Is there any way I can make a scheduled task to run Discover Computers against my domain? We decided not to use AD syncing based on all the problems we had. It's cleaner and more organized to use static folders, but I want this task to run at different times of the day or once a day.
Hi,
I can think of one approach, that would be to perform an LDAP query with something like VBS to get a list of machines, compare this list with a list generated from querying the SEC DB and then add the new records into the DB. Not a 5 minute job but possible but then I thought, what's the aim here, what would you do with these unmanaged machine names?
I assume maybe move them into a group and protect them at some point? This would be manual, unless the next question is how to autodeploy from SEC? If the ultimate aim is to automate installs of new machines without using AD-Sync,your best bet is to have a script on the "clients" that runs, checks for a "Sophos marker", and if not found run setup.exe from the CID. If you need it in a group/certain config, based on another marker, e.g. OU, Name, OS, description, etc, you could set the group on bootstrap switch conditionally. Maybe configure an AD startup script with this.
Does this offer any ideas?
Regards,
Jak
The goal here is to allow Enterprise Console administrators (out helpdesk of 15+ people globally) to be able to just open the console and find the computer that was recently added without having to "Discover Computers" manually.
We decided with moving to 5.0 to do away with AD sync. It's ugly and cumbersome for our AD structure. We simplified out folder structure and policies, so now I just want someone to log in, find the system, move it to the right folder, protect it and be done.
It's annoying to have to constantly "Discover Computers" manually.
Hi,
In that case, how about a VBScript like:
'Script to import machines in to SEC from AD based on the AD object property: 'whenCreated'
' Constants
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
Const ForAppending = 8
intDays = 1 'number of days to import new computer objects from
strServerNameAndInstance = ".\sophos" ' SQL server and instance
strDatabaseName = "Sophos50" ' Sophos DB
strLogPath = "ADImp.txt"
set objFSO = CreateObject("Scripting.FileSystemObject")
set objFile = objFSO.OpenTextFile(strLogPath, ForAppending, true, -1)
WriteToLog 0, "Starting Script"
WriteToLog 0, "Options: "
WriteToLog 0, " SQL server and instance: " & strServerNameAndInstance
WriteToLog 0, " Sophos DB name: " & strDatabaseName
WriteToLog 0, " LogPath: " & strLogPath
strConnectionString = "Driver={SQL Server};Server=" &_
strServerNameAndInstance &_
";Database=" & strDatabaseName &_
";Trusted_Connection=yes;"
set objConn = CreateObject("ADODB.Connection")
objConn.open strConnectionString
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
WriteToLog 0, "DefaultNamingContext: " &strDNSDomain
'Get the NetBIOS domain name from the DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
WriteToLog 0, "NetBIOS of Domain: " & strNetBIOSDomain
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectClass=Computer)(whenCreated>=" & GetTimeStamp() & "))"
strAttributes = "cn,whencreated,distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 3000
adoCommand.Properties("Timeout") = 60
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
Addcomputers adoRecordset.Fields("cn").value, adoRecordset.Fields("whencreated").value, strNetBIOSDomain, adoRecordset.Fields("distinguishedName").value
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
objConn.Close
set adoRecordset = nothing
set objConn = nothing
CloseLog()
'support functions--------------------------------------
Function GetTimeStamp()
dtmDate = Now() - intDays
arrDateParts = Array("yyyy", "m", "d", "h", "n", "s")
For Each strInterval in arrDateParts
intDatePart = DatePart(strInterval, dtmDate)
If intDatePart < 10 Then
strDateTime = strDateTime & "0" & intDatePart
Else
strDateTime = strDateTime & intDatePart
End If
Next
GetTimeStamp = strDateTime & ".0Z"
End Function
'--------------------------------------------------------
'--------------------------------------------------------
function addcomputers(strComputerName, strDateAdded, strDomainNameNetBIOS, strDistinguishedName)
'USE: dbo.ComputerAdd to add machines.
'- @ComputerName NVARCHAR(128),
'- @DomainName NVARCHAR(128),
'- @OperatingSystem INT,
'- @Description NVARCHAR(512),
'- @ComputerID INT OUTPUT
strSQLCommand = "dbo.ComputerAdd @ComputerName='" &_
strComputerName & "', @DomainName='" & strDomainNameNetBIOS & "', " &_
"@OperatingSystem='', @Description='" & strDistinguishedName & " - " & strDateAdded & "', @ComputerID=null"
WriteToLog 0, strSQLCommand
objConn.Execute strSQLCommand
End Function
'--------------------------------------------------------
'--------------------------------------------------------
Function WriteToLog (strSev, strLogLine)
dim strToWrite
strToWrite = ""
select case strSev
case 0
strToWrite = "INFO: "
case 1
strToWrite = "ERROR: "
case else
strToWrite = "UNKNOWN: "
end select
objFile.WriteLine Date() & " " & Time() & " " & strToWrite & " " & strLogLine
End Function
'--------------------------------------------------------
Function CloseLog()
objFile.Close
set objFile = nothing
End Function
This vbs file could run once a day, appends to a log called 'ADImp.txt '. Adjust the variables at the top as needed to address the SQL instance.
It gets a list of computer records from AD where they have been added in the last day using the 'whencreated ' attribute of the object. Using this 'list' it then calls the ComputerAdd SP of the Sophos DB to add the record(s).
I've added the distinguishedname of the machine and the 'whencreated ' attribute into the 'Description' field. This will get overwritten when RMS reports back when the machine becomes managed but I thought it would provide some way to discern between machines in SEC.
I haven't tested it much beyond ensuring it finds a machine and it appears in SEC, if you think it could help you, I encourage you to test it first and backup any SOPHOS db you insert into with it. :) It uses the stored procedure CompyterAdd as an "interface" to the Sophos DB as this seemed the safest.
Regards,
Jak
