This script scans the Active Directory environment for devices and retrieves specific Active Directory attributes for those devices and stores the information in ActiveEfficiency. This information is passed on to AppClarity which in turn allows administrators to partition management groups based on these device tags.

Pre-requisites for using the example Active Directory Device Tagging script:

• ActiveEfficiency Version 1.1 or later must be installed.
• Prior to running the script the Scout must be run against the ConfigMgr environment.
• The powershell command-let 'SplitPipeLine' should be imported from 'https://github.com/nightroman/SplitPipeline' to allow the script to perform multi-threading. If this is not available the script will still be able to run sequentially.
• Powershell Version 2.0
• The script needs to be run on a machine joined to the Active Directory domain where the required information resides, and have necessary permissions to be able to read device attributes from an Active Directory server.

Configuring the script to communicate with the ActiveEfficiency Web Service:

By default the ActiveEfficiency web service is installed to 

http://localhost/activeefficiency/. 

and this is set as a default in the script. However, if the ActiveEfficiency Web Service URL has been customized, then the script must be modified by changing the $global:ActiveEfficiencyUri variable to the correct URL.

Customizing the script to add extra device tags:

The first uncommented line of the script contains the list of AD attributes to retrieve: 

$global:attributeList = @("dnshostname", "operatingsystem", "operatingsystemversion", "pwdlastset", "samaccountname", "useraccountcontrol", "primarygroupid", "instancetype", "countrycode", "codepage")

If you want to add a new device tag, then the corresponding AD attribute needs to be appended to the list of existing ones. For example, if the device tag objectGuid needs to tagged for every device, then that atttribute needs to be added to the existing list of attributes in lower case like this:

$global:attributeList = @("dnshostname", "operatingsystem", "operatingsystemversion", "pwdlastset", "samaccountname", "useraccountcontrol", "primarygroupid", "instancetype", "countrycode", "codepage", "objectguid")

The example script

The following download link provides the Active Directory example script: QueryActiveDirectoryAttributesAndTagDevices.ps1

Running the Script :

The Script can be run on the powershell command line as:

.\QueryActiveDirectoryAttributesAndTagDevices.ps1.

How does it work:

1. The Script scans the Active Directory environment of the domain where the script is run from for devices and filters the ones which already exist in ActiveEfficiency. 
2. It then queries Active Directory attributes for each of these devices and stores these attributes against those devices in ActiveEfficiency.

Known and unsupported:

1. The script does not support reading attribute values of non-basic types like SID, Enumeration etc. If you need to read such attribute values, then they need to be converted to string-type.
2. The script cannot be run on a machine remote to the ActiveEfficiency server.