Powershell 管理域之搜索OU并移动

在前段时间，由于项目的需要，需要在windows server域管理器中将所有Hyper—V VM搜索出来并将其移入统一的组下面。所使用的是windows server自带的powershell命令。下面是其具体的实现：

import-module ActiveDirectory
Write-Host "This script is to avoid repeating configuration action.`n"
Write-Host "Before you config the GPRegistryValue,do you want to backup?Please input y to backup or n do nothing."
$backup = Read-Host

#Test the path(it's a folder),and backup all the gpo.
if($backup -eq "y"){
if(!(Test-Path C:\GpoBackups)){
New-Item -ItemType Directory -Force -Path C:\GpoBackups
}
Backup-GPO -All -Path C:\GpoBackups
}

#Check the OU(organization Unit)，and create it if not exist.
Write-Host "Please input a target OU name.eg:GPWRM.`n"
$ldap = '(&(cn=Microsoft Hyper-V)(objectCategory=serviceConnectionPoint))'
$ouName = Read-Host
$targetOU = "OU=" + $ouName +",DC=hpv,DC=local"
if(![adsi]::Exists("LDAP://$targetOU")){
New-ADOrganizationalUnit -Name $ouName -path "DC=hpv,DC=local"
}
#Find target and move to OU.
$searcher = [adsisearcher]$ldap
$searcher.FindAll()|
ForEach-Object{
$obj = $_.GetDirectoryEntry()

$path = $obj.distinguishedName.Value.Replace("CN=Microsoft Hyper-V,","")

Move-ADObject -Identity "$path" -TargetPath "$targetOU"

}
Write-Host "Please input a new GPO name.Eg:Configure firewall rules for remote gpupdate12.`n"
$gpoName = Read-Host
Write-Host "Please input a starter GPO Name.eg:Group Policy Remote Update Firewall Ports.`n"
$starterGpoName = Read-Host
New-GPO –Name $gpoName –StarterGpoName $starterGpoName | New-GPLink –target $targetOU –LinkEnabled yes

Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig" -ValueName "(Default)" -Value "true" -Type String
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!IPv4Filter" -ValueName "(Default)" -Value "*" -Type String
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!IPv6Filter" -ValueName "(Default)" -Value "*" -Type String
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowBasic" -ValueName "(Default)" -Value "false" -Type String
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowUnencryptedTraffic" -ValueName "(Default)" -Value "true" -Type String
Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowNegotiate" -ValueName "(Default)" -Value "false" -Type String
Set-GPRegistryValue -Name $gpoName  -Key "HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowKerberos" -ValueName "(Default)" -Value "false" -Type String

Get-ADComputer -filter * -Searchbase $targetOU | foreach{ Invoke-GPUpdate -computer $_.name  -RandomDelayInMinutes 0 -force}