[PowerShell]Moving Computers from OSD Folder

[Scenario]

In AD(Active Directory) OSD OU(Organizational Unit), there are number of computers which have not been placed to local OU properly. This could cause issues such as AD policy unsync and lack of local admin. manegebility due to absence of local admin. AD group assigment.

 

[Objectives]

- Create PowerShell script to place computers in OSD OU to local OU

- Make it run daily

- Send email as report

 

[Steps]

To place computers to local OU, it is necessary to figure out which PC belongs to which OU.

Take time to scan all computer with current OU and find the rules.

 

Get-ADComputer -filter * | ft name, distinguishedname

name            distinguishedname                                                                                                          
----            -----------------                                                                                                          
KRSEOSER01      CN=KRSEOSER01,OU=Disabled Servers,OU=Disabled-Accounts,DC=Rotork,DC=co,DC=uk                                               
FRPARISSER02    CN=FRPARISSER02,OU=Domain Controllers,DC=Rotork,DC=co,DC=uk                                                                
PLGLISER02      CN=PLGLISER02,OU=Domain Controllers,DC=Rotork,DC=co,DC=uk                                                                  
GBWOLSER01      CN=GBWOLSER01,OU=Domain Controllers,DC=Rotork,DC=co,DC=uk                                                                  
KRYANSER02      CN=KRYANSER02,OU=Domain Controllers,DC=Rotork,DC=co,DC=uk                                                                  
UKBATSER81      CN=UKBATSER81,OU=Automatically Patched Servers,OU=Servers,OU=GB-Bath,OU=Rotork,DC=Rotork,DC=co,DC=uk                       
UKBATSER112     CN=UKBATSER112,OU=Automatically Patched Servers,OU=Servers,OU=GB-Bath,OU=Rotork,DC=Rotork,DC=co,DC=uk                      
UK-COMMERCE     CN=UK-COMMERCE,OU=Legacy Servers,OU=Citrix,OU=Blocked_GPO_Inheritance,OU=Servers,OU=GB-Bath,OU=Rotork,DC=Rotork,DC=co,DC=uk
UKBATSER14      CN=UKBATSER14,OU=Automatically Patched Servers,OU=Servers,OU=GB-Bath,OU=Rotork,DC=Rotork,DC=co,DC=uk                       
UK-VKT-7        CN=UK-VKT-7,OU=Disabled,OU=Workstations,OU=Disabled-Accounts,DC=Rotork,DC=co,DC=uk                                         
UKBATSER19      CN=UKBATSER19,OU=Disabled Servers,OU=Disabled-Accounts,DC=Rotork,DC=co,DC=uk
...

PC name has patterns such as first two characters for country, next three characters for city, then '-', one character for computer type and next 7 characters for Dell service tag. For example, Korea Seoul laptop computer with Dell service tag '1234ABC' goes "KRSEO-L-1234ABC". 

 

Thus list all ADgroup for local OU and match the rules with hashtable.

$OfficeOU =@{
    "AEDUB-L"=	"OU=Windows 10,OU=Laptops,OU=Workstations,OU=AE-Dubai,OU=Rotork,DC=Rotork,DC=co,DC=uk"
    "AUBAL-L"=	"OU=Windows 10,OU=Laptops,OU=Workstations,OU=AU-Bayswater,OU=Rotork,DC=Rotork,DC=co,DC=uk"
    "AUBAL-D"=	"OU=Windows 10,OU=Desktops,OU=Workstations,OU=AU-Bayswater,OU=Rotork,DC=Rotork,DC=co,DC=uk"
    "AUBAY-D"=	"OU=Windows 10,OU=Desktops,OU=Workstations,OU=AU-Bayswater,OU=Rotork,DC=Rotork,DC=co,DC=uk"
    ...
    }

 

This rules can be updated when it happens to open or close an office. The office information can be stored in CSV format and updated when there is any change. 

 

Lets start PowerShell script with creating hash tables for local office OU and process result.

#Creating hashtable for office OU address
$OfficeOU =@{}

#Creating hashtable for log
$Log=@{}

 

Import CSV file which has office OU information then save in OfficeOU hashtable

#Petching date from CSV file and put into the hashtable
($data = Import-CSV -path "\\kryanser03\Shared-Data\IT\Ref\OfficeOU.csv") | % {$OfficeOU.Add($_.Name, $_.Value)}

 

Get OSD folder location and fetch computers in the OSD OU

#Getting OSD OU
$osd = Get-ADOrganizationalUnit -Identity "OU=OSD,OU=Rotork,DC=Rotork,DC=co,DC=uk"

#Getting computers under OSD folder
$OSD_PC = Get-ADComputer -Filter * -SearchBase $osd

 

Now check each computer name and move the computer to proper local OU. To figure out whether each command run properly, add entity in the log hashtable the result.

#Fill move target table
$OSD_PC | % {
    
    if($OfficeOU[$_.Name.SubString(0,7)] -ne $null)
    {
        #$MoveTarget.add($_.Name, $OfficeOU[$_.Name.SubString(0,7)])
        Move-ADObject -Identity $_.DistinguishedName -TargetPath $OfficeOU[$_.Name.SubString(0,7)]
        $Log.add($_.Name, 'Success')
    }
    else
    {
        $Log.add( $_.Name, 'Fail')
    }    
}

 

Checking the log everyday would be burden so that make it to send report mail.

 

#Send report
$date = Get-Date -Format 'yyyy-MM-dd'
$html = $Log.GetEnumerator() | ConvertTo-html -Property Name, Value| Out-String


$mailMessage =@{
    from=[from mail]
    to=[to mail]
    Subject="OSD OU Folder Computer Shift Report - $date"
    Body=$html
    SMTPServer=[STMP server]
    BodyAsHtml=$true    
}
Send-MailMessage @mailMessage

* PowerShell support function to running command with hashtable input. Format goes "[command] @[hashtable]"

 

At last but not least, create task scheduler to run it daily. In general tab, fill out description and select "Run whether user is loggedon or not"

 

In trigger tab, make it run only Monday to Friday.

In action tab, set to run PowerShell and specify the path of PowerShell script with input parameter "-file"

Look all good. This script will run everyday at 8 am and send the result via email.