Auto Organize new Computer Accounts in Active Directory by PowerShell

We all know that we can change the default container for Computer Accounts in AD to a new specific custom OU other than the default container, which is ‘Computers‘ (CN=Computers,DC=domain,DC=local). This done by the CMD command: redircmp. This will make all new computers joined to the domain go in this OU

but what do you do if you have a well organized AD Structure with a specific OUs for Servers and Workstations and you want new computers to be moved automatically from the default container to the correct OU based on some criteria like OS or name of the machine, and also you want to monitor these new computers ? by sending Email to you in case new computers are introduced to the domain ?  I hear you say SCRIPTING ? No SIEM Solutions? No Old Black Magic? also No 🙂 …. , the answer is ……….POWERSHELL. Yes you can do all this by only powershell magic, with simple PS1 file that have few Powershell commands I’ll show you how to do it:

we will use two primary commands, one for getting and moving new computers to specific OU and one for sending Email containing those new computers as following:

open a new Notepad file and type your commands on it, so …after finish we can save it as .ps1 file and schedule it to run every 10 or 15 minutes on a Domain Controller.

1- First Command: there are two CMDlets that you can use to get computers from AD:


Get-ADobject (with aiming to target computers container only)

but we will use first one (Get-ADcomputer) because you can use useful properties of it as a criteria for filtering computers (like Operating System and IP Address ….)

now we need to retrieve computers only from Computers container and not all computers in the domain so we will use -SearchBase parameter to search only on a specific location in AD:

get-ADComputer -SearchBase “CN=Computers, DC=domain, DC=local”

this will return all computers in Computers container, but let’s say that you need only Worksations, I mean computers with windows 7, 8 or 10 and not windows server edition, so we will filter by the following command:

get-ADComputer -Filter {operatingsystem -notlike ‘Windows Server*’} -SearchBase “CN=Computers, DC=domain, DC=local”

or if you need all Windows 8.1 machines for example, you will make the filter like that:

{operatingsystem -like ‘Windows 8.1’}         and so on.

now we need to move those machines to the correct OU (for example ‘WORKSTATIONS’), so we will pipeline the previous command to the Move-ADobject command:

get-ADComputer -Filter {operatingsystem -notlike ‘Windows Server*’} -SearchBase “CN=Computers, DC=nu, DC=edu, DC=sa” | Move-ADObject -TargetPath “OU=WORKSTATIONS, DC=domain, DC=local”

so this command will get all client OS machines from Computers container and move them to an OU called Worksations

2- Second Command:  will contain two portions: first, to get the machines and thair properties and format the result as a table and choose friendly names for it’s columns and put them in a variable that will be used in the second portion:

$Workstations=get-ADComputer -Filter {operatingsystem -notlike ‘Windows Server*’} -properties name, created, ipv4address -SearchBase “CN=Computers, DC=domain, DC=local” |select @{N=’Computer Name’;E={$_.samaccountname}}, @{N=’Creation Time’;E={$_.created}}, @{N=’IP Address’;E={$_.ipv4address}} | Format-Table -wrap

Second, to send mail to specific Email Address IF the value of the previous variable ($Workstations) is not NULL, and this Email will contain a table of those new machines: 

IF ($Workstations -ne $NULL) { Send-MailMessage -From Active_Directory<> -SmtpServer xx.xx.xx.xx -Subject “New Workstations have been added to Domain” -To -BODY ($Workstations | out-string)}

by grouping these commands together in one file (attached to this article) you will have a PowerShell script that you can schedule to run as a scheduled task on the Domain Controller

NOTE: the script or task must be run by an account that have permission to move computers in Active Directory and to send Email messages from your SMTP server

In Task Scheduler, create a new task and set the Triggers to be “On a Schedule” and make it run every 10 or 15 minutes indefinitely,  and set the Action to “Start a Program” and type the program name: powershell.exe and in “Add Arguments” field, point to the script file on the disk by providing the file path like the following example:

-NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File “D:\Scripts\move computers.ps1”

then save the task and monitor its behavior by checking the History tab in Task Scheduler console 🙂

every time this script will run, you got an Email with the new added workstations to the domain, and then they will be moved to a specific OU based on your enterprise structure. Also, you can make more commands to move Servers or move other machines based on other criteria (you can filter by any property in powershell)

the following is the script file:  (just change the file extension to SP1 after editing it with your domain names and SMTP server IP address):

Move Computers with Email


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s