This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
userspace:active_directory_-_join_leave_relocate_ou [2015/09/30 18:25] larsg |
userspace:active_directory_-_join_leave_relocate_ou [2021/08/23 08:37] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Active Directory client management, join/leave/relocate ou ====== | + | ====== Active Directory client management, join/unjoin/relocate ou ====== |
- | | + | created by LarsG [[lars.gruenheid@civitec.de]] 2015/09/30 |
* tested under windows 7 | * tested under windows 7 | ||
Line 8: | Line 8: | ||
With this package, you can join or leave a domain, and in theory change the ou-path for the client within a domain (still experimental, | With this package, you can join or leave a domain, and in theory change the ou-path for the client within a domain (still experimental, | ||
- | These three functions are conveniently assigned to the action requests setup (join), uninstall (leave), update (relocate). | + | These three functions are conveniently assigned to the action requests setup (join), uninstall (unjoin), update (relocate). |
This package relies on three product properties: | This package relies on three product properties: | ||
Line 26: | Line 26: | ||
'' | '' | ||
an account with sufficient privileges to join/unjoin clients to/from the domain(s) you want to manage. | an account with sufficient privileges to join/unjoin clients to/from the domain(s) you want to manage. | ||
- | |||
- | if a client currently is in a domain and shall join another, you need one account with sufficient privileges for | ||
- | both domains, f.e. a trusted management domain containing such administrative accounts. | ||
- | |||
- | otherwise you have to do both steps seperately with different accounts. | ||
'' | '' | ||
Line 36: | Line 31: | ||
==== Setup ==== | ==== Setup ==== | ||
+ | if a client currently is in a domain and shall join another, this script will try to unjoin from the current domain, | ||
+ | and then joined to the new domain, with the same administrative account you provided. so you will need one account with sufficient privileges for | ||
+ | both domains, f.e. a trusted management domain containing such administrative accounts. otherwise, you have to do both steps | ||
+ | seperately - first unjoin, then join, with different accounts. | ||
+ | |||
<code winst> | <code winst> | ||
[Actions] | [Actions] | ||
Line 252: | Line 252: | ||
==== Uninstall ==== | ==== Uninstall ==== | ||
+ | It seems that actually deleting computer accounts from a domain upon unjoin is currently not possible, so keep in mind that you need to manually delete the account if you want it to be gone, f.e. to re-use the name for another computer. //I am planning to add this as an optional feature.// | ||
+ | |||
<code winst> | <code winst> | ||
[Actions] | [Actions] | ||
Line 281: | Line 283: | ||
showBitmap " | showBitmap " | ||
message "Leave domain " + $DomainCurrent$ | message "Leave domain " + $DomainCurrent$ | ||
- | ;leave domain | + | ;unjoin |
execwith_vbs_domain_unjoin cscript //nologo //e:vbs | execwith_vbs_domain_unjoin cscript //nologo //e:vbs | ||
sub_check_domain_unjoin | sub_check_domain_unjoin | ||
Line 341: | Line 343: | ||
Relocating a client to a different ou within the same domain is still giving me some headache, | Relocating a client to a different ou within the same domain is still giving me some headache, | ||
i am currently stuck at the part where the ADSI movehere function actually performs the relocation, | i am currently stuck at the part where the ADSI movehere function actually performs the relocation, | ||
- | it will throw an arror '' | + | it will throw an error '' |
If anyone can get this to work, i wouldn' | If anyone can get this to work, i wouldn' |