FOG Change Domain OU


  • Testers

    I think it would be great if FOG would change OU if it detects that the host assigned OU has changed, and it is not within the specified OU. Right now, if the PC already exists in AD it will not perform any more actions. It would be extremely beneficial as we have limited some of our admins and they are unable to move hosts to a different OU.

    The user assigned in FOG that enables domain domain joining does have permission to perform the OU moves. This is simply a request to enable more automated tracking and changing as possible.


  • Senior Developer

    All okay.


  • Moderator

    @Tom-Elliott said in FOG Change Domain OU:

    @george1421 This is a feature request.

    Why yes it is… I looked at the URL and not the bread crumbs. Obviously I don’t know where the heck I’m at today.

    mea culpa


  • Senior Developer

    @george1421 This is a feature request.


  • Moderator

    @Greg-Plamondon Yes those are the required credentials.

    It sounds like FOG has all of the bits required (on the surface) to do this. I would recommend that you create a feature request post with your needs and then reference this thread.

    (this is an outside view of the code) But, there will need to be some coding changes on the FOG server and the FOG client to achieve this request.


  • Testers

    @Wayne-Workman said in FOG Change Domain OU:

    @Greg-Plamondon said in FOG Change Domain OU:

    We have admins here that do not have the permissions to AD to remove or move a pc to another OU.

    Fog would need credentials that have permission to do it - either way.

    Doesn’t fog have the credentials already?
    0_1469123229964_fogad.PNG


  • Moderator

    @Tom-Elliott The fog client could do this with a bit of coding (I actually have a script that does this in the windows realm. We deploy to a build up OU then on first run the script moves the target to the defined OU. A post install script sets this up during imaging, but that is a bit off point).

    The FOG client will need to know the admin user to connect to AD with that has sufficient rights to move/change OU affiliation.

    The vbscript to do this is pretty simple.

    Set wshNetwork = CreateObject("WScript.Network")
    Set objSysInfo = CreateObject( "ADSystemInfo" )
    
    strMachineObjectOU = "ou=newou,dc=domain,dc=com"
    strComputerDN = objSysInfo.ComputerName
    
    nComma = InStr(strComputerDN,",")
    strCurrentOU = Mid(strComputerDN,nComma+1)
    strComputerName = Left(strComputerDN,nComma - 1)
     
    ' Just make sure the new OU is different than old OU else no value to move it
    If UCase(strCurrentOU) <> UCase(strMachineObjectOU) Then
        Set objNewOU = GetObject("LDAP://" & strMachineObjectOU)
        Set objMoveComputer = objNewOU.MoveHere("LDAP://" & strComputerDN, strComputerName)
    End If
    
    Set wshNetwork = Nothing
    Set objSysInfo = Nothing
    

    The FOG server will need to detect the change in OU and inform the FOG client to move itself.


  • Senior Developer

    @Wayne-Workman I edited the information to clarify what is needed.

    I think it boils down that he’s trying to limit admin access, and if the wrong OU is assigned when the host joins the domain, changing the OU becomes a bit more difficult. I don’t even know if it’s possible, but I think such a feature could prove extremely helpful.


  • Moderator

    @Greg-Plamondon said in FOG Change Domain OU:

    We have admins here that do not have the permissions to AD to remove or move a pc to another OU.

    Fog would need credentials that have permission to do it - either way.


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.