Help with AD computers extract and group validation

cancel
Showing results for 
Search instead for 
Did you mean: 

Help with AD computers extract and group validation

L1 Bithead

Hi !

 

I am trying to use XSoar to extract all computers from a specific "OU" in my AD and validate if those computers are members of a group and if they are not, add the missing computers to the said group.

 

Servers OS needs to be excluded from this extract since I do not want servers to be added to the AD group.

 

The "ad-get-computer" from the Task Library is not working very well since filling the "dn" field does not permit to target a specific "OU" and want a full path to a computer.

 

Does anyone have an idea of how I can achieve this?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

L2 Linker

Perhaps you could try using the ad-search command to filter on the computer's OU and then the ad-add-to-group command to add the missing computers to the group: Active Directory Query v2 Integration Documentation

 

Use the !ad-search command to run a query for Active Directory objects (users, contacts, computers, and so on). This command enables you to determine which data fields should be returned for the objects.

. . .

Add or remove a computer from a group using the following commands:

ad-add-to-group

View solution in original post

4 REPLIES 4

L2 Linker

Perhaps you could try using the ad-search command to filter on the computer's OU and then the ad-add-to-group command to add the missing computers to the group: Active Directory Query v2 Integration Documentation

 

Use the !ad-search command to run a query for Active Directory objects (users, contacts, computers, and so on). This command enables you to determine which data fields should be returned for the objects.

. . .

Add or remove a computer from a group using the following commands:

ad-add-to-group

View solution in original post

That could be a way to do it.  I'll check the documentation and see if I can do what I need.

 

Thanks for the hint 😉

L1 Bithead

Hi @atullo,

 

FYI, I have been able to achieve what I wanted to do with the information you gave me.

 

I used the !ad-search command filtering with LDAP query format.

 

Thanks for pointing me out in the right direction.

Happy to help and thanks for marking as a solution.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!