Automatically generate description field for computers in Active Directory. Having worked in help- desk roles in the past I know the importance of knowing which user has logged onto which computer. Its simple stuff really, but unless you have 3rd party systems like System Center 2. SC1. 2) or client agents, its either hard or time consuming to find out the relation between users and computers. What we needed was an easy way to find out what the last logged on user was for every machine. In our particular environment we had this very need even more so as we adopt automatic operating system deployments that use generated computer names containing serial numbers. Examples of how to create a computer account in active directory. Here are examples of VBScripts that you can use to create computer accounts. Active Directory scripting resources, Hey Scripting Guy articles, technical articles, script repository, webcasts. Script to populate computer description for windows. a solution. i have very little knowledge of vb script. but if there is anyway. in Active Directory. Our support staff could now go to Active Directory and see useful information populated in the description field for all computers. Originally we were hoping to use SC1. For this simple task I tackled it simply with a log- on script and a small amount of config to Active Directory. The Requirements. Below are the list of requirements we had for our environment. Include users Full Name – Helps the technician when they call the user. Include user name – helps find user in active directory. Make and Model – Useful to determine what form factor they are (Laptop/Desktop/Tablet)Serial number – helps to verify quickly with our asset inventory system – not required but useful nonetheless. Date – Note I do not use this, but have added it to the script for some that may want to. There is a lot more information that we could have included, both from WMI and Active Directory easily but we did not have a need for it. Im happy to modify the script if someone can think of something useful to add. Active Directory Changes (USN)Active Directory uses Update Sequence Numbers (USN) as its primary mechanism to control replication between Domain Controllers. Each time a change is made on an object (like a computer) the attribute on that object (u. SNChanged) increases. Changing the description of a computer object increases the u. Powershell Append text to object description in. for example a computer has the description as. How do I delete this orphaned Active Directory computer. SNChanged value which allows it to replicate to other domain controllers. Active Directory replication does not primarily depend on time to determine what changes need to be propagated. Instead it uses update sequence numbers (USNs) that are assigned by a counter that is local to each domain controller. Because these USN counters are local, it is easy to ensure that they are reliable and never run backward (that is, they cannot decrease in value). REFERENCE: How the Active Directory replication model workshttp: //technet. I could not find the correct documentation or supporting evidence for the below but I believe it is correct – please let me know if I am wrong: There is a limit to the amount of USN’s that an Active Directory object can have, and this script can cause the USN limit to be reached in a large environment. To counter this problem the script does not change if the value is the same, therefore the majority of object descriptions will stay the same and not affect the USN count in a dramatic way. If you were to include a time/date stamp (for example) in the description field, ever time a user logs in it will increment the USN. USN count within a couple of years. WS1. 2 has some differences in this space with the new Active Directory system. So to sum the above up without scaring you too much, if you have a small environment and little AD changes you could put in the date and you probably wont have any problems for the next 2. I have a smaller environment but still chose to not include the date because I did not find it useful. I would rely on SC1. The Active Directory configuration (required)You need to allow Authenticated Users to be able to read and write ONLY the Description attribute of the Computer objects. To do this please follow the below steps: Open Active Directory Users and Computers. Ensure you have ‘Advanced Features’ enabled. To do this click on ‘View’ and make sure there is a tick next to ‘Advanced Features’Right- click on the domain in the left hand pane, and select properties. Click on the Security tab, and then on ‘Advanced’Click on Add, and enter ‘Authenticated Users’ in the text box. Click ‘Check Names’ then Ok. Select ‘Descendant Computer objects’ from the Apply to drop- down box and then click on the ‘Properties’ tab. Tick Allow next to ‘Read Description’ and ‘Write Description’. Note we need the Read Description property to allow the script to compare existing variables with newly generated one. Click Ok. Once you have followed the steps above, any authenticated user can update the description field, either with the below script or using another method. From a security perspective I think this is acceptable for almost all environments. The script. The below VBScript is what actually sets the Computer Description. This script needs to be run on the client machines for it to work. There are several ways you can achieve this. Ones that come to mind are: Group Policy Log- on script. Group Policy Log- off script. VPN post connection script. Scheduled task on client pcpsexec. By far the easiest will be using Group Policy. Active DirectoryThis wont be documented here, but basically you create a new Group Policy object, and under the User context you configure the log- on script. Note you do not configure it in the computer context as it will not know who the user is.' ===================================================================. Author: Ivan Dretvic. DATE CREATED: 0. 8/1. Documentation: http: //ivan. This script is designed to assist System Administrators by populating. Active Directory Computers. The sript can run. You need to set. ' appropriate permissions on Active Directory for Authenticated Users. Refer to documentation. On Error Resume Next. Set obj. Sys. Info = Create. Object("ADSystem. Info"). Set obj. Computer = Get. Object("LDAP: //" & obj. Sys. Info. Computer. Name). Set obj. User = Get. Object("LDAP: //" & obj. Sys. Info. User. Name). If left(obj. Computer. Then. 'If a tilda exists the script will terminate. This allows custom. Sets variables for Computer name, Manufacturer, Model. Serial number. str. Computer = ".". Set obj. WMIService = Get. Object("winmgmts: " & "{impersonation. Level=impersonate}!\\" & str. Computer & "\root\cimv. Set col. Computer. System = obj. WMIService. Exec. Query ("Select * from Win. Set col. BIOS = obj. WMIService. Exec. Query ("Select * from Win. BIOS"). For each obj. Computer. System in col. Computer. System. Get. Computer. Manufacturer = obj. Computer. System. Manufacturer. Get. Computer. Model = obj. Computer. System. Model. For each obj. BIOS in col. BIOS. Get. Serial. Number = obj. BIOS. Serial. Number. String cleaning - Manufacturer includes only first word, and. Count = In. Str(Get. Computer. Manufacturer," ") - 1. Get. Computer. Manufacturer = Left(Get. Computer. Manufacturer,txt. Count). Get. Serial. Number = Replace(Get. Serial. Number, " ", ""). Below are two variants in building the final string. Please chose. ' which you prefer. I did read but could not validate that excessive. AD change limits to be reached. First one is without dates and second is with dates. Below ar examples. The string is also trimmed to 1. AD schema. ' req (just in case). DESCRIPTION WITHOUT DATE ###. John Doe (jdoe) - Dell Optiplex 9. DRP4. 21. S. str. Comp. Desc = obj. User. SAMAccount. Name & " | " & obj. User. CN & " | " & Get. Computer. Manufacturer & " " & Get. Computer. Model & " | " & Get. Serial. Number. str. Comp. Desc = Left(str. Comp. Desc,1. 02. Compares AD string and generated string and skips if they are. This saves AD change count. If str. Comp. Desc = obj. Computer. description Then. Computer. Description = str. Comp. Desc. obj. Computer. Set. Info. ' '### DESCRIPTION WITH DATE ###. John Doe (jdoe) - Dell Optiplex 9. DRP4. 21. S. ' str. Date = Year(Date) & "/" & Month(Date) & "/" & Day(Date) & " | ". Comp. Desc = str. Date & obj. User. SAMAccount. Name & " | " & obj. User. CN & " | " & Get. Computer. Manufacturer & " " & Get. Computer. Model & " | " & Get. Local Computer Description & Active Directory Computer Description. Hi Richard,If I follow correctly, the script should now look like this: Option Explicit. Dim str. Computer, obj. Shell, str. Desc. Dim obj. Root. DSE, str. Domain, ado. Connection, ado. Command, str. Query. Dim ado. Recordset, str. Attributes, obj. Remote. Dim str. Key. Path, str. Entry. Name, str. Value, str. DN, obj. Computer. Const HKEY_LOCAL_MACHINE = & H8. Set obj. Shell = Create. Object("Wscript. Shell")' Determine DNS domain name from Root. DSE object. Set obj. Root. DSE = Get. Object("LDAP: //Root. DSE")str. Domain = obj. Root. DSE. Get("default. Naming. Context")' Use ADO to search Active Directory for all computers. Set ado. Command = Create. Object("ADODB. Command")Set ado. Connection = Create. Object("ADODB. Connection")ado. Connection. Provider = "ADs. DSOObject"ado. Connection. Open = "Active Directory Provider"ado. Command. Active. Connection = ado. Connection' Retrieve Net. BIOS name, Distinguished Name, and description of computers. Attributes = "s. AMAccount. Name,distinguished. Name,description"str. Query = "< LDAP: //" & str. Domain _& "> ;(Object. Category=computer); " & str. Attributes & "; subtree"ado. Command. Command. Text = str. Queryado. Command. Properties("Page Size") = 1. Command. Properties("Timeout") = 3. Command. Properties("Cache Results") = False. Set ado. Recordset = ado. Command. Execute' Enumerate computer objects. Do Until ado. Recordset. EOFstr. Computer = ado. Recordset. Fields("s. AMAccount. Name"). Value' Remove trailing "$". Computer = Left(str. Computer, Len(str. Computer) - 1)str. DN = ado. Recordset. Fields("distinguished. Name"). Valuestr. Desc = ado. Recordset. Fields("description"). Value ' Ping computer to see if online. If (Is. Connectible(str. Computer, 1, 7. 50) = True) Then' Connect to computer with WMI. On Error Resume Next. Set obj. Remote = Get. Object("winmgmts: " _& "{impersonation. Level=impersonate,authentication. Level=Pkt}!\\" _& str. Computer & "\root\default: Std. Reg. Prov")If (Err. Number < > 0) Then. On Error Go. To 0. Wscript. Echo str. Computer & " failed to connect with WMI"Else. On Error Go. To 0' Retrieve computer comment from registry. Key. Path = "System\Current. Control. Set\Services\Lanmanserver\Parameters"str. Entry. Name = "srvcomment"obj. Remote. Get. String. Value HKEY_LOCAL_MACHINE, _str. Key. Path, str. Entry. Name, str. Value. If (Is. Null(str. Value) = False) Then. If (str. Value < > str. Desc) Then' Bind to computer object in AD. Set obj. Computer = Get. Object("LDAP: //" & str. DN)' Assign description. Computer. description = str. Value' Save change to AD. Computer. Set. Info. End If. End If. End If. Else. Wscript. Echo str. Computer & " not available"End Ifado. Recordset. Move. Next. Loopado. Recordset. Close' Clean up. ado. Connection. Close. Option Explicit. Dim str. Computer, obj. Shell, str. Desc. Dim obj. Root. DSE, str. Domain, ado. Connection, ado. Command, str. Query. Dim ado. Recordset, str. Attributes, obj. Remote. Dim str. Key. Path, str. Entry. Name, str. Value, str. DN, obj. Computer. Const HKEY_LOCAL_MACHINE = & H8. Set obj. Shell = Create. Object("Wscript. Shell")' Determine DNS domain name from Root. DSE object. Set obj. Root. DSE = Get. Object("LDAP: //Root. DSE")str. Domain = obj. Root. DSE. Get("default. Naming. Context")' Use ADO to search Active Directory for all computers. Set ado. Command = Create. Object("ADODB. Command")Set ado. Connection = Create. Object("ADODB. Connection")ado. Connection. Provider = "ADs. DSOObject"ado. Connection. Open = "Active Directory Provider"ado. Command. Active. Connection = ado. Connection' Retrieve Net. BIOS name, Distinguished Name, and description of computers. Attributes = "s. AMAccount. Name,distinguished. Name,description"str. Query = "< LDAP: //" & str. Domain _& "> ;(Object. Category=computer); " & str. Attributes & "; subtree"ado. Command. Command. Text = str. Queryado. Command. Properties("Page Size") = 1. Command. Properties("Timeout") = 3. Command. Properties("Cache Results") = False. Set ado. Recordset = ado. Command. Execute' Enumerate computer objects. Do Until ado. Recordset. EOFstr. Computer = ado. Recordset. Fields("s. AMAccount. Name"). Value' Remove trailing "$". Computer = Left(str. Computer, Len(str. Computer) - 1)str. DN = ado. Recordset. Fields("distinguished. Name"). Valuestr. Desc = ado. Recordset. Fields("description"). Value ' Ping computer to see if online. If (Is. Connectible(str. Computer, 1, 7. 50) = True) Then' Connect to computer with WMI. On Error Resume Next. Set obj. Remote = Get. Object("winmgmts: " _& "{impersonation. Level=impersonate,authentication. Level=Pkt}!\\" _& str. Computer & "\root\default: Std. Reg. Prov")If (Err. Number < > 0) Then. On Error Go. To 0. Wscript. Echo str. Computer & " failed to connect with WMI"Else. On Error Go. To 0' Retrieve computer comment from registry. Key. Path = "System\Current. Control. Set\Services\Lanmanserver\Parameters"str. Entry. Name = "srvcomment"obj. Remote. Get. String. Value HKEY_LOCAL_MACHINE, _str. Key. Path, str. Entry. Name, str. Value. If (Is. Null(str. Value) = False) Then. If (str. Value < > str. Desc) Then' Bind to computer object in AD. Set obj. Computer = Get. Object("LDAP: //" & str. DN)' Assign description. Computer. description = str. Value' Save change to AD. Computer. Set. Info. End If. End If. End If. Else. Wscript. Echo str. Computer & " not available"End Ifado. Recordset. Move. Next. Loopado. Recordset. Close' Clean up. ado. Connection. Close. Function Is. Connectible(By. Val str. Host, By. Val int. Pings, By. Val int. TO)' Returns True if str. Host can be pinged.' str. Host is the Net. BIOS name or IP address of host computer.' int. Pings is number of echo requests to send.' int. TO is timeout in milliseconds to wait for each reply.' Based on a program by Alex Angelopoulos and Torgeir Bakken,' as modified by Tom Lavedas.' Variable obj. Shell has global scope and must be declared' and set in the main program.' Requires Windows NT or above. Dim lng. Result If (int. Pings = "") Thenint. Pings = 2. End If. If (int. TO = "") Thenint. TO = 7. 50. End If lng. Result = obj. Shell. Run("%comspec% /c ping - n " & int. Pings _& " - w " & int. TO & " " & str. Host _& " | find ""TTL="" > nul 2> & 1", 0, True) Select Case lng. Result. Case 0. Is. Connectible = True. Case Else. Is. Connectible = False. End Select. End Function. Is this correct? I receive a "compliation error: Expected statement" when I run this. Thank you for your help,Chad Sheldon.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |