(imported topic written by JRigas)
Hey everyone,
Is it possible to get the information about to which Active Directory Site a computer belongs too?
Thanks in advance.
(imported comment written by NoahSalzman)
“Active Directory Path” is in the first section of Computer Properties when looking at a computer in the Console… will that work for you?
(imported comment written by JRigas)
Does it contain the AD Site?
I thought it only contained the OU and computer group?
I’ve searched for more information on this, but couldn’t really find something.
So I’m not sure what’s in the AD pathname.
If the AD Site is in the pathname, then yes, this answers my question.
Thanks for the reply!
(imported comment written by Bill.Ehardt)
If that doesn’t work, what about extracting the sites/subnets from AD, and using the Location by Subnet wizard?
(imported comment written by JRigas)
First of all, thanks for the replies.
Here’s a bit more information about what I’m trying to do.
A “site” is a concept different from a forest, tree or domain. So it is not in the AD path. See http://en.wikipedia.org/wiki/Active_Directory
Using the Subnet/Location Retrieved Property, as you suggest, is similar from what I am looking for. Except, here we need to specify a list of subnets manually. This is exactly what is already done in active directory: in AD you can group IP subnets into “sites”. Since this “site” information is already available, we would like to use this information. (For example for relay selection.)
Can this be done, and if so: how?
(imported comment written by Bill.Ehardt)
I’m just learning how to use this task, but yes that should be no problem Jani.
In ADS&S, you should be able to expand sites, right click on Subnets, and export list. Select the Subnet and Site name (or description, or combine), and export list to Tab delimited.
All you should need to do then is follow the “Location Property Wizard” steps and you should be set.
in active directory sites and services MMC you can see there are 2 sites
in large deployments there are several of these sites
in active directory Users and Computers in any query for computers you can see the TAB for “Site”
This field is also available in the properties of the computer by double clicking on the computer
so far these are some of the ways to find out which SITE in Active Directory (NOT BigFix) these computers belong to
we can also look this up the old fashioned way (yes COMMAND PROMPT)
nltest /Server:clientendpointname /dsgetsite
the result in command prompt is as follows
C:>nltest /dsgetsite
TUI-HQ
The command completed successfully
C:>nltest /server:bigfixsrv /dsgetsite
TUI-HQ
The command completed successfully
C:>nltest /server:dc01 /dsgetsite
TUI-HQ
The command completed successfully
C:>nltest /server:dc03 /dsgetsite
TUI-Alt1
The command completed successfully
C:>
if there was a way for BigFix to fill in a custom field (lets call it “_AD-Site”) by querying each endpoint {not sure if %ComputerName% would work} then using the data from the result to populate that custom field (lets call it “_AD-Site”) so we can identify which computer was in which site… would help with relay affiliation as well…
can BigFix use nltest /dsgetsite on each computer and use that result to fill this custom field?
Hello,
To answer your first issue regarding the AD-Site, there is a free Analysis in C3 Inventory that provides a bunch of Active Directory information.
Group Policy - Windows on GitHub and BigFix.me
Specifically the property: Group Policy - Site - Windows
You can then add it as a column in the console and target dynamically by the retrieved property result.
Let me know if you have any issues!
Bill
_AD_Site_Name.bes (446 Bytes)
Found a REG Key that also gives this information: -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
“DynamicSiteName”
Found a way to use relevance to populate a “Managed Properties” (BigFix Computers) to display the Active Directory Site they belong to.
(if (exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters” of registry) then (value “DynamicSiteName” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters” of registry as string) else (“Not Set”))
In BigFix Console | scroll down to Computers |
Right Click on one of the heading’s (example Computer Name) and click on Manage properties
The popup that appears allows the adding of a “new” Managed properties for all computers
Clicking on ADD will get us to an area where we will Add New
Provide appropriate name to this property to be used for all computers (_AD_Site_Name)
Using the relevance in the relevance area, clicking OK will create this new property.
We are also able to “Export” this action script to be used in any other environment by clicking Export which is attached to this post.
The newly exported file can be transported to any BigFix instance and used for identifying the Site the computers belong to.
This field should be visible in the BigFix Console as well as any Web Report generated where this column is selected.
_AD_Site_Name.bes (446 Bytes)
Enjoy : Ps if you are able to come up with one of these files that can do the following it would be awesome
BigFIx now knows this information and has populated a property of all computers called (_AD_SITE_NAME). lets say for example it found 7 different (unique) sites information. with this information each unique value it found should be automatically made into an automatic group populated by computers found with matching value. if at a later date new sites get added in “Active Directory Sites and Services” and new computers get added to this site, (this can be viewed in active directory by double clicking any computer and SITE information is visible here as well.
make one of these .bes files that looks at all the information gathered from the registry of each computer then if new value is found, make a new automatic computer group (maybe also a custom site as well?) and populate computers matching this value.
automate this for 100 points
If this part is already done successfully, relay selection can use this as well (as long as you have enough relay to cover that site) additional subnets is another issue
Why are you creating properties instead of just using an analysis?
Why are you creating computer groups instead of just targeting by retrieved property?
If you make an analysis with the link I provided you can look at this in your console:
And all your AD Sites will be listed there for targeting by actions, etc.
Global Properties are generally a bad idea and creating a ton of Computer Groups when you can just use the retrieved properties will add a bunch of overhead as well