OPSI DokuWiki

User Tools

Site Tools

Trace:
userspace:active_directory_-_join_leave_relocate_ou

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
userspace:active_directory_-_join_leave_relocate_ou [2015/09/30 17:48]
larsg 		userspace:active_directory_-_join_leave_relocate_ou [2015/09/30 18:39]
larsg [Uninstall]
Line 1: Line 1:
-====== Active Directory client management, join/leave/relocate ou ======+====== Active Directory client management, join/unjoin/relocate ou ======
  
-   created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30+created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30
  
    * tested under windows 7    * tested under windows 7
Line 7: Line 7:
    * tested under winst 4.11.5.14    * tested under winst 4.11.5.14
  
-With this package, you can join or leave a domain, or change the ou-path for the client within a domain (still experimental, details below). +With this package, you can join or leave a domain, and in theory change the ou-path for the client within a domain (still experimental, details below). 
-These three functions are conveniently assigned to the action requests setup (join), uninstall (leave), update (relocate).+These three functions are conveniently assigned to the action requests setup (join), uninstall (unjoin), update (relocate). 
 + 
 +This package relies on three product properties: 
 +   * **domain_ou** 
 + 
 +''domain_ou'' must follows this syntax: ''[domain.tld][/ou_1/ou_2]'', both segments are independent and optional  
 +and only taken into account when joining a domain or relocating to another ou. when a client shall leave a domain, required information are gathered  
 +from operating system. 
 + 
 +if no domain is specified, it's being extracted from host identifier. 
 +if no ou is specified, the client will be placed in the default computer ou-path for the domain. 
 +each ou needs a leading forward-slash, all have to be in the right order, beginning at the top-most level. 
 + 
 +   * **username** 
 +   * **password** 
 + 
 +''username'' must include the domain it belongs to, either like ''DOMAIN\username'' or ''username@domain.tld'', and it has to be   
 +an account with sufficient privileges to join/unjoin clients to/from the domain(s) you want to manage. 
 + 
 +''username'' and ''password'' are prunned from productproperties upon every successful execution, so that they won't remain for  
 +everyone to see in cleartext. //i hope an option for password-masking in productproperties will be available soon.//
  
 ==== Setup ==== ==== Setup ====
 +if a client currently is in a domain and shall join another, this script will try to unjoin from the current domain,
 +and then joined to the new domain, with the same administrative account you provided. so you will need one account with sufficient privileges for
 +both domains, f.e. a trusted management domain containing such administrative accounts. otherwise, you have to do both steps
 +seperately - first unjoin, then join, with different accounts.
 +
 <code winst> <code winst>
 [Actions] [Actions]
-SetLogLevel = 9 
-ExitOnError = false 
-ScriptErrorMessages = on 
-TraceMode = off 
-StayOnTop = false 
-requiredWinstVersion >= "4.11.5.14" 
-ScriptErrorMessages = false 
 noUpdateScript noUpdateScript
  
Line 229: Line 247:
 endif endif
 endif endif
-</code winst>+</code>
  
  
  
 ==== Uninstall ==== ==== Uninstall ====
 +It seems that actually deleting computer accounts from a domain upon unjoin is currently not possible, so keep in mind that you need to manually delete the account if you want it to be gone, f.e. to re-use the name for another computer. //I am planning to add this as an optional feature.//
 +
 <code winst> <code winst>
 [Actions] [Actions]
-SetLogLevel = 9  
-ExitOnError = false 
-ScriptErrorMessages = on 
-TraceMode = off 
-StayOnTop = false 
-requiredWinstVersion >= "4.11.5.14" 
-ScriptErrorMessages = false 
- 
 defVar $DomainCurrent$ defVar $DomainCurrent$
 defVar $Username$ defVar $Username$
Line 271: Line 283:
  showBitmap "%ScriptPath%\domain.png" "Active Directory"   showBitmap "%ScriptPath%\domain.png" "Active Directory" 
  message "Leave domain " + $DomainCurrent$  message "Leave domain " + $DomainCurrent$
- ;leave domain+ ;unjoin domain
  execwith_vbs_domain_unjoin cscript //nologo //e:vbs  execwith_vbs_domain_unjoin cscript //nologo //e:vbs
  sub_check_domain_unjoin  sub_check_domain_unjoin
Line 326: Line 338:
  isFatalError  isFatalError
 endif endif
-</code winst> +</code>
  
 ==== Update ==== ==== Update ====
 +Relocating a client to a different ou within the same domain is still giving me some headache,
 +i am currently stuck at the part where the ADSI movehere function actually performs the relocation,
 +it will throw an arror ''Active Directory: not implemented'' (what ever that means).
 +
 +If anyone can get this to work, i wouldn't mind a heads up (;
 +
 <code winst> <code winst>
 [Actions] [Actions]
-SetLogLevel = 9 
-ExitOnError = false 
-ScriptErrorMessages = on 
-TraceMode = off 
-StayOnTop = false 
-requiredWinstVersion >= "4.11.5.14" 
-ScriptErrorMessages = false 
- 
 defVar $DomainRaw$ defVar $DomainRaw$
 defVar $Domain$ defVar $Domain$
Line 451: Line 460:
  "%hostid%"  "%hostid%"
 ] ]
-</code winst>+</code>
  
userspace/active_directory_-_join_leave_relocate_ou.txt · Last modified: 2021/08/23 08:37 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki