| oobnuker |
| (Getting the hang of it) |
| 2005-04-22 07:51 PM |
|
Question regarding InContainer
|
I have been working on a global login script for my company and everything is going really well thanks to the help I have received here. I have one question though regarding using the InContainer UDF.
The basic premise of my script is as such:
1 Global Script for ALL users.
Using InContainer and TrnaslateName, determine what OU the user is in, and what OU the computer is in.
Based on this information, run a drive mapping script, and a local computer script.
The script works great and I am slowly migrating our "legacy" scripts to this new one. On one particular Domain Controller, I have a significant delay and I can't seem to figure it out. Also note, the DCs are not part of my scope of responsibilities, and the server guys don't seem to care right now - but it is definitely a server issue since it works fine on all the other DCs. Obvisouly, the right choice would be to fix the server/AD, but in the short term, here is my question: I currently have 9 OUs that I am breaking out into different scripts, and by my script, I am basically running InContainer 9 times as such:
Code:
$DCR = InContainer("OU=DCR,DC=corp,DC=premcor,DC=tld","Computer")
$PAR = InContainer("OU=PAR,DC=corp,DC=premcor,DC=tld","Computer")
$LIR = InContainer("OU=LIR,DC=corp,DC=premcor,DC=tld","Computer")
$MER = InContainer("OU=Memphis,DC=corp,DC=premcor,DC=tld","Computer")
$BIR = InContainer("OU=BIR,OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$HAT = InContainer("OU=HAT,OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$HFR = InContainer("OU=HFR,OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$HQ = InContainer("OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$CITRIX = InContainer("OU=Metaframe,DC=corp,DC=premcor,DC=tld","Computer")
Also, I am doing this twice ( really like 18 times ) because I have to figure out Computer AND User. While it works and is quite fast most of the time, I can only imagine that 18 queries against AD might be bogging things down. So I wonder if there is a better way to do it - that's where you come in...
Any help would be appreciated. Thanks!
| Radimus |
| (KiX Supporter) |
| 2005-04-22 08:05 PM |
|
Re: Question regarding InContainer
|
Look in the incontainer() thread in the UDF forum, for some of my posts.
Like incontainer2
| Les |
| (KiX Master) |
| 2005-04-22 08:11 PM |
|
Re: Question regarding InContainer
|
Have you followed the discussion in the UDF's thread? Are you binding to the DC or GC?
You don't really say what you do with the results and what depth of the tree you are looking at. If you are looking at one specific tree depth, you could simply TranslateName() and then Split() the DN. That would be just two trips to the DC or GC.
| oobnuker |
| (Getting the hang of it) |
| 2005-04-22 08:16 PM |
|
|
|
Re: Question regarding InContainer
|
Thanks for the replies. I'll take a look at your alternative Radimus.
Les, here is some more of the code to get a better understanding of what I am doing:
Code:
; Determine User and Computer Location in AD
$DCR = InContainer("OU=DCR,DC=corp,DC=premcor,DC=tld","User")
$PAR = InContainer("OU=PAR,DC=corp,DC=premcor,DC=tld","User")
$LIR = InContainer("OU=LIR,DC=corp,DC=premcor,DC=tld","User")
$MER = InContainer("OU=Memphis,DC=corp,DC=premcor,DC=tld","User")
$BIR = InContainer("OU=BIR,OU=HQ,DC=corp,DC=premcor,DC=tld","User")
$HAT = InContainer("OU=HAT,OU=HQ,DC=corp,DC=premcor,DC=tld","User")
$HFR = InContainer("OU=HFR,OU=HQ,DC=corp,DC=premcor,DC=tld","User")
$HQ = InContainer("OU=HQ,DC=corp,DC=premcor,DC=tld","User")
Select
Case $BIR[0]>0 $USERLOC = "BIR"
Case $HAT[0]>0 $USERLOC = "HAT"
Case $HFR[0]>0 $USERLOC = "HFR"
Case $HQ[0]>0 $USERLOC = "HQ"
Case $DCR[0]>0 $USERLOC = "DCR"
Case $PAR[0]>0 $USERLOC = "PAR"
Case $LIR[0]>0 $USERLOC = "LIR"
Case $MER[0]>0 $USERLOC = "MER"
EndSelect
$DCR = InContainer("OU=DCR,DC=corp,DC=premcor,DC=tld","Computer")
$PAR = InContainer("OU=PAR,DC=corp,DC=premcor,DC=tld","Computer")
$LIR = InContainer("OU=LIR,DC=corp,DC=premcor,DC=tld","Computer")
$MER = InContainer("OU=Memphis,DC=corp,DC=premcor,DC=tld","Computer")
$BIR = InContainer("OU=BIR,OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$HAT = InContainer("OU=HAT,OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$HFR = InContainer("OU=HFR,OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$HQ = InContainer("OU=HQ,DC=corp,DC=premcor,DC=tld","Computer")
$CITRIX = InContainer("OU=Metaframe,DC=corp,DC=premcor,DC=tld","Computer")
Select
Case $BIR[0]>0 $ComputerLOC = "BIR"
Case $HAT[0]>0 $ComputerLOC = "HAT"
Case $HFR[0]>0 $ComputerLOC = "HFR"
Case $HQ[0]>0 $ComputerLOC = "HQ"
Case $DCR[0]>0 $ComputerLOC = "DCR"
Case $PAR[0]>0 $ComputerLOC = "PAR"
Case $LIR[0]>0 $ComputerLOC = "LIR"
Case $MER[0]>0 $ComputerLOC = "MER"
Case $CITRIX[0]>0 $ComputerLOC = "CITRIX"
EndSelect
Select
Case $ComputerLOC = "BIR" $LOCALSCRIPT = "BIRLOCAL.KIX"
Case $ComputerLOC = "HAT" $LOCALSCRIPT = "HATLOCAL.KIX"
Case $ComputerLOC = "HFR" $LOCALSCRIPT = "HFRLOCAL.KIX"
Case $ComputerLOC = "HQ" $LOCALSCRIPT = "HQLOCAL.KIX"
Case $ComputerLOC = "DCR" $LOCALSCRIPT = "DCRLOCAL.KIX"
Case $ComputerLOC = "PAR" $LOCALSCRIPT = "PARLOCAL.KIX"
Case $ComputerLOC = "LIR" $LOCALSCRIPT = "LIRLOCAL.KIX"
Case $ComputerLOC = "MER" $LOCALSCRIPT = "MERLOCAL.KIX"
Case $ComputerLOC = "CITRIX" $LOCALSCRIPT = "CITRIXLOCAL.KIX"
EndSelect
Select
Case $USERLOC = "BIR" $DMSCRIPT = "BIRDM.KIX"
Case $USERLOC = "HAT" $DMSCRIPT = "HATDM.KIX"
Case $USERLOC = "HFR" $DMSCRIPT = "HFRDM.KIX"
Case $USERLOC = "HQ" $DMSCRIPT = "HQDM.KIX"
Case $USERLOC = "DCR" $DMSCRIPT = "DCRDM.KIX"
Case $USERLOC = "PAR" $DMSCRIPT = "PARDM.KIX"
Case $USERLOC = "LIR" $DMSCRIPT = "LIRDM.KIX"
Case $USERLOC = "MER" $DMSCRIPT = "MERDM.KIX"
EndSelect
; Begin Drive Mappings
:DRIVES
; Debug Info
? "Running "+ "%logonserver%\netlogon\global\"+ $USERLOC +"\"+ $DMSCRIPT +"..."
Call "%logonserver%\netlogon\global\"+ $USERLOC +"\"+ $DMSCRIPT
; ========================================================================
; Begin Local Scripts
:LOCAL
; Debug Info
? "Running "+ "%logonserver%\netlogon\global\"+ $USERLOC +"\"+ $LOCALSCRIPT +"..."
Call "%logonserver%\netlogon\global\"+ $USERLOC +"\"+ $LOCALSCRIPT
; ========================================================================
Pardon my (likely) hacked up script, but I'm learning...
I changed the binding to the Logon Server that is servicing the logon per another suggestion in my original thread.
| Les |
| (KiX Master) |
| 2005-04-22 08:28 PM |
|
Re: Question regarding InContainer
|
I still don't know what other levels of OU may exist but I do see you look at the fisrt and second OU levels. As long as the OUs you are looking for are unique, regardless of what parents they may have, you could simply AScan() for them.
Double Split() the DN first on on ',DC=' and discard all the DC parts and then on the ',OU=' which will put all your OUs in an array that you AScan().
| Howard Bullock |
| (KiX Supporter) |
| 2005-04-22 08:39 PM |
|
|
Re: Question regarding InContainer
|
I agree that Radimus has found the short coming of the intial implementation of these UDFs. They need to be written and used differently than the way they are currently written and documented. I have been lookng in top my own corporate logon script and found too many calls to Translatename(). As soon as I rationalize my own needs and recode, I will repost the new UDFs soon.
| oobnuker |
| (Getting the hang of it) |
| 2005-04-22 08:43 PM |
|
|
|
Re: Question regarding InContainer
|
Quote:
I agree that Radimus has found the short coming of the intial implementation of these UDFs. They need to be written and used differently than the way they are currently written and documented. I have been lookng in top my own corporate logon script and found too many calls to Translatename(). As soon as I rationalize my own needs and recode, I will repost the new UDFs soon.
For us, right now, it's not a big deal because I am only looking for location basically, and I don't have too many OUs that I am looking for, and if I didn't have a screwed up server it wouldn't be an issue as the script runs pretty quickly now, but I await your revised code.
Thanks everyone.
| maciep |
| (Korg Regular) |
| 2005-04-22 09:21 PM |
|
Re: Question regarding InContainer
|
To elaborate on what Les suggested, here's some code that might be able to condense things for you a little. I can't really test it though, so i'm not if works or not.
Code:
$DN = TranslateName (3, "", 3, "@Domain\@wksta$", 1)
$DN = $DN[0]
$DN = split($DN,',DC=')[0]
$DN = split($DN,',OU=')
$ubound = ubound($DN)
if $ubound > 1
$computerLoc = $DN[$ubound]
$secondLevel = $DN[$ubound-1]
if $computerLoc = 'HQ'
if instr('BIR;HAT;HFR',$secondLevel)
$computerLoc = $secondLevel
endif
endif
endif
if $computerLoc = 'Metaframe'
$computerLoc = 'CITRIX'
endif
? $computerLoc
| oobnuker |
| (Getting the hang of it) |
| 2005-04-22 09:26 PM |
|
|
|
Re: Question regarding InContainer
|
Quote:
To elaborate on what Les suggested, here's some code that might be able to condense things for you a little. I can't really test it though, so i'm not if works or not.
Code:
$DN = TranslateName (3, "", 3, "@Domain\@wksta$", 1)
$DN = $DN[0]
$DN = split($DN,',DC=')[0]
$DN = split($DN,',OU=')
$ubound = ubound($DN)
if $ubound > 1
$computerLoc = $DN[$ubound]
$secondLevel = $DN[$ubound-1]
if $computerLoc = 'HQ'
if instr('BIR;HAT;HFR',$secondLevel)
$computerLoc = $secondLevel
endif
endif
endif
if $computerLoc = 'Metaframe'
$computerLoc = 'CITRIX'
endif
? $computerLoc
Thanks - I'll give it a try.
| Les |
| (KiX Master) |
| 2005-04-22 09:39 PM |
|
Re: Question regarding InContainer
|
Hmm... not quite what I had in mind. Here is an example of the double Split():
comma delimited string or array question
| Radimus |
| (KiX Supporter) |
| 2005-04-22 10:18 PM |
|
|
|
Re: Question regarding InContainer
|
I basically do this (I only check User OU... I do computer location by subnet)
Code:
$ldap = TranslateName(1, @domain, 3, @ldomain+'\'+@userid, 1)
$OU = LDAPArray($ldap[0],'OU')[1]
$UserProperties = GetObject("LDAP://"+$LDAP[0])
$FirstName = $userProperties.FirstName
$LastName = $userProperties.LastName
$Description = $userProperties.Description
$Orgcode = left($Description,instr($description,';')-1)
$BudgetEntity = right($Description,instrrev($description,';')-1)
$UserProperties = 0
;Function to split distinguished user name into array elements for inventory
Function LDAPArray($ldap, optional $filter)
dim $item, $element, $temp
if not instr("CN OU DC",$filter)
$filter=''
endif
$item=-1
$tarr = split($ldap,',')
for $element = 0 to ubound($tarr)
$temp=$tarr[$element]
if left($temp,2)=$filter or $filter=''
$item=$item+1
redim preserve $LDAParray[$item]
$LDAParray[$item]=right($temp,len($temp)-3)
endif
next
endfunction
NTDOC
|
| (KiX Master) |
| 2005-04-22 10:59 PM |
|
|
Re: Question regarding InContainer
|
Les, your link appears to be invalid at the moment.
| Les |
| (KiX Master) |
| 2005-04-23 01:01 AM |
|
Re: Question regarding InContainer
|
so, then why did you not just fix it?