[gptalk] Re: Computer shows up in AD search but not GPO Delegation search

The computers were exported from the old domain suing the following script:


Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set ObjFS = CreateObject("Scripting.FileSystemObject")
Set ObjNewFile = objFS.CreateTextFile("compname.txt")

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name, Location from 'LDAP://DC=domain,DC=dcname,DC=com' " _
        & "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
    objNewFile.Writeline "Computer Name: " & objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
Loop

From there, I took that list of names exported and used this script to import 
the computer names into a particular OU:

' Script to create Active Directory Computer Accounts inside of GTAD CoM OU

If WScript.Arguments.Count < 2 Then
     WScript.Echo "Please provide a Computer Name, "  & "and ou in that order"
            WScript.Quit
End If

strComputer = WScript.Arguments(0)
sOU = WScript.Arguments(1)


set objOU = GetObject("LDAP://ou=" & sOU & 
",ou=LowerlevelOU,ou=_OnelevelupOU,dc=newdomain,dc=new,dc=com")
set ObjComputer = objOU.Create("Computer", "cn=" & strComputer)

objComputer.Put "SAMAccountName", strComputer & "$"
ObjComputer.SetInfo



I made a batch file that called this script, which was called 
Create-computer-accounts.vbs.  The format of the batch file was

Create-computer-accounts.vbs    BACKUPSERVER         Workstations
Create-computer-accounts.vbs    COM-391DC9C841E      Workstations
Create-computer-accounts.vbs    COM-F672140AC2E       Workstations
Create-computer-accounts.vbs    D978FN81         Workstations
Create-computer-accounts.vbs    FAC_T40_IMAGE          Workstations
Create-computer-accounts.vbs    FILESHARE      Workstations
Create-computer-accounts.vbs    GEORGIA-11BECB5      Workstations
Create-computer-accounts.vbs    GEORGIA-1D8575E       Workstations
Create-computer-accounts.vbs    GEORGIA-22B98E2       Workstations
Create-computer-accounts.vbs    GEORGIA-26CDEF2      Workstations
Create-computer-accounts.vbs    GEORGIA-2BA749A      Workstations
Create-computer-accounts.vbs    GEORGIA-356AA03       Workstations

So it called the vbs script, which then took the inputs of the Computer name, 
and the OU the Computer names should be placed and the rest was history





________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Omar Droubi
Sent: Tuesday, July 24, 2007 3:56 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Computer shows up in AD search but not GPO Delegation 
search

Your Statement "Note, that the computer names that did show up were imported 
from a vbs script."

Do you mean that the computers that showed up were created using a script as 
opposed to creation using AD users and Computers or created by joining a 
workstation to the domain?

If so there may be a few ways to understand this as I have seen this before 
using some portal products:


1.       I would do an LDIFDE export of the computer objects that were created 
by the script to check which object classes they belong to



Or

2.       I have seen service accounts- actual user accounts- created by 3rd 
party applications that for some reason or another produce a computer icon in 
AD users & Computers- but I was not able to reproduce that myself.

Glad to help

Omar



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Washington, Booker
Sent: Tuesday, July 24, 2007 10:32 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Computer shows up in AD search but not GPO Delegation 
search

I did not think to check that because other computers had shown up in the 
search, which now begs the question, why did some computer names show up, but 
not all (Note, that the computer names that did show up were imported from a 
vbs script.

But to answer the specific question, Yes, as soon as I checked "Computers" the 
computer that I created, did show up in the search.

Weird



Thanks



________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Omar Droubi
Sent: Monday, July 23, 2007 6:18 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Computer shows up in AD search but not GPO Delegation 
search

You need to check the box to search computers as well as groups, users and 
maybe contacts


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Washington, Booker
Sent: Monday, July 23, 2007 3:06 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Computer shows up in AD search but not GPO Delegation search

Why would a computer show up in an Active Directory search, but when I go into 
Group Policy management to apply a Delegation scope, the computer will not be 
found?

Any ideas?

Other related posts: