InTrust script to enumerate laptop or desktop computers by AD Site.

Question

In our AD forest they have put all desktop and laptop computers from all AD sites in the same OU. All the desktop computer names begin with "D" and all the laptop computer names begin with "L". 
 I would like to be able to build separate InTrust sites for gathering jobs for the laptop and desktop computers by site. 
 
 As an end result would like to have InTrust Sites organized - 
 AD Site A Desktops AD Site A Laptops AD Site B Desktops AD Site B Laptops ... and so on 
 
 I would like to do this by InTrust enumeration script, perhaps filtering the computer names in the OU examining all the ones that begin with D or L and then filtering the results by site from the command "nltest /server:<computername> /dsgetsite". Unclear how to do this most efficiently/reliably in an InTrust script. And there might be a more eloquent way. 
 
 Thinking perhaps somebody has already travelled this path and can provide tips or even a script.

Igor.Ilyin · Accepted Answer

OK, here goes even more simple solution. Do you know the joke that at present time good developer should not write code, he'd better delete code. So we'll try to get rid of script modifications. The second attempt is based on the assumption that site info comes through GPO and is stored in the registry. We have registry filtering in our sites. Please evaluate the following: 
 
 Create a site in InTrust Manager, use script "Enumeration Script: LDAP query" as site object. 
 In the script properties set: 
 
 Attribute Name = dnsHostName 
 Bind String = LDAP://DC=Contoso,DC=com ( change to your domain) 
 Filter = (&(objectCategory=computer)(name=D*)) (D* for Desktops, L* for Laptops) 
 Need Deep Search = 1 
 Search Scope = 2

In the site properties go to Filter tab 
 Click Attribute - New - Registry Value - Next 
 Set Registry Value to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Site-Name, String, =, Default-First-Site-Name (Default-First-Site-Name = change to your Site name) 
 Set the attribute name equal to the AD Site Name. 
 Commit, go to enumeration tab of the site (in the right html pane of InTrust Manager) and check if the site works. 
 Create a number of similar sites for each AD Site, D and L.

Igor.Ilyin · Answer

Hi Chris, 
 The most elegant solution is described here , citation: " computer/site information is not stored in AD. BUT, there is nothing stopping you from putting it there ". It requires some effort on distributing a startup script to all computers in your environment. The whole solution including InTrust part might be the following: 
 $obj = new-object -com ADSystemInfo $type = $obj.gettype() $adsite = $type.InvokeMember("sitename","GetProperty",$null,$obj,$null) if($adsite -eq $null){$adsite = "UNKNOWN"} $root = [ADSI]"LDAP://DC=Contoso,DC=com" $search = [adsisearcher]$root $name = $ENV:COMPUTERNAME $Search.Filter = "(&(SamAccountName=$name$))" $computer = $Search.FindOne() | foreach{$cproperties=$_.GetDirectoryEntry()} $adsiteinad = $cproperties.extensionattribute8 if($adsiteinad -eq $adsite){}else{ $cproperties.extensionattribute8 = [string]$adsite $cproperties.SetInfo() } 
 
 Change DC=Contoso,DC=com to your domain or add some code to detect current domain. 
 Distribute a script using GPO or Ops Manager or other way to run on all computers on start-up or on schedule. 
 Create a site in InTrust Manager, use script "Enumeration Script: LDAP query" as site object. 
 In the script properties set:
 
 Attribute Name = dnsHostName 
 Bind String = LDAP://DC=Contoso,DC=com ( change to your domain) 
 Filter = (&(objectCategory=computer)(extensionattribute8=Default-First-Site-Name)(name=D*)) (Default-First-Site-Name = change to your Site, D* for Desktops, L* for Laptops) 
 Need Deep Search = 1 
 Search Scope = 2

Check if the site works. 
 Create a number of similar sites for each AD Site, D and L. 
 
 What do you think if it can be implemented in your environment?

InTrust script to enumerate laptop or desktop computers by AD Site.

Top Replies