windows:ad:upd_cmp_desc

Differences

This shows you the differences between two versions of the page.


windows:ad:upd_cmp_desc [2020/02/06 12:59] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Update computers description with currently logged on user via logon script ======
 +Delegate users to allow them to change their description in AD
 +  - Open ADUC
 +  - Right click on domain object
 +  - Select **Delegate control**
 +  - Click **Next**
 +  - Add **Domain Users** to **Selected users and groups** and click **Next**
 +  - Select **Create a custom task to delegate**
 +  - Select **Only the following objects in this folder**
 +  - Tick **Computer objects** and click **Next**
 +  - Remove tick on **General** and tick **Property-specific** to update the list below.
 +  - Tick **Write description** on the list and click **Next**
 +  - Click **Finish**
  
 +Create a VBS file containing the following code
 +<code logon.vbs>
 +Set WshNetwork = WScript.CreateObject("WScript.Network")
 +Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
 + 
 +' Get service tag and computer manufacturer
 +For Each objSMBIOS in objWMI.ExecQuery("Select * from Win32_SystemEnclosure")
 +  serviceTag = replace(objSMBIOS.SerialNumber, ",", ".")
 +  manufacturer = replace(objSMBIOS.Manufacturer, ",", ".")
 +Next
 + 
 +' Get computer model
 +For Each objComputer in objWMI.ExecQuery("Select * from Win32_ComputerSystem")
 +  model = trim(replace(objComputer.Model, ",", "."))
 +Next
 + 
 +' Get computer object in AD
 +Set objSysInfo = CreateObject("ADSystemInfo")
 +Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
 + 
 +' Get user object in AD
 +Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
 + 
 +' Get all IP addresses
 +Dim NIC1, Nic, StrIP
 +StrIP=""
 +Set NIC1 =     GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
 +
 +For Each Nic in NIC1
 +    if Nic.IPEnabled then
 + For Each ip in Nic.IPAddress
 + If Len(StrIP)=0 then
 + StrIP = ip
 + Else
 + StrIP = StrIP & ", " & ip
 + End if
 + Next
 +    End if
 +Next
 +
 +' Build up description field data and save into computer object if different from current description
 +newDescription = objUser.LastName & " " & objUser.FirstName & " (" & WshNetwork.UserName & ") - " & manufacturer & " " & model & " (" & serviceTag & ") [" & StrIP & "]"
 + 
 +' We also do not update computers with a description that starts with an underscore (_)
 +if not objComputer.Description = newDescription and not left(objComputer.Description,1) = "_"  then
 +  objComputer.Description = newDescription
 +  objComputer.SetInfo
 +end if
 +'WScript.StdOut.WriteLine newDescription
 +</code>
 +
 +  - Open **Group Policy Management** console
 +  - Right click **Group Policy Objects** and select **New**
 +  - Enter GPO name and click **OK**
 +  - Edit the newly created GPO
 +  - Navigate to **User Configuration -> Policies -> Windows Settings -> Scripts (Logon/Logoff)**
 +  - Doubleclick the **Logon** item and click **Add**
 +  - Browse to the newly created script and click **OK**, and then again click **OK** and close the **Group Policy Management Editor**
 +  - Link the GPO to the containers with user objects in it (note that this applies to all sub containers)
 +
 +Next time the computers refresh their GPO, the logon script should run and every computer object should have the description like:
 +<code>Last_name First_name (samaccountname) - vendor model (serial number)</code>
 +Computers with description starting with **_** will not have their description changed