Video Screencast Help

Best way to populate OU's?

Created: 21 Dec 2012 • Updated: 02 Jan 2013 | 5 comments
SonicGT's picture
This issue has been solved. See solution.

I am looking to create an OU structure of OS or computer type so that I can have a security role only have access to workstations and no servers.  

What is the best method for populating this?  Would it be an automation policy that runs a task to assign to OU's or is there a better method?

Comments 5 CommentsJump to latest comment

SonicGT's picture

So I am going about setting this up and have it working, but I would like my automation policy query to only show new resources that don't already exist in the OU so that it won't keep getting back a large query result and populating windows 7 OU I created etc.  Anyone know the tables I can use for the altiris OU's?

Andrew Bosch's picture

CollectionMembership table

------------------------------------
Sr. Principal SQA Engineer
Symantec

SonicGT's picture

so even though I'm looking to see if it is in an OU not a filter the information is still in the collectionmembership table?

Should I use the GUID of the specific OU?  If I do a query in the collectionmembership table just looking for the GUID of my OU I get no results.

 

 

Andrew Bosch's picture

Argh, sorry.  It's the ScopeMembership table.  Query would look like this:

 

SELECT *

FROM ScopeMembership

WHERE ScopeCollectionGuid = <GUID of OG HERE>

------------------------------------
Sr. Principal SQA Engineer
Symantec

SOLUTION
SonicGT's picture

Thanks,

 

That did it, so as an example I have an OU structure I created for OS types and this is the windows 7 population query.  I was using resource query but then to add the OU GUID I changed it to raw sql and just modified it to add the last AND.  I'm sure there is a cleaner way to do this but I haven't familiarized myself as much with the new 7 db structure as I was with the 6 structure yet.

This is the query for my automation policy that will take any computers that result from this query and put them into the Win7 OU

 

DECLARE @v1_TrusteeScope nvarchar(194)

SET @v1_TrusteeScope = N'{2E1F478A-4986-4223-9D1E-B5920A63AB41},{582029E2-FC5B-4717-8808-B80D6EF0FD67},{8EE0DB9E-9B76-4617-AC9B-E6B71031AF5F},{B760E9A9-E4DB-404C-A93F-AEA51754AA4F},{C9A2D2E9-3C1B-480D-A3C9-D3BD1B1964E0}'

SELECT

[vri2_Computer].[Guid],

[vri2_Computer].[Name]

FROM

[vRM_Computer_Item] AS [vri2_Computer]

LEFT OUTER JOIN [Inv_AeX_AC_Identification] AS [dca3_AeX AC Identification]

ON ([vri2_Computer].[Guid] = [dca3_AeX AC Identification].[_ResourceGuid])

WHERE

(

(

([dca3_AeX AC Identification].[OS Name] LIKE N'Windows 7%')

)

AND

([vri2_Computer].[Guid] IN (SELECT [ResourceGuid] FROM [ScopeMembership] WHERE [ScopeCollectionGuid] IN (SELECT [ScopeCollectionGuid] FROM dbo.fnGetTrusteeScopeCollections(@v1_TrusteeScope))))

AND

([vri2_Computer].[Guid] NOT IN (SELECT [ResourceGuid] FROM [ScopeMembership] WHERE [ScopeCollectionGuid] = <WIN 7 OU GUID GOES HERE>))

 

)