Created
August 31, 2011 12:40
-
-
Save discoposse/1183443 to your computer and use it in GitHub Desktop.
Move Windows 7 Active Directory Computers based on IP Address
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################ | |
# PowerShell routine to move Windows 7 Computers into OU structure based on IP # | |
################################################################################ | |
##################### | |
# Environment Setup # | |
##################### | |
#Add the Quest PowerShell snapin | |
Add-PsSnapIn Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue | |
#Set the threshold for an "old" computer which will be moved to the Disabled OU | |
$old = (Get-Date).AddDays(-60) # Modify the -60 to match your threshold | |
#Set the threshold for an "very old" computer which will be deleted | |
$veryold = (Get-Date).AddDays(-90) # Modify the -90 to match your threshold | |
############################## | |
# Set the Location IP ranges # | |
############################## | |
$Site1IPRange = "\b(?:(?:192)\.)" + "\b(?:(?:168)\.)" + "\b(?:(?:1)\.)" + "\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))" # 192.168.1.0/24 | |
$Site2IPRange = "\b(?:(?:192)\.)" + "\b(?:(?:168)\.)" + "\b(?:(?:2)\.)" + "\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))" # 192.168.2.0/24 | |
$Site3IPRange = "\b(?:(?:192)\.)" + "\b(?:(?:168)\.)" + "\b(?:(?:3)\.)" + "\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))" # 192.168.3.0/24 | |
######################## | |
# Set the Location OUs # | |
######################## | |
# Disabled OU | |
$DisabledDN = "OU=Disabled,DC=yourdomain,DC=com" | |
# OU Locations | |
$Site1DN = "OU=Site1,DC=yourdomain,DC=com" | |
$Site2DN = "OU=Site2,DC=yourdomain,DC=com" | |
$Site3DN = "OU=Site3,DC=yourdomain,DC=com" | |
############### | |
# The process # | |
############### | |
# Query Active Directory for Computers running Windows 7 (Any version) and move the objects to the correct OU based on IP | |
Get-QADComputer -ComputerRole member -IncludedProperties pwdLastSet -SizeLimit 0 -OSName 'Windows 7*' | ForEach-Object { | |
# Ignore Error Messages and continue on | |
trap [System.Net.Sockets.SocketException] { continue; } | |
# Set variables for Name and current OU | |
$ComputerName = $_.Name | |
$ComputerDN = $_.DN | |
# If the computer is more than 90 days off the network, remove the computer object | |
if ($_.pwdLastSet -le $veryold) { | |
Remove-QADObject -Identity $ComputerDN -WhatIf | |
} | |
# Check to see if it is an "old" computer account and move it to the Disabled\Computers OU | |
if ($_.pwdLastSet -le $old) { | |
$DestinationDN = $DisabledDN | |
Move-QADObject -Identity $ComputerDN -NewParentContainer $DestinationDN -WhatIf | |
} | |
# Query DNS for IP | |
# First we clear the previous IP. If the lookup fails it will retain the previous IP and incorrectly identify the subnet | |
$IP = $NULL | |
$IP = [System.Net.Dns]::GetHostAddresses("$ComputerName") | |
# Use the $IPLocation to determine the computer's destination network location | |
# | |
# | |
if ($IP -match $Site1IPRange) { | |
$DestinationDN = $Site1DN | |
} | |
ElseIf ($IP -match $Site2IPRange) { | |
$DestinationDN = $Site2DN | |
} | |
ElseIf ($IP -match $Site3IPRange) { | |
$DestinationDN = $Site3DN | |
} | |
Else { | |
# If the subnet does not match we should not move the computer so we do Nothing | |
$DestinationDN = $ComputerDN } | |
# Move the Computer object to the appropriate OU | |
# If the IP is NULL we will trust it is an "old" or "very old" computer so we won't move it again | |
if ($IP -ne $NULL) { | |
Move-QADObject -Identity $ComputerDN -NewParentContainer $DestinationDN -WhatIf | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment