Automatically fill the computer description field in Active Directory – 4sysops. In this article I introduce a VBScript script that populates the description field of the Active Directory computer object with the account name of the last user who logged on to this machine. Geoff Kendal is a Windows/Linux systems administrator, scripter and problem solver, with over 1. Leeds, UK. Latest posts by Geoff Kendal (see all)As a systems administrator, you’ve probably noticed that computer objects in Active Directory have a description field that is shown in the default view of the Active Directory users and computers MMC console. It’s very rare to see an IT department that makes regular use of this field for something useful – never mind keeping it up to date! I thought that it would be a good idea to automatically populate this field with the last user to logon to the computer object. With a slight tweak to our AD security and a little bit of scripting, it’s quite easily achieved. I also added even more information to the field so I could see the system service tag and model number. Active Directory description field. In order for this process to work, we will need to allow our authenticated domain users to edit the description values on computer objects. Be aware that by doing this, a malicious or cheeky user on your network could change the description on computer objects to anything they want. Given that mine were all empty, anyway, and that they get overwritten each time someone logs in, I didn’t think this would be a significant problem for me. To grant this access, perform the following steps: Open Active Directors Users and Computers MMCEnsure you have ‘Advanced Features’ enabled (On the ‘view’ menu)Right click on your domain, and select ‘properties’ from the context menu. On the ‘security’ tab, click the ‘advanced’ button. Click the ‘add’ button, type ‘Authenticated Users’. Get Members Of Active Directory Group Vb Script Function ReferenceGet Members Of Active Directory Group Vb Script Functions· Solution: And to pretty it up a little: ForEach ($Group in (Get-Content c:\text.txt)) { Get-ADGroupMember $Group | Select. Active Directory (AD) is a distributed directory service created by Microsoft. It stores all information and settings for a deployment in a central database. ![]() Then click OK. In the permission entry dialogue, set the ‘apply to’ pull- down menu to ‘Descendant Computer Objects’, then in the permissions section, tick the allow options for ‘Write Description’Permission entry dialogue. . Once you’ve done this, click ‘OK’ on all, then close the ADUC MMC window.The next stage is to put the script together.You can modify your script to get and insert any data you require, my example saves the username, service tag, and computer make/model – I’ve added a few comments to show what's going on. Set Wsh. Network = WScript. Create. Object("WScript. Network"). Set obj. WMI = Get. Object("winmgmts: {impersonation. Level=impersonate}!\\.\root\cimv. Get service tag and computer manufacturer. For Each obj. SMBIOS in obj. WMI. Exec. Query("Select * from Win. System. Enclosure"). Tag = replace(obj. SMBIOS. Serial. Number, ",", "."). SMBIOS. Manufacturer, ",", "."). Get computer model. For Each obj. Computer in obj. WMI. Exec. Query("Select * from Win. Computer. System"). Computer. Model, ",", ".")). Get computer object in AD. Set obj. Sys. Info = Create. Object("ADSystem.Info"). Set obj. Computer = Get.Object("LDAP: //" & obj.Sys. Info. Computer.Name). ' Build up description field data and save into computer object if different from current description.We also do not update computers with a description that starts with an underscore (_).Description = Wsh. more. Network. User. Name & " (" & service. Tag & " – " & manufacturer & " " & model & ")". Computer. Description = new. Description and not left(obj. Computer. Description,1) = "_" then. Computer. Description = new. Description. obj. Computer. Set. Info. Set Wsh. Network=WScript. Create. Object("WScript. Network")Set obj. WMI=Get. Object("winmgmts: {impersonation. Level=impersonate}!\\.\root\cimv. Get service tag and computer manufacturer. For Each obj. SMBIOS in obj. WMI. Exec. Query("Select * from Win. System. Enclosure") service. Tag = replace(obj. SMBIOS. Serial. Number, ",", ".") manufacturer = replace(obj. SMBIOS. Manufacturer, ",", ".")Next'Get computer model. For. Eachobj. Computer inobj. WMI. Exec. Query("Select * from Win. Computer. System") model=trim(replace(obj. Computer. Model,",","."))Next' Get computer object in ADSet obj. Sys. Info = Create. Object("ADSystem. Info")Set obj. Computer = Get. Object("LDAP: //" & obj. Sys. Info. Computer. Name)'Build up description field data andsave into computer objectifdifferent from current description'We also donotupdate computers withadescription that starts with an underscore(_)new. Description=Wsh. Network. User. Name& " ("& service. Tag& " – "& manufacturer& " "& model& ")"ifnotobj. Computer. Description=new. Description andnotleft(obj. Computer. Description,1)="_" then obj. Computer. Description=new. Description obj. Computer. Set. Infoendif. If you run this script as a regular user, then check ADUC, you should find that the computer object that the script was run from, has now a description field set. All that remains now is to add the VBScript to the user login script. I do this via GPO (User configuration > Policies > Windows Settings > Scripts > Logon). Once your GPO is updated, restart another system, and login again – once more, you should see that computers AD object updated. Now you can stil back and relax while you watch your computer objects in AD fill up with useful information in the description field. Win the monthly 4sysops member prize for IT pros. Related Posts. Repair the domain trust relationship with Test- Computer. Secure. Channel. Softerra Adaxes 2. AD self- service with an offline twist.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |