Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Best way to populate OU's?

Created: 21 Dec 2012 • Updated: 02 Jan 2013 | 5 comments
SonicGT's picture
This issue has been solved. See solution.

I am looking to create an OU structure of OS or computer type so that I can have a security role only have access to workstations and no servers.  

What is the best method for populating this?  Would it be an automation policy that runs a task to assign to OU's or is there a better method?

Comments 5 CommentsJump to latest comment

SonicGT's picture

So I am going about setting this up and have it working, but I would like my automation policy query to only show new resources that don't already exist in the OU so that it won't keep getting back a large query result and populating windows 7 OU I created etc.  Anyone know the tables I can use for the altiris OU's?

Andrew Bosch's picture

CollectionMembership table

------------------------------------
Sr. Principal SQA Engineer
Symantec

SonicGT's picture

so even though I'm looking to see if it is in an OU not a filter the information is still in the collectionmembership table?

Should I use the GUID of the specific OU?  If I do a query in the collectionmembership table just looking for the GUID of my OU I get no results.

Andrew Bosch's picture

Argh, sorry.  It's the ScopeMembership table.  Query would look like this:

SELECT *

FROM ScopeMembership

WHERE ScopeCollectionGuid = <GUID of OG HERE>

------------------------------------
Sr. Principal SQA Engineer
Symantec

SOLUTION
SonicGT's picture

Thanks,

That did it, so as an example I have an OU structure I created for OS types and this is the windows 7 population query.  I was using resource query but then to add the OU GUID I changed it to raw sql and just modified it to add the last AND.  I'm sure there is a cleaner way to do this but I haven't familiarized myself as much with the new 7 db structure as I was with the 6 structure yet.

This is the query for my automation policy that will take any computers that result from this query and put them into the Win7 OU

DECLARE @v1_TrusteeScope nvarchar(194)

SET @v1_TrusteeScope = N'{2E1F478A-4986-4223-9D1E-B5920A63AB41},{582029E2-FC5B-4717-8808-B80D6EF0FD67},{8EE0DB9E-9B76-4617-AC9B-E6B71031AF5F},{B760E9A9-E4DB-404C-A93F-AEA51754AA4F},{C9A2D2E9-3C1B-480D-A3C9-D3BD1B1964E0}'

SELECT

[vri2_Computer].[Guid],

[vri2_Computer].[Name]

FROM

[vRM_Computer_Item] AS [vri2_Computer]

LEFT OUTER JOIN [Inv_AeX_AC_Identification] AS [dca3_AeX AC Identification]

ON ([vri2_Computer].[Guid] = [dca3_AeX AC Identification].[_ResourceGuid])

WHERE

(

(

([dca3_AeX AC Identification].[OS Name] LIKE N'Windows 7%')

)

AND

([vri2_Computer].[Guid] IN (SELECT [ResourceGuid] FROM [ScopeMembership] WHERE [ScopeCollectionGuid] IN (SELECT [ScopeCollectionGuid] FROM dbo.fnGetTrusteeScopeCollections(@v1_TrusteeScope))))

AND

([vri2_Computer].[Guid] NOT IN (SELECT [ResourceGuid] FROM [ScopeMembership] WHERE [ScopeCollectionGuid] = <WIN 7 OU GUID GOES HERE>))

)