GPO Item level Target with LDAP Query to add part of the OU name as environment variable

Jan Vogel 21 Reputation points


is it possible to use an ldap query with item level targeting to search for the computername, find the OU in which the computer accounts exists and then set part of the "OU name" (beginning to the first - (dash)) as an environment variable?

Computer name: VM01
OU in which the VM01 exists: deparment-org-city
Set "department" as environment variable in Windows?

I know you can filter for a value with item level targeting but I am not sure how to define the ldap query and use only the first part for the enviroment variable?

Thanks a lot for you help

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,823 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,239 questions
0 comments No comments
{count} votes

Accepted answer
  1. Thameur-BOURBITA 32,596 Reputation points


    It's possible only through Powershell because the value of environment variable is not static. Below a example of script that you can adapt it to create new environment variable:

    $DN_list = Get-ADComputer -Filter * | select -ExpandProperty DistinguishedName
    foreach($DN in $DN_list){
    $DN = $DN.Replace(",OU=","$")
    $DN = $DN.Split("$")
    $DN =$DN[1]
    $DN = $DN.Split("-")
    $DN = $DN[0]
    invoke-Command -ComputerName $computerName -ScriptBlock{$env:OU = $DN}

    Please don't forget to mark helpful reply as answer

0 additional answers

Sort by: Most helpful