Difference between revisions of "WPKG with Active Directory"
m (→Pulling workstation names to hosts.xml from Active Directory OUs automatically) |
Daniel.eggel (Talk | contribs) |
||
| Line 143: | Line 143: | ||
01 * * * * root perl /opt/ldap-wpkg.pl &>/dev/null | 01 * * * * root perl /opt/ldap-wpkg.pl &>/dev/null | ||
| − | + | = Pulling workstation names to hosts.xml from Active Directory OUs automatically with vbScript= | |
| + | This script takes out all computer objects from your whole Active directory Tree, and writes the OU in the hosts.xml | ||
| + | Const ADS_SCOPE_SUBTREE = 2 | ||
| + | |||
| + | set fs = CreateObject("Scripting.FileSystemObject") | ||
| + | set textstream = fs.CreateTextFile("hosts.xml", True) | ||
| + | textstream.WriteLine "<?xml version=""1.0"" encoding=""UTF-8""?>" & vbCrLf | ||
| + | textstream.WriteLine "<!-- automagically generated with " & Wscript.ScriptFullName | ||
| + | textstream.WriteLine " Date: " & Date() & " -->" & vbCrLf & vbCrLf | ||
| + | textstream.WriteLine "<wpkg>" | ||
| + | |||
| + | Set rootDSE = GetObject("LDAP://RootDSE") | ||
| + | domainContainer = rootDSE.Get("defaultNamingContext") | ||
| + | |||
| + | Set objConnection = CreateObject("ADODB.Connection") | ||
| + | Set objCommand = CreateObject("ADODB.Command") | ||
| + | objConnection.Provider = "ADsDSOObject" | ||
| + | objConnection.Open "Active Directory Provider" | ||
| + | |||
| + | Set objCOmmand.ActiveConnection = objConnection | ||
| + | objCommand.CommandText = _ | ||
| + | "Select Name, distinguishedName from 'LDAP://" & domainContainer & "' " _ | ||
| + | & "Where objectClass='computer'" | ||
| + | objCommand.Properties("Page Size") = 1000 | ||
| + | objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE | ||
| + | Set objRecordSet = objCommand.Execute | ||
| + | objRecordSet.MoveFirst | ||
| + | |||
| + | Do Until objRecordSet.EOF | ||
| + | 'Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value | ||
| + | 'Wscript.Echo "distinguishedName: " & objRecordSet.Fields("distinguishedName").Value | ||
| + | arrPath = Split(objRecordSet.Fields("distinguishedName").Value, ",") | ||
| + | strOU = "" | ||
| + | for each a in arrPath | ||
| + | if left(a,2) = "OU" Then | ||
| + | strOU = "/" & right(a,len(a) - 3) & strOU | ||
| + | End If | ||
| + | Next | ||
| + | 'Wscript.Echo "Path: " & StrOU | ||
| + | textstream.WriteLine vbTab & "<host name=""" & objRecordSet.Fields("Name").Value & """ profile-id=""" & StrOU & """ />" | ||
| + | objRecordSet.MoveNext | ||
| + | Loop | ||
| + | |||
| + | textstream.WriteLine "</wpkg>" | ||
| + | textstream.close | ||
| + | Wscript.Echo "Finished..." | ||
[[category:Documentation]] | [[category:Documentation]] | ||
[[category:Installation]] | [[category:Installation]] | ||
Revision as of 15:01, 19 January 2007
Contents
Active Directory settings
Below settings for Active Directory - screenshots are in German, but I think anyone who doesn't know German, but saw Active Directory will know what to do:
First, run dsa.msc or run "Active Directory Users and Computers".
Then navigate to the group of computers (OU), and select "Properties" ("Eigenschaften")
Next, select "Group Policy" ("Gruppenrichtlinie") and select "Open" ("Bearbeiten")
Note that the above can be accomplished using the "Group Policy Management" tool.
Next, you have to choose the right settings for the execution of scripts:
Correct settings for script execution
Navigate to Computerkonfiguration -> Administrative Vorlagen -> System -> Skripts
e.g. Computer Configuration -> Administrative Templates -> System -> Scripts
Make sure that "Startscripts asynchron ausführen" is set to "Aktiviert"
e.g. Apply Startup scripts asynchronously is set to enabled
This make sure that the user can log in, even though the software is still being installed. It's a good choice, because some unpatient users will just press Reboot button when they can't log in immediately, which can have unexpected results (software not installed properly etc.).
Next thing to set is setting "Maximale Wartezeit für Gruppenrichtlinienskripts" (Maximum wait time for Group Policy scripts). Default is 600 seconds (10 minutes), which can be often not enough for installing some software, or when you install more than one software package. So a safe bet is 1800 seconds (30 minutes).
Selecting a script
The last thing you have to do, is to select a script which will start WPKG on a system start. This script is located in a batch file:
\\server\path\to\WPKG\wpkg-start.bat
and contains the folowing line which starts WPKG:
cscript \\server\path\to\WPKG\wpkg.js /synchronize /quiet /nonotify
Notes
Sometimes a group policy is not applied when it is setup and the workstations are rebooted for the first time. The reason for this is that group policy is pulled from the server by default every ~90 minutes. If you require group policy to take effect immediately, you may run "gpupdate" (XP) or "secedit /refreshpolicy user_policy" and "secedit /refreshpolicy machine_policy" (Win2K) from each workstation.
Pulling workstation names to hosts.xml from Active Directory OUs automatically
If you have different OUs in your AD, and these OUs use different software settings, you will likely want to generate hosts.xml from your AD tree.
Here is a simple perl script for that - you have to execute it on a Linux server, and you need to have ldapsearch tool installed (it comes with OpenLDAP). It's not particularly beautiful, but it works.
Make sure you change the text in bold to match your settings:
#!/usr/bin/perl
# All OUs that contain computer accounts
@ous = ('ou=GR15-R1,ou=GR15,ou=classrooms,ou=uni',
'ou=FR7-FL,ou=FR7,ou=classrooms,ou=uni',
'ou=FR7-R3,ou=FR7,ou=classrooms,ou=uni',
'ou=FR5-R1,ou=FR5,ou=classrooms,ou=uni',
'ou=FR5-R1,ou=FR5,ou=classrooms,ou=uni',
'ou=Newinstallation,ou=uni',
'ou=Testinstallation,ou=uni',
'ou=temp,ou=uni');
# umount a share on AD (just in case), and then mount it
$server = "192.168.55.66";
$share = "/mnt/$server";
system "umount $share";
system "mount.cifs //$server/Admin $share -o username=user,pass=password";
# Work on each OU
foreach (@ous) {
# Get "OU name"
$_ =~ m/ou=([a-zA-Z0-9-]*)/;
$OU = "$1";
# LDAP command to retrieve data from a given OU
$ldapcommand = "ldapsearch -h $server -b \"$_,dc=example,dc=com\" -x -s sub \"objectclass=computer\"" .
" -w password -D \"cn=LDAP user,ou=IT,ou=uni,dc=example,dc=com\"";
# execute LDAP command
open( LDAPQUERY, "$ldapcommand |" ) or die "LDAP query error: $!";
# Get all fields that have cn=...
while ( <LDAPQUERY> ) {
next if ! /^cn: (.*)$/;
$cn = $1;
# ...and append them to @results
push @results, "$cn";
}
# Create $hosts variable with some content...
$hosts = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<wpkg>\n";
# ...and append hosts that we found (cn=) to that variable...
foreach (@results) {
$computer = $_;
# ...with proper syntax / formatting
$hosts = $hosts."<host name=\"$computer\" profile-id=\"$OU\" />\n";
}
# Append an ending to the file
$hosts = $hosts."</wpkg>\n";
# Where to put the xml file - in this case, we don't overwrite what's in WPKG/hosts
$data_file = "$share/WPKG/hosts/created_from_AD/$OU.xml";
# Open the file for writing
open DATA, ">$data_file" or die "can't open $data_file $!";
# Append data to the file
print DATA "$hosts";
# Clear @results
undef @results;
}
# close the file and umount a share on EDU DC
close DATA;
system "umount $share";
Cron entry
You can start it every hour via cron on your Linux system:
# generate hosts.xml from AD 01 * * * * root perl /opt/ldap-wpkg.pl &>/dev/null
Pulling workstation names to hosts.xml from Active Directory OUs automatically with vbScript
This script takes out all computer objects from your whole Active directory Tree, and writes the OU in the hosts.xml
Const ADS_SCOPE_SUBTREE = 2
set fs = CreateObject("Scripting.FileSystemObject")
set textstream = fs.CreateTextFile("hosts.xml", True)
textstream.WriteLine "<?xml version=""1.0"" encoding=""UTF-8""?>" & vbCrLf
textstream.WriteLine "" & vbCrLf & vbCrLf
textstream.WriteLine "<wpkg>"
Set rootDSE = GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, distinguishedName from 'LDAP://" & domainContainer & "' " _
& "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
'Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value
'Wscript.Echo "distinguishedName: " & objRecordSet.Fields("distinguishedName").Value
arrPath = Split(objRecordSet.Fields("distinguishedName").Value, ",")
strOU = ""
for each a in arrPath
if left(a,2) = "OU" Then
strOU = "/" & right(a,len(a) - 3) & strOU
End If
Next
'Wscript.Echo "Path: " & StrOU
textstream.WriteLine vbTab & "<host name=""" & objRecordSet.Fields("Name").Value & """ profile-id=""" & StrOU & """ />"
objRecordSet.MoveNext
Loop
textstream.WriteLine "</wpkg>"
textstream.close
Wscript.Echo "Finished..."