Update computers description with currently logged on user via logon script

Delegate users to allow them to change their description in AD

  1. Open ADUC
  2. Right click on domain object
  3. Select Delegate control
  4. Click Next
  5. Add Domain Users to Selected users and groups and click Next
  6. Select Create a custom task to delegate
  7. Select Only the following objects in this folder
  8. Tick Computer objects and click Next
  9. Remove tick on General and tick Property-specific to update the list below.
  10. Tick Write description on the list and click Next
  11. Click Finish

Create a VBS file containing the following code

Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
' Get service tag and computer manufacturer
For Each objSMBIOS in objWMI.ExecQuery("Select * from Win32_SystemEnclosure")
  serviceTag = replace(objSMBIOS.SerialNumber, ",", ".")
  manufacturer = replace(objSMBIOS.Manufacturer, ",", ".")
' Get computer model
For Each objComputer in objWMI.ExecQuery("Select * from Win32_ComputerSystem")
  model = trim(replace(objComputer.Model, ",", "."))
' Get computer object in AD
Set objSysInfo = CreateObject("ADSystemInfo")
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
' Get user object in AD
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
' Get all IP addresses
Dim NIC1, Nic, StrIP
Set NIC1 =     GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
For Each Nic in NIC1
    if Nic.IPEnabled then
		For Each ip in Nic.IPAddress
			If Len(StrIP)=0 then
				StrIP = ip
				StrIP = StrIP & ", " & ip
			End if
    End if
' Build up description field data and save into computer object if different from current description
newDescription = objUser.LastName & " " & objUser.FirstName & " (" & WshNetwork.UserName & ") - " & manufacturer & " " & model & " (" & serviceTag & ") [" & StrIP & "]"
' We also do not update computers with a description that starts with an underscore (_)
if not objComputer.Description = newDescription and not left(objComputer.Description,1) = "_"  then
  objComputer.Description = newDescription
end if
'WScript.StdOut.WriteLine newDescription
  1. Open Group Policy Management console
  2. Right click Group Policy Objects and select New
  3. Enter GPO name and click OK
  4. Edit the newly created GPO
  5. Navigate to User Configuration → Policies → Windows Settings → Scripts (Logon/Logoff)
  6. Doubleclick the Logon item and click Add
  7. Browse to the newly created script and click OK, and then again click OK and close the Group Policy Management Editor
  8. Link the GPO to the containers with user objects in it (note that this applies to all sub containers)

Next time the computers refresh their GPO, the logon script should run and every computer object should have the description like:

Last_name First_name (samaccountname) - vendor model (serial number)

Computers with description starting with _ will not have their description changed

Enter your comment:
  • windows/ad/upd_cmp_desc.txt
  • Last modified: 2020-02-06 12:59
  • (external edit)