Computer Groups Adding Computers in Bulk

Similar Messages

• Managed Computers or Computer group don't work!

  Hi,
  We have a mainly wireless network with all computers bound to OD. However, we can't seem to enable managed preferences like Applications and or Log On at the computer level or group of computers level.
  All preferences seem to only work at the User or Group level. Does anyone have any comments?
  Thanks
  Steve

  Hi Steve
  First thing I would check is to make sure client machines have the /LDAPv3/ServerIPorFQDN listed in the Authentication and Contacts Search Order (Directory Utility). The way I do this is to bind the client hardware first and then add them to the computer list. As you configure hardware mcx there is a slight delay and you should see the login window display the list of users. Ideally you should restart the clients for hardware mcx to fully populate.
  Hope this helps?
  Tony

• Can we create Criteria based groups of computers?

  Hi Team,
  We have imported the computer objects to FIM portal and it has few attributes which can help creating the criteria based group of computers.
  But when we tried creating the criteria based security group, we were not able to select any custom object other than Users,Groups in the filter builder.
  We have added the computer objects in the Filter permission as well, but no luck.
  Any suggestions?
  Thanks and Regards, Siva Kumar Balaguru

  Hi Siva
  you definitely can do so.
  You have to modify the RCDC for Group creation. Look for "GroupingCalculatedMembers". within this section you will find a "FilterBuilder" section and here you Change "PermittedObjectTypes" to the list of your object types you
  want to be able to include in your Groups.
  Henry

• OD Computer Group has computer "ghosts" - Can't get rid of them

  After testing OD on a new Leopard server for a few days with a few test Leopard clients, I have noticed that I have a couple OD Computer groups that have computers in them that no longer exist ("computer record ghosts", if you will). WGM will not let me remove them from the OD Computer groups in which they belong. WGM hangs (but doesn't crash). The computer records show up but are dim (grayed-out). I do not have computer records for the "absent" computer anymore, and thus they dont exist in OD anymore.
  Why does my OD group still see them?
  Why cant I remove them?
  Im assuming I must have brought a test Mac into OD and then added it to a group and later removed the computer record before removing it for the group(s). I just assumed that the OD server and WGM was smart/dynamic enough to understand that a record was deleted. Dont computer records get removed from a group once they are deleted?

  Hi Daniel
  You should be able to delete the Computer Group, save the changes and probably restart the Server to be on the safe side. But if its not working for you and to be absolutely certain demote and re-promote. Obviously archive the LDAP Database first as well as exporting Users and Groups to be on the safe side. You should be doing this anyway as part of your backup strategy. It does not take too long to do this although it will depend on how many users you have. Home Directories are not deleted. You can relocate Users to Home Directories afterwards.
  Does this help? Tony

• AD OD Extended Schema Computer Groups

  Mac OS 10.6.5
  Server 2003
  AD-OD w/ Extended Schema
  Kerberos
  Hello,
  So far I have a wonderfully working AD-OD setup with an extended schema. I have a few services running which require kerberos so I know that the foundation of the setup is solid. However, I am able to apply MCX settings to AD-users, user groups, and computers, but am unable to create computer groups with Workgroup Manager applied to AD. The error I get is:
  This action failed because you are not authorized to perform the operation
  The only way I have found to create computer groups is to switch WGM to the OD domain and add the AD computer objects to an OD managed computer group. I hope that makes sense...
  The only information I've been able to find on the intertubes is this:
  Did you create the Mac OS X container at the root of the domain?
  AFAIK, all computer lists are automatically added to the Mac OS X container at the root of whatever domain you are pointed at. If that container does not exist, or you don't have the appropriate privs, you won't be able to create the computer lists.
  If you are in a multi-domain environment and authenticate to "All Domains", WGM will attempt to create the computer list in the Mac OS X container located in your forest root domain.
  At least thats been my experience. I can also add the WGM against AD has always been buggy for me. Random weird permissions errors don't always accurately reflect the outcome of an operation.
  In the case of computer lists, I sometimes need to type * into the search box to find the lists I created, after I was told they weren't created
  http://www.afp548.com/forum/viewtopic.php?showtopic=23022
  I'm unsure of any container that Mac OS created at the root of the AD domain. I certainly don't see one listed in the AD Users and Computers GUI and wasn't aware that the extended schema was suppose to create one. The above quote was pulled from a 10.5.x thread so it may be outdated information.
  Thanks for any and all suggestions!
  Nick.

  bumpskies

• Export and Import Computer Groups

  Two Monday mornings in a row the Open Directory on our Intel-based Xserve's Mac OS X 10.5.7 Server had failed. This would mean that users who were supposed to have specific access right to folders and share points on other Xserve file servers couldn't get their files or had full access instead of restricted access. The first Monday a restart resolved the issue. The second Monday a restart did not resolve the issue and we opened a case with AppleCare Enterprise Support. We got it up and running again but it failed on Friday during the day. Another call the AppleCare Enterprise Support had me export all my users, user groups, computers and computer groups as a backup.
  In the end, I had to do an erase and install of Mac OS X 10.5 server and I updated right to 10.5.8. AppleCare pointed me to the (now Snow Leopard) documentation and told me that now that the server was running and nothing was "broken" and they could not continue to support me. It was up to me to figure out how to restore everything from the documentation. Unfortunately, that document has NOTHING in it about restoring computers or computer groups. It only documents users and user groups. Our user groups were restored with the import of the previously exported list. However, all of the computers in our computer groups appear in the membership list as "Not Found". The preferences/settings for the group were restored but are not being applied to any computers. This means that portable users probably no longer have "mobile" accounts so they can log in off the network and now the Software Update is wide open (although most users are not administrators).
  Is there some trick I'm missing to get the computers back into their groups automatically? I can add them manually but I have 400 and can't tell from the list of workstation numbers which are laptops and which are desktops.
  -Doug

  Hi Tapojyoti,
  >>1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  Yes, WSUS 3.0 API Samples and Tools is not supported in Windows Server 2012R2 by default. We may try to rebuild it in Windows Server 2012R2. For detailed information about how the rebuiled, please refer to the readme document of the WSUS 3.0 API Samples
  and Tools.
  >>2. Is "WSUS 4.0 API Samples and Tools" available?
  No, I can't find the WSUS API Samples and Tools for 2012R2.
  >>3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  As I have mentioned above, due to WSUS 3.0 API Samples and Tools is released with source code, we can try to rebuild it in the Windows Server 2012R2.
  If it doesn't work, as a workaround, we can configure the new WSUS server as the replica server of the existing WSUS server. After the synchronization, change the server mode to stand alone.
  Best Regards.
  Steven Lee
  TechNet Community Support

• How to manageimported users, groups, and computers in the "Magic Triangle"

  How do I manage imported users, groups, and computers? Server Preferences versus Workgroup Manager? I can import users and groups with the former but it offers limited configurable options. I can view all users. groups. and computers (from active directory) in the latter, but it does not designate which accounts have been imported.
  I've got a magic triangle setup, with my users, groups and computers in Windows Active Directory, and my MacOS X snow leopard server setup as a directory master, abd bound to AD as well. I wish to apply group policy like settings to my Mac OS X leopard and snow leopard clients.
  Here's a summary of my goals:
  1. Time Machine Storage for mac users when they logon to Mac OS X computers.
  2. Automount group shares located on the Mac OS X Server.
  3. Redirect user desktop and document folders to user shares either on the Mac OS X server or my Windows file server.
  4. Automount a custom folder (for each user) located either on the Mac OS X server or my Windows file server.
  5. Setup Mac OS X server as a printer server with quotas for all mac and windows computer users.
  Goal #1 appears to be working. "need help with the rest. Thanks

  I'm not sure you want to import users to use the magic triangle properly. I think importing creates 'Augmented Records' - the user icons have blue dots.
  The principle is this…
  Bind the server to Active Directory (AD) & create an Open Directory master (OD). This can be done from Server Admin, in the OD section, via the change button.
  Then you use Workgroup Manager, set the viewing directory (tiny little globe in top left) to use LDAP records on the server - LDAPv3/127.0.0.1. Authenticate (lock on right of toolbar) add a group, then switch to to its Members tab, click + Then change the user list to show the AD records & add the AD users to the OD group. It sounds weird & wrong, but it is how it works.
  You are never modifying the AD records, just assigning a group to the users in OD. It's why the clients need to bind to AD & OD.
  From there you can set the Managed prefs (MCX) for the members of the OD group. It also helps to add a guest computer account to OD to assign computer prefs based on the macs that bind to the server - it's in the File menu when you select the computes list in OD.
  I hope that's clear, not sure I can help with the other tasks, but they tend to fall into place once you have the complex start in place.

• How do you remove previously added computers?

  Just a little while ago, I noticed some unknown device appeared on my "Computers" box on the "My Network" menu. I don't know the origin of this device, but I would like to remove it from my wireless network as soon as possible (especially if it's from an outside source). However, I couldn't find anything telling me how to remove previously added computers/devices.
  Oh, and if this device is from an outside source (e.i. hacker), I just activated my router's security settings as a precaution.

  I had the same problem--an unknown computer suddenly showed up on my secured network and I was notified. I changed my encription but that computer is still listed. Is changing the encryption good enough? It makes me nervous to see that computer sitting there without knowing where it came from and whether it is actually able to access my network.

• How to disconnect a network drive filtered to a computer group

  I have a Group of computers that needs to get a specific network drive disconnected. There is a user setting for this but the problem is when i need to filter this against a computer Group. If i have user settings i need to filter against users/user Groups.
  I cant do this on computer configuration, even With script, computer configuration is loaded before the network drive is mapped up. Is there any way i can apply a user configuration filtered towards a computer Group?

  > How is targeting a security group any different than having the GPO
  > filtered towards a security group?
  You can target a computer group in user GPOs. You cannot security filter
  for computer groups in user GPOs.
  > to remove a network drive for a group of computers. There is no setting
  Did you map these drives in a startup script in system context? Or are
  these drives mapped to users logging on to these computers?
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• WSUS - Approving Updates For Group Of Computers

  It's a pretty straightforward process: Step 4: Approve and Deploy WSUS Updates
  When you approve the updates, you choose which group. After my test group has run with the updates for a few days with no problems, I just approve for all computers.

  First of all...I'm new to WSUS.  My question...if you have a computer group for Test computers and approve a list of updates for them, is there an easy way to approve the same group of updates for another group of computers once the updates have been tested?  
  I have a GPO setup that I will apply to all computers and I have a GPO just for IT computers that I will use to test updates.  Is that the correct way to do it? 
  This topic first appeared in the Spiceworks Community

• I am a new Safari user.  How do I sync my safari bookmarks on one computer to all computers?

  I am a new Safari user.  How do I sync my safari bookmarks on one computer to all computers?  This can be easily done using Chrome, but I can't figure out how to do it using Safari?

  You are using icloud?
  maybe your account is not whit icloud and thats the problem
  o you dont have the same account in your iphone and ipad

• SCOM 2012 - Custom disk space report - Computer Groups

  Hello,
  I've created custom disk report with sql query to pull the disk space for all servers. The report has parameters start data,End date and computer name but now my requirement would be to get the disk reports based on custom created computer group, Is it possible
  to feed computer group name instead of computer name in the custom reports?
  Regards,
  Vijay

  Hi,
  For SCOM 2007, you can’t select a group of servers and run a free disk space report on them. And for 2012 I think it also like that.
  But based on my research, someone said that when you create group with Logical Disk targets, it may work. Here are two similar threads for your reference:
  Report on Logical Disk Free Space % for a group of servers
  http://social.technet.microsoft.com/Forums/en-US/fbec6fce-8f65-461b-8730-98a0d493c375/report-on-logical-disk-free-space-for-a-group-of-servers?forum=operationsmanagerreporting
  Can't target free disk space report at Custom Group
  http://social.technet.microsoft.com/Forums/en-US/8555fc3e-eed2-4523-a307-589eb6ff72fc/cant-target-free-disk-space-report-at-custom-group?forum=operationsmanagerreporting
  Regards,
  Yan Li
  Regards, Yan Li

• Approving WSUS updates for one computer group at a time

  We have a WSUS server, and four computer groups (Alpha, Beta, Production, Workstations). Our patching process has us approve all "Not Approved" patches for the Alpha group, right after they're released by Microsoft. One week later, we approve all
  of the updates from the previous week, for the Beta group. One week later, we do the same for Production. 
  I'm writing a script (which I can't test until next week), and wonder if there's a better way to get the list of updates that are approved for Alpha. Here is the code: 
  $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
  $updateScope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved
  $updateScope.FromArrivalDAte = (Get-Date).AddMonths(-1)
  $wsusGroup = $wsus.GetComputerTargetGroups() | Where {$_.Name -eq "$PatchingGroup"}
  $updateScope
  $updateScope.getType()
  $updateScope.count
  $updateScope.ApprovedComputerTargetGroups.add($wsusGroup)
  $wsus.GetUpdates($updateScope)
  $Updates = $wsus.GetUpdates($updateScope)
  I assume I can take the $Updates variable and do the following for the Beta and Production groups: 
  Foreach ($update in $updates) {
  $update.Approve(“Install”,$PatchingGroup)
  Is this going to work, and is there a better way?

  For WSUS Scripts see this: http://poshwsus.codeplex.com/
  ¯\_(ツ)_/¯

• OIM AD connector- Groups added natively in AD getting deleted

  We are facing this issue with the OIM Ad connector- 11.1.1.5.0. The scenario is :
  1. OIM user get created
  2. OIM provisions user to AD and adds user to 2 groups ( 1 and 2)
  3. AD Administrator logs into the AD directly and adds 3 groups to the user ( Group3,Group4 and Group5)
  4. OIM admin goes to the resources tab and adds Group6 to the user from within OIM AD resource
  Shouldn't we see that the user account on AD be a member of group1,group2,group3,group4,group5 and group6. This is the expected behavior
  What we are seeing on the account is that only group1,group2 and group6 are visible.
  I understand the the groups - Group3,Group4 and Group5 will not be visible on the resource form unless we do a recon but OIM should not be DELETING groups added natively on AD
  Any help on this issue will be appreciated

  Thanks everyone. I do agree that the behavior should be such that all 6 groups should be visible on the user on the target (AD) system. However, we are seeing that the groups added natively within AD are getting deleted and OIM is "truing up" the user account with the groups that are added within the process form , i.e. the scenario described above. OIM is actually deleting the groups that were added manually on AD.
  If I do trigger a target recon, then I can see that all the groups are reflected on the user within OIM. However running this task every hour or rather every time I need to add an entitlement on a user is not a feasible solution,would you agree?. Also this is a limitation that cannot be placed on a helpdesk person. Rather , if this is the only solution , it should be a functionality of the connector.
  Please note that the connector deployed is v11.1.1.5.0 and NOT the 9.1.1.7. The 9.x connector did behave as expected , i.e it did not delete any groups. However the new ICF based connector is deleting groups. Is there a setting within the connector configuration to turn on/off this functionality?
  This is what I see in the connector server logs
  <VERBOSE>: Class-> ActiveDirectoryUtils, Method -> GetDnFromPath, Message -> Exiting the method. Returning the value = CN=TEST6,CN=Users,DC=OIM,DC=Test,DC=com
  <VERBOSE>: Class-> CustomAttributeHandlers, Method -> UpdateDeFromCa_OpAtt_Groups, Message -> DirectoryEntry path = LDAP://xx.xx.xx.xxx/CN=Print,DC=OIM,DC=Test,DC=com. Removing: CN=TEST6,CN=Users,DC=OIM,DC=Test,DC=com from the property: member
  "PRINT" is the group that was added natively on AD.

• How to export and import "Computer Groups" and "Patch approvals" in WSUS 4.0 ?

  Hi,
  I have a query regarding the export and import options for "Computer Groups" and "Patch Approvals" in WSUS 4.0.
  In WSUS 3.2 once we install WSUS 3.0 API Samples and Tools, we get "WSUSMigrationExport" and "WSUSMigrationImport" tools under
  C:\Program Files\Update Services 3.0 API Samples and Tools\WsusMigrate\ folder. 
  Using the 'WSUSMigrationExport' tool we can export the Computer Groups and the Patch Approvals in a XML file. And using the 'WSUSMigrationImport' tool we can import the 'Computer Groups' and the 'Patch Approvals' from that XML file into a different WSUS
  3.2 server. We can run the import tool as below:
  a. Run command prompt as administrator.
  b. In the command prompt, go to C:\Program Files (x86)\Update Services 3.0 API Samples ans Tools\ WsusMigrate\WsusMigrationImport
  c. Type WsusMigrationImport filename.xml TargetGroups None. Press enter; this will import Computer Groups to the WSUS 3.2 server.
     Type WsusMigrationImport filename.xml Approvals None. Press enter; this will import "Patch Approvals" to the WSUS 3.2 server.
  This is easy and useful.
  Now, for WSUS 4.0 I did not find  "WSUS
  4.0 API Samples and Tools". So I installed "WSUS 3.0 API Samples and Tools" in my WSUS 4.0 server. And tried to import a valid XML file in the above mentioned process. But the command returned an error.
  The error says the "Microsoft.UpdateService.Administration.dll" file was not found.
  I further searched in the internet about this issue and I found that the "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0 as the .net framework used in "WSUS 3.0 API Samples and Tools" is 2.0 and WSUS 4.0 uses .net Framework
  4.5.
  So, Here are my questions.
  1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  2. Is "WSUS 4.0 API Samples and Tools" available?
  3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  I need an urgent reply. Thank you in advance.

  Hi Tapojyoti,
  >>1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  Yes, WSUS 3.0 API Samples and Tools is not supported in Windows Server 2012R2 by default. We may try to rebuild it in Windows Server 2012R2. For detailed information about how the rebuiled, please refer to the readme document of the WSUS 3.0 API Samples
  and Tools.
  >>2. Is "WSUS 4.0 API Samples and Tools" available?
  No, I can't find the WSUS API Samples and Tools for 2012R2.
  >>3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  As I have mentioned above, due to WSUS 3.0 API Samples and Tools is released with source code, we can try to rebuild it in the Windows Server 2012R2.
  If it doesn't work, as a workaround, we can configure the new WSUS server as the replica server of the existing WSUS server. After the synchronization, change the server mode to stand alone.
  Best Regards.
  Steven Lee
  TechNet Community Support