3,217
edits
Changes
m
'''NOTE!'''<br>= Notes =
no edit summary
= Active Directory settings =
Below settings for Active Directory - screenshots are in German, but I think anyone who doesn't know German, but saw Active Directory will know what to do:
Sometimes a group policy is not applied when it is setup and the workstations are rebooted for the first time. The reason for this is that group policy is pulled from the server by default every ~90 minutes. If you require group policy to take effect immediately, you may run "gpupdate" (XP) or "secedit /refreshpolicy user_policy" and "secedit /refreshpolicy machine_policy" (Win2K) from each workstation.
= Pulling workstation names to hosts.xml from Active Directory OUs automatically =
If you have different OUs in your AD, and these OUs use different software settings, you will likely want to generate hosts.xml from your AD tree.
Here is a simple perl script for that - you have to execute it on a Linux server, and you need to have <code>ldapsearch</code> tool installed (it comes with OpenLDAP). It's not particularly beautiful, but it works.<br>
Make sure you change the text in '''bold''' to match your settings:
#!/usr/bin/perl
# All OUs that contain computer accounts
@ous = (''''ou=GR15-R1,ou=GR15,ou=classrooms,ou=uni'''',
''''ou=FR7-FL,ou=FR7,ou=classrooms,ou=uni'''',
''''ou=FR7-R3,ou=FR7,ou=classrooms,ou=uni'''',
''''ou=FR5-R1,ou=FR5,ou=classrooms,ou=uni'''',
''''ou=FR5-R1,ou=FR5,ou=classrooms,ou=uni'''',
''''ou=Newinstallation,ou=uni'''',
''''ou=Testinstallation,ou=uni'''',
''''ou=temp,ou=uni'''');
# umount a share on AD (just in case), and then mount it
$server = "'''192.168.100.140'''";
$share = "'''/mnt/$server'''";
system "umount $share";
system "mount.cifs //$server/'''Admin''' $share -o username='''user''',pass='''password'''";
# Work on each OU
foreach (@ous) {
# Get "OU name"
$_ =~ m/ou=([a-zA-Z0-9-]*)/;
$OU = "$1";
# LDAP command to retrieve data from a given OU
$ldapcommand = "ldapsearch -h $server -b \"$_,'''dc=example,dc=com'''\" -x -s sub \"objectclass=computer\"" .
" -w '''password''' -D \"'''cn=LDAP user,ou=IT,ou=uni,dc=example,dc=com'''\"";
# execute LDAP command
open( LDAPQUERY, "$ldapcommand |" ) or die "LDAP query error: $!";
# Get all fields that have cn=...
while ( <LDAPQUERY> ) {
next if ! /^cn: (.*)$/;
$cn = $1;
# ...and append them to @results
push @results, "$cn";
}
# Create $hosts variable with some content...
$hosts = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<wpkg>\n";
# ...and append hosts that we found (cn=) to that variable...
foreach (@results) {
$computer = $_;
# ...with proper syntax / formatting
$hosts = $hosts."<host name=\"$computer\" profile-id=\"$OU\" />\n";
}
# Append an ending to the file
$hosts = $hosts."</wpkg>\n";
# Where to put the xml file - in this case, we don't overwrite what's in WPKG/hosts
$data_file = "$share/'''WPKG/hosts/created_from_AD/$OU.xml'''";
# Open the file for writing
open DATA, ">$data_file" or die "can't open $data_file $!";
# Append data to the file
print DATA "$hosts";
# Clear @results
undef @results;
}
# close the file and umount a share on EDU DC
close DATA;
system "umount $share";
You can start it every hour via cron on your Linux system:
# generate hosts.xml from AD
01 * * * * root perl /opt/ldap-wpkg.pl &>/dev/null
[[category:Documentation]]
[[category:Installation]]