operator to make them back into a string, to which it concatenates the second half, unchanged from the original. As with most things in PowerShell it could be reduced down to a single line, or expanded further to enhance readability.


So, given the ability now to change the format, I use Quest’s AD cmdlets (if you haven’t come across these before, take a look now!) to create the computer objects. Assuming that you have a CSV file containing the new PC’s name and GUID, just do this…


Import-Csv newpcs.csv | foreach {
   New-QADComputer $_.name -ParentContainer “SomeOU” -ObjectAttributes @{netbootguid = ([guid](flip-guid $_.guid)).ToByteArray()}


That’ll leave you with a load of new computer objects ready for WDS. :-)


NB. It’s likely that the code snippets above have been wrapped to fit the page layout. In the function there are only two lines – everything from “-join” to the end is the same line. In the foreach scriptblock that’s just a single line.