NSH Script - Query Active Directory OU for members

Version 3

    I recently had a use case where a customer wanted to know if we could query Active Directory OUs to extract the list of computers (Servers) which were members and do somethign with that list inside of BladeLogic Server Automation.  below is the end result of what was created.


    Special Thanks to Sean Berry and his amazing NSH skills to help me through the use case and get this workign in less than 1 year, which would have been how long it woudl have taken me



    • OU groups existin in AD
    • query strings are known for the OU groups you need to get members out of.
    • bladelogic RSCD agent is running on the domain controller (AD Server)
    • the OU grouping in Active Directory is done so that dynamic logical grouping of servers in BladeLogic would further automate BladeLogic tasks.


    • create server properties:
      • AD_OU - this isa string type and will be set by the NSH script to the value of the OU Group Name where a server is a member
      • AD_OU_ADDED - this server property type is boolean and will be set by NSH script if a server is found in an OU but not found in BladeLogic "All Servers" smartgroup.
      • NSH script parameter - Targets host for NSH Job will create a temp allserver list to be used as reference to determine whether the OU server found is already in BladeLogic.
      • * perhaps add a new parameter to be the host name of the AD server in which the script should nexec -i on.


    NSH Script: (AD Server name is statically defined as $dc



    # blcli / blcred setup, default profile is usually "defaultProfile"


    #declare doman server name (AD server to query for OU membership). thsi should be a nsh script parameter instead


    #take in targeted list of servers forvalidation when OU member is found


    # for loop through all DOMAIN OU Queries you care to check.

    for GROUP in '"OU=Domain Controllers,DC=SC-Markham,DC=local"' '"OU=SERVERS,OU=DOMAIN ADMINISTRATION,DC=SC-Markham,DC=local"' '"OU=CITRIX,OU=SYSDEVCTD,DC=SC-Markham,DC=local"'

          # grab the first element, the OU or Organizational Unit from the GROUP string
          LABEL="`echo $GROUP | cut -f1 -d, | cut -f2 -d=`"

         #execute dsquery command on AD server, parse output ot just include server hostname

         nexec $dc /C/Windows/System32/dsquery computer $GROUP | cut -f2 -d= | cut -f1 -d, | while read server
                let intcount+=1
                echo "Working with OU Query server $server"
                # do something smart with it here
                blserver="`grep -i $server \"$FILE\"`"
                echo $blserver
                if [ "$blserver" = "" ]; then
                     echo "my server $server is not found in BladeLogic targeted server group"
                     echo "Adding $server to BladeLogic"

                    #add server to bladelogic if it is not already there.

                    #(Server addServer $server)  should have worked but it was giving me weird errors, didnt have time to troubleshoot.

                     blcli Server addServerIfIPUnique $server$intcount false
                     # next
                     blcli Server setPropertyValueByName $server AD_OU "$LABEL"
                     blcli Server setPropertyValueByName $server AD_OU_ADDED true

                   #server was foudn in bladelogic already.  Set Property for OU smartgroup filters to work
                     blcli Server setPropertyValueByName $blserver AD_OU "$LABEL"







    **see atttachment for screenshots of before and after script results