Location Attribute for Computers

Discussion:

(too old to reply)

Mo Bharoochi

2006-07-13 10:04:04 UTC

Hi,

I want to autopopulate the location attribute for my computer accounts based
on the location property set on the subnet in AD sites and Services.

The reason I want to do this is because we have a very large network
distributed over a large area (we have about 2200 subnets), and I have
defined groups of computers based on their location.

What I don't want to be doing for 150000+ computers, is manually configuring
their location attribute.

Thanks
Mo

Joe Richards [MVP]

2006-07-13 15:32:21 UTC

Permalink

You get to write a script to do this. There is nothing you can turn on
that will make it do it.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

Post by Mo Bharoochi
Hi,
I want to autopopulate the location attribute for my computer accounts based
on the location property set on the subnet in AD sites and Services.
The reason I want to do this is because we have a very large network
distributed over a large area (we have about 2200 subnets), and I have
defined groups of computers based on their location.
What I don't want to be doing for 150000+ computers, is manually configuring
their location attribute.
Thanks
Mo

Mo Bharoochi

2006-07-14 10:29:01 UTC

Permalink

Thanks.

Can you point me in the right direction to find out more information about
the scripts I get to write?

Regards
Mo

Post by Joe Richards [MVP]
You get to write a script to do this. There is nothing you can turn on
that will make it do it.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

Joe Richards [MVP]

2006-07-14 14:49:50 UTC

Permalink

I would recommend picking up the Active Directory Cookbook if you don't
have it. The second edition is now out, I was reviewer for both the
first and the second edition and it is one of the best books to help
with AD Scripting. Lots of little helpful ready made scripts.

Once you have an understanding of how to script, you need to figure out
which way you want to tackle it, there are two directions that can be
taken, distributed and centralized.

If you do it in a centralized manner, it means someone with rights to
write the location attribute runs a script that enumerates all machines
and then works out what their IP address and then works out the
subnet/site involved. Once you have the IP address you can use a program
from my website called ATSN to convert that to site/subnet info. You can
then populate the objects location attributes as you see fit.

If you do it in a distributed fashion, you need to decide either to run
the script in the security context of someone with rights to the
location attribute or grant rights to SELF on each computer object such
that it can write the location attribute and then use say a startup
script to do the lookup and write the info. Getting the local IP address
shouldn't be too tricky and again, you can use ATSN to look up the
subnet/site info or you have the option then of using NLTEST which is a
Microsoft written tool.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

Post by Mo Bharoochi
Thanks.
Can you point me in the right direction to find out more information about
the scripts I get to write?
Regards
Mo

Mo Bharoochi

2006-07-14 16:50:01 UTC

Permalink

Thanks again Joe.

I will have a look at the AD Cookbook and your website.

Regards
Mo

Post by Joe Richards [MVP]
I would recommend picking up the Active Directory Cookbook if you don't
have it. The second edition is now out, I was reviewer for both the
first and the second edition and it is one of the best books to help
with AD Scripting. Lots of little helpful ready made scripts.
Once you have an understanding of how to script, you need to figure out
which way you want to tackle it, there are two directions that can be
taken, distributed and centralized.
If you do it in a centralized manner, it means someone with rights to
write the location attribute runs a script that enumerates all machines
and then works out what their IP address and then works out the
subnet/site involved. Once you have the IP address you can use a program
from my website called ATSN to convert that to site/subnet info. You can
then populate the objects location attributes as you see fit.
If you do it in a distributed fashion, you need to decide either to run
the script in the security context of someone with rights to the
location attribute or grant rights to SELF on each computer object such
that it can write the location attribute and then use say a startup
script to do the lookup and write the info. Getting the local IP address
shouldn't be too tricky and again, you can use ATSN to look up the
subnet/site info or you have the option then of using NLTEST which is a
Microsoft written tool.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

Post by Mo Bharoochi
Thanks.
Can you point me in the right direction to find out more information about
the scripts I get to write?
Regards
Mo

Ken Aldrich

2006-07-19 21:49:37 UTC

Permalink

You could use scripting that would include logic to find out which site they
were in and populate the location attributes for each computer. If you want
a script-less alternative you could look at DSRAZOR for Windows.

It is still manual in the sense that you have to enter it in, but you can do
it for multiple computers. For example, if all computers in a specific OU
are in the same site, you can highlight all of those computers, press a
button, and update the location information for all of the selected
computers at once. This might actually take less time than learning how to
script, depending on how your sites and comptuers are laid out in AD.

www.visualclick.com/?source=sved071906
--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com