• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Move computer account to appropriate OU on joining computer to domain
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • -Computer management
          • Allow only computers be members of a group
          • Move computer account to appropriate OU on joining computer to domain
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • +Group management
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • +User management
        • Validate moving operations
        • +VBScript: Approval

Move computer account to appropriate OU on joining computer to domain

DESCRIPTION

Normally, in order to join a computer to the domain, you have to logon to the target computer and specify the target domain on the Computer Name tab of the System Control Panel ([1]). If a computer account was pre-created in an appropriate OU, this account will be used. If a computer account could not be found in the target domain, it will be created in the Computers container.

For computer accounts in appropriate OUs, using Active Roles Server it is possible to skip the pre-creation phase and use a script policy like the one provided below to automatically move newly joined computers to appropriate OUs.

Using the DirSync control, the Active Roles Administration Service receives all changes made in Active Roles. As part of this process, the Administration Service receives a notification concerning the creation of new computer accounts in the Computers container. Once such a change is detected, the script policy provided below moves the computer account to target OU.

The Policy Object containing this script policy should be linked to the relevant container. The Handle changes from DirSync control option should be set on the Script Module tab of the script policy entry property sheet

NOTES: The Active Roles  Administration Service receives changes from one specific Domain Controller, typically the Domain Controller from the site where the Service is running. When joining a computer account to a domain, the computer account is created on the Domain Controller closest to the computer, typically a Domain Controller from the computer's site. Consequently, for the Active Roles Administration Service to detect computer account creation, this change should be replicated from one DC to another. This might take minutes or hours, depending on your replication topology and schedule.


Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.


SCRIPT

 

'*********************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.

'*********************************************************************************

'

' Script name: Move Computer Account After Joining to Domain

' Script version: 1.0.0

'

' Requirements:

' - Policy Object is applied to the Computers container in target domain

' - The "Handle changes from DirSync control" option is set on the Script

' Module tab of the script policy entry property sheet

'

' This policy script detects new computer was joined to domain and moves the

' computer account from Computers container to an OU.

' -----------------------------------------------------------------------------

Option Explicit

' This constant defines the target OU name where to move new accounts

Const c_strNewContainerPath = "OU=MyOU,DC=domain,DC=com"

Sub onPostCreate(Request)

'--- Optimization: process only computer account modifications ---

If (LCase(Request.Class) <> "computer") Then Exit Sub

'--- Optimization: process only modifications, received from DC by DirSync ---

If (Request.Parameter("RequestSource") <> EDST_MOD_SOURCE_AD) Then Exit Sub

Dim objNewContainer, objAd

'--- Bind to target container ---

Set objNewContainer = GetObject("EDMS://" & c_strNewContainerPath)

'--- Move computer account to target container ---

Set objAd = objNewContainer.MoveHere(Request.ADsPath, vbNullString)

'--- Apply changes ---

objAd.SetInfo

End Sub

'***** END OF CODE ***************************************************************

  • Script Center
  • Script Center: VBScript
  • Share
  • History
  • More
  • Cancel
Related
Recommended
  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center