Hello,
I wanted to share this in case if this can be of help to other SEPM admins.
Problem: Default group or the default installation group in SEPM keeps getting populated by machines every time there is a new install or a client reconnecting to management servers after default timeout period. We then had to manually figure out where the client should go based on their IP addresses and subnet information. Of course we can use move client .vbs group to automate this, but keeping the ipgroups.txt updated required for the vbs script was still a manual process. Our group heirarchy is based off of locations in our Active Directory Sites and Services (ADSS). We were looking to completely automate this issue of manually moving clients and keeping SEPM in sync with subnets that are listed in ADSS.
Solution: The powershell script listed below. The main goal of the script is to get a dump of all subnets and their sites from ADSS and convert this information into a format that move-client.vbs tool requires. i.e: IPGroups.txt . Secondary goal of this script is to run all the move client scripts after creating the IPGroups.txt. Couple things about the powershell script and our background setup.
- This script was created mainly for workstations. We do not move servers based off of scripts
- In our environment, all workstations start with W. So the staging.vbs (move-client) that is called in the powershell is set up so that it looks for any machines that starts with W and moves them to a group in SEPM called "Staging"
- Once machines are in staging group, then another (Move-Client.vbs) script runs, that moves the machines based on their active directory subnet information.
- Powershell by default outputs all text and csv files into Unicode format, therefore, you will notice that a convert.bat is called from within the powershell script. convert.bat converts from unicode to ANSI format, as this is the only format that the move-client.vbs tool is compatible with.
- the content of the convert.bat file is the following command without the quotes
- TYPE D:\Scripts\Move-Clients\Main\Staging\temp.txt > D:\Scripts\Move-Clients\Main\Staging\IPGroups.txt
- the content of the convert.bat file is the following command without the quotes
- You will notice that there are a lot of import and exports happening in the powershell script, the reason is so that we can get the right data from ADSS into the right format that move-client.vbs tool requires (removing quotes etc.)
- The main folder where all the scripts are running from in this powershell script is D:\Scripts\Move-Clients, feel free to change the path in the script to match your folder structure.
![2_1.png]()
- Move-Clients folder has the main powershell script
- Main has the move-client.vbs that moves clients from default group (installation group) to staging based on naming standard
- staging has the move-client.vbs that moves clients from staging group in SEPM based on their ADSS subnets.
- Once the script is test and adjusted to your enviornment, schedule it using windows task schedular. I have it scheduled for daily so that I can keep SEPM insync with ADSS subnet information atleast once a day.
Script:
[cmdletbinding()]
param()
$Sites = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites
$obj = @()
foreach ($Site in $Sites) {
foreach($sub in $site.subnets){
$obj += New-Object -Type PSObject -Property (
@{
"SiteName" = "Put your SEPM group path here\" + $site.Name
"SubNet" = $sub.name
}
)}
}
$obj | export-csv D:\Scripts\Move-Clients\1st.csv -NoTypeInformation
$csv = Get-Content D:\Scripts\Move-Clients\1st.csv
$csv = $csv[1..($csv.count - 1)]
$csv > D:\Scripts\Move-Clients\2nd.csv
$csv = (Get-Content D:\Scripts\Move-Clients\2nd.csv) | % {$_ -replace '"', ""} | out-file -FilePath D:\Scripts\Move-Clients\3rd.csv -Force
Rename-Item D:\Scripts\Move-Clients\3rd.csv D:\Scripts\Move-Clients\temp.txt
Remove-Item D:\Scripts\Move-Clients\1st.csv
Remove-Item D:\Scripts\Move-Clients\2nd.csv
Copy-Item D:\Scripts\Move-Clients\temp.txt D:\Scripts\Move-Clients\Main\Staging\temp.txt -Force
Remove-Item D:\Scripts\Move-Clients\temp.txt
start d:\Scripts\Move-Clients\Main\Staging\convert.bat
sleep -Seconds 5
Remove-Item D:\Scripts\Move-Clients\Main\Staging\temp.txt
d:
cd\
cd "D:\Scripts\Move-Clients\Main"
cscript main.vbs
sleep -Seconds 5
d:
cd\
cd "D:\Scripts\Move-Clients\Main\Staging"
cscript staging.vbs
cd\
cd "D:\Scripts\Move-Clients"FYI: I am not a powershell guru, henceforth I may have done this the long way, if anyone has easier way of doing this, please feel free to share.