FOG Change Domain OU

Greg Plamondon

I think it would be great if FOG would change OU if it detects that the host assigned OU has changed, and it is not within the specified OU. Right now, if the PC already exists in AD it will not perform any more actions. It would be extremely beneficial as we have limited some of our admins and they are unable to move hosts to a different OU.

The user assigned in FOG that enables domain domain joining does have permission to perform the OU moves. This is simply a request to enable more automated tracking and changing as possible.

Wayne Workman

@Greg-Plamondon said in FOG Change Domain OU:

We have admins here that do not have the permissions to AD to remove or move a pc to another OU.

Fog would need credentials that have permission to do it - either way.

Tom Elliott

@Wayne-Workman I edited the information to clarify what is needed.

I think it boils down that he’s trying to limit admin access, and if the wrong OU is assigned when the host joins the domain, changing the OU becomes a bit more difficult. I don’t even know if it’s possible, but I think such a feature could prove extremely helpful.

george1421

@Tom-Elliott The fog client could do this with a bit of coding (I actually have a script that does this in the windows realm. We deploy to a build up OU then on first run the script moves the target to the defined OU. A post install script sets this up during imaging, but that is a bit off point).

The FOG client will need to know the admin user to connect to AD with that has sufficient rights to move/change OU affiliation.

The vbscript to do this is pretty simple.

Set wshNetwork = CreateObject("WScript.Network")
Set objSysInfo = CreateObject( "ADSystemInfo" )

strMachineObjectOU = "ou=newou,dc=domain,dc=com"
strComputerDN = objSysInfo.ComputerName

nComma = InStr(strComputerDN,",")
strCurrentOU = Mid(strComputerDN,nComma+1)
strComputerName = Left(strComputerDN,nComma - 1)
 
' Just make sure the new OU is different than old OU else no value to move it
If UCase(strCurrentOU) <> UCase(strMachineObjectOU) Then
    Set objNewOU = GetObject("LDAP://" & strMachineObjectOU)
    Set objMoveComputer = objNewOU.MoveHere("LDAP://" & strComputerDN, strComputerName)
End If

Set wshNetwork = Nothing
Set objSysInfo = Nothing

The FOG server will need to detect the change in OU and inform the FOG client to move itself.

Greg Plamondon

@Wayne-Workman said in FOG Change Domain OU:

@Greg-Plamondon said in FOG Change Domain OU:

We have admins here that do not have the permissions to AD to remove or move a pc to another OU.

Fog would need credentials that have permission to do it - either way.

Doesn’t fog have the credentials already?

george1421

@Greg-Plamondon Yes those are the required credentials.

It sounds like FOG has all of the bits required (on the surface) to do this. I would recommend that you create a feature request post with your needs and then reference this thread.

(this is an outside view of the code) But, there will need to be some coding changes on the FOG server and the FOG client to achieve this request.

Tom Elliott

@george1421 This is a feature request.

george1421

@Tom-Elliott said in FOG Change Domain OU:

@george1421 This is a feature request.

Why yes it is… I looked at the URL and not the bread crumbs. Obviously I don’t know where the heck I’m at today.

mea culpa

Tom Elliott

All okay.