"Computers" is a container
You can't add OU's to a container
the computers should be moved
to the appropriate OU's that contain
the group policy that you want applied to the computer object.
I suggest whoever told you to add containers to the computer
container should learn more about planning an AD structure first
- Evan
Thanks even, but I belive we may not have been on the same page. The
"computer" ou is a child ou, under a school or department ou.
I have received a solution that worked well and wanted to post, in
case anyone might find it helpful.
First, I assume your containers are all Organizational Units. Perhaps
the
most efficient way to find all OU's called ou=Computer is to use ADO.
We
search for all objects with objectCategory=organizationalUnit and
ou=Computer. We need to bind to each, so we retrieve the Distinguished
Name.
We use the Create method of the container/OU object to create child
OU's
called Administration, Teacher, and Student. My solution:
===========
Option Explicit
Dim objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strDN, objOU, objNewOU
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use ADO to search Active Directory.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on all Organizational Units with Relative Distinguished
' Name ou=Computer.
strFilter = "(&(objectCategory=organizationalUnit)(ou=computer))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes &
";subtree"
' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
' Bind to object.
Set objOU = GetObject("LDAP://" & strDN)
' Create child OU's.
' Trap error if OU already exists.
On Error Resume Next
Set objNewOU = objOU.Create("organizationalUnit",
"ou=Administration")
If (Err.Number <> 0) Then
Err.Clear
Wscript.Echo strDN & " already has child OU Administration"
Else
objNewOU.SetInfo
End If
Set objNewOU = objOU.Create("organizationalUnit", "ou=Teacher")
If (Err.Number <> 0) Then
Err.Clear
Wscript.Echo strDN & " already has child OU Teacher"
Else
objNewOU.SetInfo
End If
Set objNewOU = objOU.Create("organizationalUnit", "ou=Student")
If (Err.Number <> 0) Then
Err.Clear
Wscript.Echo strDN & " already has child OU Student"
Else
objNewOU.SetInfo
End If
On Error GoTo 0
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
' Clean up.
Set objRootDSE = Nothing
Set adoCommand = Nothing
Set adoConnection = Nothing
Set adoRecordset = Nothing
========
Next problem is probably how to move existing computer objects into
the
correct OU. Is there some way to tell, perhaps from the NetBIOS name,
which
OU is proper? To move, you would bind to the new container/OU object
and use
the MoveHere method. You pass the AdsPath of the object to this
method.