Powershell 管理域之搜索OU并移动

最新推荐文章于 2022-11-13 03:07:59 发布

zhuxiaoyu1999

最新推荐文章于 2022-11-13 03:07:59 发布

阅读量1.5k

点赞数

分类专栏： powershell 文章标签： powershell windows server 管理

本文链接：https://blog.csdn.net/CEKE123/article/details/50458466

版权

powershell 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

在前段时间，由于项目的需要，需要在windows server域管理器中将所有Hyper—V VM搜索出来并将其移入统一的组下面。所使用的是windows server自带的powershell命令。下面是其具体的实现：

import-module ActiveDirectory
Write-Host "This script is to avoid repeating configuration action.`n"
Write-Host "Before you config the GPRegistryValue,do you want to backup?Please input y to backup or n do nothing."
$backup = Read-Host

#Test the path(it's a folder),and backup all the gpo.
if($backup -eq "y"){
    if(!(Test-Path C:\GpoBackups)){
        New-Item -ItemType Directory -Force -Path C:\GpoBackups
    }
    Backup-GPO -All -Path C:\GpoBackups  
}

#Check the OU(organization Unit)，and create it if not exist.
Write-Host "Please input a target OU name.eg:GPWRM.`n"
$ldap = '(&(cn=Microsoft Hyper-V)(objectCategory=serviceConnectionPoint))'
$ouName = Read-Host
$targetOU = "OU=" + $ouName +",DC=hpv,DC=local"
if(![adsi]::Exists("LDAP://$targetOU")){
     New-ADOrganizationalUnit -Name $ouName -path "DC=hpv,DC=local"
     }
#Find target and move to OU.
$searcher = [adsisearcher]$ldap
$searcher.FindAll()|
    ForEach-Object{ 
       $obj = $_.GetDirectoryEntry()

       $path = $obj.distinguishedName.Value.Replace("CN=Microsoft Hyper-V,","")

       Move-ADObject -Identity "$path" -TargetPath "$targetOU"

    }
Write-Host "Please input a new GPO name.Eg:Configure firewall rules for remote gpupdate12.`n"
$gpoName = Read-Host
Write-Host "Please input a starter GPO Name.eg:Group Policy Remote Update Firewall Ports.`n"
$starterGpoName = Read-Host
New-GPO –Name $gpoName –StarterGpoName $starterGpoName | New-GPLink –target $targetOU –LinkEnabled yes

Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig" -ValueName "(Default)" -Value "true" -Type String      
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!IPv4Filter" -ValueName "(Default)" -Value "*" -Type String                
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!IPv6Filter" -ValueName "(Default)" -Value "*" -Type String                                                                                                                                                                                                     
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowBasic" -ValueName "(Default)" -Value "false" -Type String             
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowUnencryptedTraffic" -ValueName "(Default)" -Value "true" -Type String
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowNegotiate" -ValueName "(Default)" -Value "false" -Type String       
Set-GPRegistryValue -Name $gpoName  -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowKerberos" -ValueName "(Default)" -Value "false" -Type String 

Get-ADComputer -filter * -Searchbase $targetOU | foreach{ Invoke-GPUpdate -computer $_.name  -RandomDelayInMinutes 0 -force}