OPSI DokuWiki

User Tools

Site Tools

Trace:
userspace:active_directory_-_join_leave_relocate_ou

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
userspace:active_directory_-_join_leave_relocate_ou [2015/09/30 17:49]
larsg 		userspace:active_directory_-_join_leave_relocate_ou [2021/08/23 08:37] (current)
Line 1: Line 1:
-====== Active Directory client management, join/leave/relocate ou ======+====== Active Directory client management, join/unjoin/relocate ou ======
  
-   created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30+created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30
  
    * tested under windows 7    * tested under windows 7
Line 7: Line 7:
    * tested under winst 4.11.5.14    * tested under winst 4.11.5.14
  
-With this package, you can join or leave a domain, or change the ou-path for the client within a domain (still experimental, details below). +With this package, you can join or leave a domain, and in theory change the ou-path for the client within a domain (still experimental, details below). 
-These three functions are conveniently assigned to the action requests setup (join), uninstall (leave), update (relocate).+These three functions are conveniently assigned to the action requests setup (join), uninstall (unjoin), update (relocate). 
 + 
 +This package relies on three product properties: 
 +   * **domain_ou** 
 + 
 +''domain_ou'' must follows this syntax: ''[domain.tld][/ou_1/ou_2]'', both segments are independent and optional  
 +and only taken into account when joining a domain or relocating to another ou. when a client shall leave a domain, required information are gathered  
 +from operating system. 
 + 
 +if no domain is specified, it's being extracted from host identifier. 
 +if no ou is specified, the client will be placed in the default computer ou-path for the domain. 
 +each ou needs a leading forward-slash, all have to be in the right order, beginning at the top-most level. 
 + 
 +   * **username** 
 +   * **password** 
 + 
 +''username'' must include the domain it belongs to, either like ''DOMAIN\username'' or ''username@domain.tld'', and it has to be   
 +an account with sufficient privileges to join/unjoin clients to/from the domain(s) you want to manage. 
 + 
 +''username'' and ''password'' are prunned from productproperties upon every successful execution, so that they won't remain for  
 +everyone to see in cleartext. //i hope an option for password-masking in productproperties will be available soon.//
  
 ==== Setup ==== ==== Setup ====
 +if a client currently is in a domain and shall join another, this script will try to unjoin from the current domain,
 +and then joined to the new domain, with the same administrative account you provided. so you will need one account with sufficient privileges for
 +both domains, f.e. a trusted management domain containing such administrative accounts. otherwise, you have to do both steps
 +seperately - first unjoin, then join, with different accounts.
 +
 <code winst> <code winst>
 [Actions] [Actions]
-SetLogLevel = 9 
-ExitOnError = false 
-ScriptErrorMessages = on 
-TraceMode = off 
-StayOnTop = false 
-requiredWinstVersion >= "4.11.5.14" 
-ScriptErrorMessages = false 
 noUpdateScript noUpdateScript
  
Line 234: Line 252:
  
 ==== Uninstall ==== ==== Uninstall ====
 +It seems that actually deleting computer accounts from a domain upon unjoin is currently not possible, so keep in mind that you need to manually delete the account if you want it to be gone, f.e. to re-use the name for another computer. //I am planning to add this as an optional feature.//
 +
 <code winst> <code winst>
 [Actions] [Actions]
-SetLogLevel = 9  
-ExitOnError = false 
-ScriptErrorMessages = on 
-TraceMode = off 
-StayOnTop = false 
-requiredWinstVersion >= "4.11.5.14" 
-ScriptErrorMessages = false 
- 
 defVar $DomainCurrent$ defVar $DomainCurrent$
 defVar $Username$ defVar $Username$
Line 271: Line 283:
  showBitmap "%ScriptPath%\domain.png" "Active Directory"   showBitmap "%ScriptPath%\domain.png" "Active Directory" 
  message "Leave domain " + $DomainCurrent$  message "Leave domain " + $DomainCurrent$
- ;leave domain+ ;unjoin domain
  execwith_vbs_domain_unjoin cscript //nologo //e:vbs  execwith_vbs_domain_unjoin cscript //nologo //e:vbs
  sub_check_domain_unjoin  sub_check_domain_unjoin
Line 327: Line 339:
 endif endif
 </code> </code>
- 
  
 ==== Update ==== ==== Update ====
 +Relocating a client to a different ou within the same domain is still giving me some headache,
 +i am currently stuck at the part where the ADSI movehere function actually performs the relocation,
 +it will throw an error ''Active Directory: not implemented'' (what ever that means).
 +
 +If anyone can get this to work, i wouldn't mind a heads up (;
 +
 <code winst> <code winst>
 [Actions] [Actions]
-SetLogLevel = 9 
-ExitOnError = false 
-ScriptErrorMessages = on 
-TraceMode = off 
-StayOnTop = false 
-requiredWinstVersion >= "4.11.5.14" 
-ScriptErrorMessages = false 
- 
 defVar $DomainRaw$ defVar $DomainRaw$
 defVar $Domain$ defVar $Domain$
userspace/active_directory_-_join_leave_relocate_ou.1443635376.txt.gz · Last modified: 2021/08/23 08:37 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki