Active Directory OU aliases
-
We have multiple OU destinations for computers joined to our domain via FOG, and right now I’m using a text file as a cheat sheet for those OU paths, which I copy and paste into the host settings.
What would be nice is if we could define aliases to use for each OU, rather than having to type/paste the full OU path each time we set up a new host, or not have to put them in the same OU every time.
Perhaps aliases could be defined in FOG settings, and then the user could select from a dropdown list in the Active Directory settings for the host? Correct me if I’m wrong, but this would be as simple as a constant being defined for the OU path string when the user creates an alias.
-
You could write a plugin to change how OU’s are displayed to the screen.
If it’s any help, however, you CAN create an array of aliases in FOG currently which would allow you to choose a select box rather than type in the OU to each host.
For example:
in the DEFAULT OU listing you would create a select dropdown list of OU’s by writing out each full ou string, and separating each one with a
|.You designate a “default selected OU” by trailing the string with a
;For example:
OU=TestOU,OU=Groups,DC=MASTACONTROLA,DC=local;|OU=TestOUÄ,OU=Groups,DC=MASTACONTROLA,DC=localSeparates the different OU’s into a select box that looks like:
You will also notice that the item that’s selected is also the item that has a trailing
;on it. -
We have a fairly complex OU structure at my company. The OU is calculated at deployment time based on the location (city) the image is being installed at, what form factor the target computer is (desktop, portable), and the hard disk image being deployed (lab, kiosk, workstation). Because of this complexity we don’t let FOG connect the target to the domain, but instead we use a FOG post install script to calculate the proper OU path and then it updates the unattend.xml file on the target computer. We do something similar for the computer name, but that’s a bit off point.
I just wanted to show you that there ARE other ways to manage a complex environment than with FOG’s native tools.
-
@george1421 I’d be really interested in your setup, because that’s exactly what I would ultimatly want. Our setup would be much simpler, if it’s possible to do it this way, but we have several physical locations and one OU per location.
How might I go about getting FOG to change the OU based on location? I am using the plugin. Might you be able to share a redacted version of the scripts you’re using?
-
@moses If you look at this post: https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/6
You’ll see how to identify the location by it IP address of where the FOS image is running.
myip=`ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2`; case "${myip}" in 10.1) sitecode="NYC"; timezone="Eastern Standard Time"; oupath="ou=computers,ou=nyc,dc=domain,dc=com"; ;; 10.2) sitecode="LA"; timezone="Western Standard Time"; oupath="ou=computers,ou=la,dc=domain,dc=com"; ;; *) # Default code for the unknowns sitecode="CORP"; timezone="Eastern Standard Time"; oupath="ou=computers,ou=corp,dc=domain,dc=com"; ;; esacIf you couple that with this post:
https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/7 you can see how I use sed to modify the unattend.xml script# Unattend.xml path (note the case specifics in the file name and path) unattendfile="/ntfs/Windows/Panther/unattend.xml"; sed -i -e "s#<MachineObjectOU>\([^<][^<]*\)</MachineObjectOU>#<MachineObjectOU>${oupath}</MachineObjectOU>#gi" $unattendfileIf someone wanted to merge all of the bits together from that tutorial into a script it might look like this.
#!/bin/bash . /usr/share/fog/lib/funcs.sh # windows 7 osdiskpart="/dev/sda2"; # create a directory to hang the Windows C: drive partition on in FOS # the 2>/dev/null below just redirects any errors from the mkdir command to null. i.e. # if the directory already exists, I don't want to know about it, just hide the error. Understand # that I could have tested if the directory already existed, but that takes more programming steps # I'm just going to try to create it and ignore the error if it already exists. mkdir /ntfs 2>/dev/null # This next command connects the hard drive partition to the directory we just created. You will see the # 2>/tmp/mntfail at the end of the mount command. In this case if the connection fails we want to write # the output to a text file we can review and test to see if it exists. If the file exists then something went # wrong with the connection to the hard disk partition. mount.ntfs-3g "${osdiskpart}" /ntfs 2>/tmp/mntfail # this last bit of magic checks to see if the mntfail file exists and if it does then it means the mount # failed so there is no need to continue on with the script. mntRet="$?"; if [ ! "$mntRet" = "0" ]; then echo "Failed to mount C:"; # display what happened cat /tmp/mntfail; # give the reader a chance to see what the error was sleep 12; # terminate the post install script exit 1; fi # Unattend.xml path (note the case specifics in the file name and path) unattendfile="/ntfs/Windows/Panther/unattend.xml"; chassis=`dmidecode -s chassis-type`; chassis="${chassis%"${chassis##*[![:space:]]}"}"; #Remove training space chassis="${chassis,,}"; # Convert string to lower if [ "$chassis" = "laptop" ]; then chtype="Portable"; elif [ "$chassis" = "tablet" ]; then chtype="Tablet"; else # We'll default every other chassis type to desktop chtype="Desktop"; fi # you may need to replace the host 8.8.8.8 with a valid target address if you have a closed network myip=`ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2`; case "${myip}" in 10.1) sitecode="NYC"; timezone="Eastern Standard Time"; oupath="ou=computers,ou=nyc,dc=domain,dc=com"; ;; 10.2) sitecode="LA"; timezone="Western Standard Time"; oupath="ou=computers,ou=la,dc=domain,dc=com"; ;; *) # Default code for the unknowns sitecode="CORP"; timezone="Eastern Standard Time"; oupath="ou=computers,ou=corp,dc=domain,dc=com"; ;; esac sed -i -e "s#<ComputerName>\([^<][^<]*\)</ComputerName>#<ComputerName>$hostname</ComputerName>#gi" $unatendfile sed -i -e "s#<TimeZone>\([^<][^<]*\)</TimeZone>#<TimeZone>$timezone</TimeZone>#gi" $unattendfile sed -i -e "s#<MachineObjectOU>\([^<][^<]*\)</MachineObjectOU>#<MachineObjectOU>${oupath}</MachineObjectOU>#gi" $unattendfileUnderstand these are just snippets of code that are stuck together in some kind of logical order. The above hasn’t been tested. There are also some assumptions in this script as to the partition layout for win7. There are other scripts in other of my tutorials that does a better job of actually finding the ‘C:’ drive on the target computer. In the snippet above the fog client isn’t used to name the computer or connect it to the domain. The unattend.xml file is use for that. So you need to have the other bits in the unattend.xml file so the target is capable of doing what it needs. Like having a user account defined that is allowed to add computers to the domain and such.