Software Deployment with Group Policy

Background

Though the lab is titled "AD Group Policy & SW Deployment" we spent a short time setting up the software deploy GPO. A lot of the time was spent using PowerShell to accomplish different goals. See the different sections below to learn how to use PowerShell to achieve different Windows administration tasks.

PowerShell to Create an OU

To create a new OU using PowerShell you will need to use the New-ADOrganizationalUnit commandlet. For this lab I needed to create a new OU titled Software Deploy in the root of my domain. To accomplish this I ran New-ADOrganizationalUnit -Name "Software Deploy" -Path "DC=dylan,DC=local". This will create the Software Deploy OU in the root of the dylan.local domain. For more information on the New-ADOrganizationalUnit commandlet please view the docs entry on the topic, linked here.

PowerShell to Remove an OU

Removing an OU is similar to creating one. Instead of running New-ADOrganizationalUnit you would run Remove-ADOrganizationalUnit. When removing an OU with PowerShell you do not need to specify the name and path flag. You just need to specify the identity. Identity can be either a distinguished name or an object GUID. For this lab I needed to remove the OU named Test OU. To accomplish this I ran Remove-ADOrganizationalUnit -Identity OU=Test OU, DC=dylan, DC=local. For more information on the Remove-ADOrganizationalUnit commandlet view the docs found here. To skip the confirmation prompt when running the Remove-ADOrganizationalUnit commandlet you can add -Confirm:$False after the command. Note that the OU may be protected from deletion. If this OU was protected I would have needed to run Set-ADOrganizationalUnit -Identity "OU=Test OU, DC=dylan, DC=local" -ProtectedFromAccidentalDeletion $false. This would change the protect from accidental deletion value on the OU and allow deletion. For more information on the Set-ADOrganizationalUnit view the docs entry found here.

Moving AD Objects with PowerShell

Another task that I needed to use PowerShell to complete in the lab was moving AD objects from one OU to another. To accomplish this I used the Move-ADObject commandlet in conjunction with the Get-ADObject commandlet. I needed to move all the items within the OU named Test OU to the Software Deploy OU. To accomplish this I ran the following Get-ADObject -Filter 'ObjectClass -ne "orginizationalUnit"' -SearchBase "OU=Test OU, DC=dylan, DC=local" | foreach {Move-ADObject -Identity $_.DistinguishedName -TargetPath "OU=Software Deploy, DC=dylan, DC=local}. That will Get all the AD objects within the OU and then pipe them into the foreach loop. We need to use the filter because it will list the OU itself and we dont want to move the OU. The foreach loop will move all the objects that are piped to it. The $_ variable is the pipeline variable, meaning its a variable that holds the information we just piped into this commandlet. For more information on Move-ADObject view the docs entry here, for information on Get-ADObject visit the docs page here, and for more information on automatic variables ($_) visit the docs here.

Searching Event Logs with PowerShell

The final task we needed to use PowerShell to complete was reviewing event logs on the workstation machine to confirm that the GPO worked. To achieve this I used the the Get-EventLog commandlet. Since the event log I was looking for indicated the successful installation of puty and was located in the System log I ran the following Get-EventLog -LogName System -Message Putty. Note that there should be * before and after Putty (My editor seems to think Im trying to use the * for formatting). For more information on the Get-EventLog commandlet visit the docs here.