Hey, Scripting Guy! In a logon script, which attribute do I use to determine the OU that the local computer belongs to?
— JP
Hey, JP. Most people are familiar with Cupid, the Roman god of love. In fact, you’d be hard-pressed to find anyone who doesn’t know that Cupid carries with him a quiver of gold-tipped arrows. Get struck by one of Cupid’s arrows, and you’ll instantly fall in love with whomever Cupid dictates.
Ah, but here’s something that most people don’t know: in addition to his gold-tipped arrows Cupid also carries a few lead-tipped arrows. What happens if you get struck by one of those arrows? You got it: you’ll instantly hate whomever Cupid dictates. Something to keep in mind the next time you see Cupid buzzing around your window.
So why are we wasting valuable Web space talking about Roman mythology? That’s easy: we Scripting Guys have taken a sacred vow to tell people things that they don’t already know. Most people don’t know that Cupid can cause you to hate others just as easily as he can cause you to love others; therefore, it’s our duty to tell you this. Likewise, it’s our duty to tell you that– for some reason – there is no Active Directory attribute that tells you which OU a computer belongs to. If you were hoping to use a line of code like this to determine a computer’s OU, well, sorry but you’re out of luck:
Wscript.Echo objComputer.OU
But wait; don’t go just yet. After all, the Scripting Guys have taken a lot of sacred vows; let’s see if we can find another one that might prove useful. Let’s see: “Always put the garbage out the night before the garbage gets picked up.” Good advice, but it probably doesn’t apply here.
How about this one: “Always make fun of the Oakland Raiders even when there’s absolutely no reason to mention the Oakland Raiders” Actually, we’d never do that; Oakland Raider fans are miserable enough as it is.
Oh, wait, here we go: “Whenever there’s no obvious way to do something try to find a way to do it anyway.”
Based on that sacred vow:
Set objSysInfo = CreateObject("ADSystemInfo") strComputer = objSysInfo.ComputerName Set objComputer = GetObject("LDAP://" & strComputer) arrOUs = Split(objComputer.Parent, ",") arrMainOU = Split(arrOUs(0), "=") Wscript.Echo arrMainOU(1)
Yes, this is an odd-looking script; for one thing, who’d have ever guessed that you could use that many Split functions in such a short snippet of code? So let’s see if we can explain how this all works.
To begin with, we create an instance of the ADSystemInfo object, an object that can return all sorts of useful information about the local computer and the logged-on user (for a sample script that shows all the information that can be returned using ADSystemInfo click here). We then use this line of code to store the value of the ComputerName property in a variable named strComputer:
strComputer = objSysInfo.ComputerName
As it turns out, the ComputerName property actually returns the distinguished name of the computer; that means you’re going to get back a value similar to this:
CN=ATL-WS-01,OU=Accounting,OU=Finance,DC=fabrikam,DC=com
As you can see, the computer’s OU – Accounting – happens to be embedded within the distinguished name. All we have to do now is figure out how to extract the OU name.
To be honest, there are several different ways to go about extracting the OU name. After giving this a tiny bit of thought we decided to start the process by using this line of code to connect to the computer account in Active Directory:
Set objComputer = GetObject("LDAP://" & strComputer)
That, in turn, brings us to this portion of the script:
arrOUs = Split(objComputer.Parent, ",")
What the heck is going on here? What we’re doing is using the Split function to split the value of the computer’s Parent attribute into an array. What’s the Parent attribute? In this case, it’s going to be the ADsPath of the container in which the computer object resides. In other words, it’s equal to this:
LDAP://OU=Accounting,OU=Finance,DC=fabrikam,DC=com
When we split the value of the Parent attribute on the comma, we end up with an array (named arrOUs) that contains the following elements:
LDAP://OU=Accounting OU=Finance DC=fabrikam DC=com
As you can see, we’re getting closer; in fact, the first element in our array (element 0) is exactly what we need, assuming we can get rid of the LDAP://OU=, that is. So then why don’t we get rid of the LDAP://OU=? The following line of code takes element 0 in the array arrOUs – LDAP://OU=Accounting – and splits that value on the equals sign (=):
arrMainOU = Split(arrOUs(0), "=")
The net result? Another array (arrMainOU) containing these two elements:
LDAP://OU Accounting
All we have to do now is echo back the second item in the array (element 1) and we’re done:
Wscript.Echo arrMainOU(1)
Like we said, it’s a roundabout way of getting the computer OU but, for better or worse, there’s nothing but a roundabout way of getting the computer OU. But hey, as long as it works, right?
Now, before we go, is there anything else that the Scripting Guys know that you need to know as well? Maybe, say, the story of Cupid and Psyche, complete with deranged man-killing sheep, talking towers, and a box full of eternal sleep?
Oh. Well, OK; guess we’ll save that story for a future column. Hey, what are you guys doing tomorrow?
0 comments