I created this function ages ago as part of a larger script that needed to be executed completely unattended.
Please note that this is NOT the ideal way to handle any operations that require credentials. Keeping credentials in a script is bad practice as anyone snooping around could happen upon them and create some problems. Instead, you should rely on webservices to do this and Maik Koster has put together an excellent little care package to help you get started.
Get-CurrentOU Prerequisites
My script has a few prerequisites:
- The name of the computer you’re working with
- The current AD site
- A [local] Domain Controller to connect to
This script does not rely on the ActiveDirectory module as I needed this to execute in environments where it wouldn’t be present.
I personally try to keep everything self contained where it makes sense to do so. It’s one of my [many] quirks.
The Computer Name
Just feed it as a parameter or let it default to the current machine name.
Finding the Current AD Site
Better see this post for that.
Finding a Local Domain Controller
Better see this post for that.
Get-CurrentOU
Function Get-CurrentOU { Param ( [Parameter(Mandatory=$true)] [string]$ADComputerName = $env:COMPUTERNAME, [Parameter(Mandatory=$false)] [string]$Site = $Global:Site, [Parameter(Mandatory=$false)] [string]$SiteDC = $Global:SiteDC ) Try { $Domain = ([ADSI]"LDAP://RootDSE").rootDomainNamingContext $_computerType = 'CN=Computer,CN=Schema,CN=Configuration,' + $Domain $path = 'LDAP://' + $SiteDC + "/" + $Domain $12 = 'YwBvAG4AdABvAHMAbwAuAGMAbwBtAFwAcwBlAHIAdgBpAGMAZQBfAGEAYwBjAG8AdQBuAHQAXwBqAG8AaQBuAF8AZABvAG0AYQBpAG4A' $3 = 'bQB5ACAAdQBiAGUAcgAgAHMAZQBrAHIAZQB0ACAAUAA0ADUANQB3ADAAcgBkACAAZgBvAHIAIABhAG4AIAAzADEAMwAzADcAIABoAGEAeAAwAHIAIQAhACEAMQAhAA==' $DirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($path,[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($12)),[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($3))) $DirectorySearcher = New-Object System.DirectoryServices.DirectorySearcher($DirectoryEntry) $DirectorySearcher.Filter = "(&(ObjectCategory=computer)(samaccountname=$ADComputerName$))" $SearchResults = $DirectorySearcher.FindAll() if($SearchResults.count -gt 0) { return (New-Object System.DirectoryServices.DirectoryEntry($SearchResults[0].Path,[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($12)),[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($3)))).Path.Substring(8+$siteDC.Length+3+$ADComputerName.length+1) } Else { Write-Host "ERROR: Computer object not found in AD: [$ADComputerName]"; return $false } } Catch { return $_ } }
This has worked well for me, but you’re welcome to use a different filter instead, such as
$DirectorySearcher.Filter = "(Name=$ADComputerName)"
As I mentioned above, you should really explore webservices instead of hardcoding passwords in scripts but this will work in a pinch until you can get that setup.
Good Providence!
One comment