DESCRIPTION
To join computer to domain, you have to logon to the target computer and specify target domain on the Computer Name tab of the System Control Panel ([1]). If computer account was pre-created in appropriate OU, this account will be used. If computer account could not be found in target domain, it will be created in the Computers container.
For computer accounts be in appropriate OUs, with ActiveRoles Server you can skip pre-creation phase and use script policy provided below to automatically move newly joined computers to appropriate OUs.
Using the DirSync control, ActiveRoles Administration Service receives all changes made in AD. As part of this process, Administration Service receives creation of new computer accounts in Computers container. Once such change detected, the script policy provided below moves the computer account to target OU.
There are couple instructions you need to follow to make it work:
Policy Object, containing this script policy, should be linked to the Computers container The "Handle changes from DirSync control" option should be set on the Script Module tab of the script policy entry property sheet
NOTES Administration Service receives changes from one selected DC, typically DC from the site where the Service is running. When joining computer account to domain, computer account in created on the DC, closest to the computer, typically DC from the computer's site. Consequently, for the Service to detect computer account creation, this change should be replicated from one DC to another. This might take a day, depending on your replication topology and schedule.
Note This code may use functions from the ARS Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.
SCRIPT
'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTBILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT QUEST PROFESSIONAL SERVICES.
'*********************************************************************************
'
' This code is published on the ActiveRoles Script Center:
' http://communities.quest.com/docs/DOC-9991
'
' This code may use functions from the ARS Script Policy Best Practices:
' http://communities.quest.com/docs/DOC-10016
'
' Please, follow the link to obtain instructions and code for those functions.
'*********************************************************************************
'
' Script name: Move Computer Account After Joining to Domain
' Script version: 1.0.0
'
' Requirements:
' - ActiveRoles Server 5.2.x or later
' - Policy Object is applied to the Computers container in target domain
' - The "Handle changes from DirSync control" option is set on the Script
' Module tab of the script policy entry property sheet
'
' This policy script detects new computer was joined to domain and moves the
' computer account from Computers container to an OU.
' -----------------------------------------------------------------------------
Option Explicit
' This constant defines the target OU name where to move new accounts
Const c_strNewContainerPath = "OU=MyOU,DC=domain,DC=com"
Sub onPostCreate(Request)
'--- Optimization: process only computer account modifications ---
If (LCase(Request.Class) <> "computer") Then Exit Sub
'--- Optimization: process only modifications, received from DC by DirSync ---
If (Request.Parameter("RequestSource") <> EDST_MOD_SOURCE_AD) Then Exit Sub
Dim objNewContainer, objAd
'--- Bind to target container ---
Set objNewContainer = GetObject("EDMS://" & c_strNewContainerPath)
'--- Move computer account to target container ---
Set objAd = objNewContainer.MoveHere(Request.ADsPath, vbNullString)
'--- Apply changes ---
objAd.SetInfo
End Sub
'***** END OF CODE ***************************************************************
COMPATIBILITY
Script compatible with the following version(s): ARS 5.2 or later