User Tools

Site Tools


userspace:active_directory_-_join_leave_relocate_ou

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userspace:active_directory_-_join_leave_relocate_ou [2015/09/30 18:14]
larsg
userspace:active_directory_-_join_leave_relocate_ou [2021/08/23 08:37] (current)
Line 1: Line 1:
-====== Active Directory client management, join/leave/relocate ou ======+====== Active Directory client management, join/unjoin/relocate ou ======
  
-   created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30+created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30
  
    * tested under windows 7    * tested under windows 7
Line 7: Line 7:
    * tested under winst 4.11.5.14    * tested under winst 4.11.5.14
  
-With this package, you can join or leave a domain, or change the ou-path for the client within a domain (still experimental, details below). +With this package, you can join or leave a domain, and in theory change the ou-path for the client within a domain (still experimental, details below). 
-These three functions are conveniently assigned to the action requests setup (join), uninstall (leave), update (relocate).+These three functions are conveniently assigned to the action requests setup (join), uninstall (unjoin), update (relocate).
  
 This package relies on three product properties: This package relies on three product properties:
-   * domain_ou +   * **domain_ou** 
-   username + 
-   password+''domain_ou'' must follows this syntax: ''[domain.tld][/ou_1/ou_2]'', both segments are independent and optional  
 +and only taken into account when joining a domain or relocating to another ou. when a client shall leave a domain, required information are gathered  
 +from operating system.
  
-values in property domain_ou must follows this syntax: [domain.tld][/ou_1/ou_2], both segments are independent and optional. 
 if no domain is specified, it's being extracted from host identifier. if no domain is specified, it's being extracted from host identifier.
 if no ou is specified, the client will be placed in the default computer ou-path for the domain. if no ou is specified, the client will be placed in the default computer ou-path for the domain.
 each ou needs a leading forward-slash, all have to be in the right order, beginning at the top-most level. each ou needs a leading forward-slash, all have to be in the right order, beginning at the top-most level.
  
-username must include the domain it belongs to, either like DOMAIN\username or username@domain.tld, and it has to be  +   * **username** 
 +   * **password** 
 + 
 +''username'' must include the domain it belongs to, either like ''DOMAIN\username'' or ''username@domain.tld'', and it has to be  
 an account with sufficient privileges to join/unjoin clients to/from the domain(s) you want to manage. an account with sufficient privileges to join/unjoin clients to/from the domain(s) you want to manage.
  
-if a client currently is in a domain and shall join another, you need one account with sufficient privileges for +''username'' and ''password'' are prunned from productproperties upon every successful execution, so that they won't remain for 
-both domains, f.e. a trusted management domain containing such administrative accounts.  +
- +
-otherwise you have to do both steps seperately with different accounts. +
- +
-username and password are prunned from productproperties upon every successful execution, so that they won't remain for +
 everyone to see in cleartext. //i hope an option for password-masking in productproperties will be available soon.// everyone to see in cleartext. //i hope an option for password-masking in productproperties will be available soon.//
  
 ==== Setup ==== ==== Setup ====
 +if a client currently is in a domain and shall join another, this script will try to unjoin from the current domain,
 +and then joined to the new domain, with the same administrative account you provided. so you will need one account with sufficient privileges for
 +both domains, f.e. a trusted management domain containing such administrative accounts. otherwise, you have to do both steps
 +seperately - first unjoin, then join, with different accounts.
 +
 <code winst> <code winst>
 [Actions] [Actions]
Line 248: Line 252:
  
 ==== Uninstall ==== ==== Uninstall ====
 +It seems that actually deleting computer accounts from a domain upon unjoin is currently not possible, so keep in mind that you need to manually delete the account if you want it to be gone, f.e. to re-use the name for another computer. //I am planning to add this as an optional feature.//
 +
 <code winst> <code winst>
 [Actions] [Actions]
Line 277: Line 283:
  showBitmap "%ScriptPath%\domain.png" "Active Directory"   showBitmap "%ScriptPath%\domain.png" "Active Directory" 
  message "Leave domain " + $DomainCurrent$  message "Leave domain " + $DomainCurrent$
- ;leave domain+ ;unjoin domain
  execwith_vbs_domain_unjoin cscript //nologo //e:vbs  execwith_vbs_domain_unjoin cscript //nologo //e:vbs
  sub_check_domain_unjoin  sub_check_domain_unjoin
Line 337: Line 343:
 Relocating a client to a different ou within the same domain is still giving me some headache, Relocating a client to a different ou within the same domain is still giving me some headache,
 i am currently stuck at the part where the ADSI movehere function actually performs the relocation, i am currently stuck at the part where the ADSI movehere function actually performs the relocation,
-it will throw an arror "Active Directory: not implemented", what ever that means.+it will throw an error ''Active Directory: not implemented'' (what ever that means). 
 + 
 +If anyone can get this to work, i wouldn't mind a heads up (;
  
 <code winst> <code winst>
userspace/active_directory_-_join_leave_relocate_ou.1443636843.txt.gz · Last modified: 2021/08/23 08:37 (external edit)