Discussion:
Asking the impossible? Add %username% to domain computer's description field automatically?
(too old to reply)
Lanwench [MVP - Exchange]
2009-09-21 17:25:51 UTC
Permalink
Domain: AD 2003 or 2008
Clients: XP Pro or <ptui> Vista

I support a lot of small businesses and am always looking for admin
shortcuts. I try to use fairly generic workstation names, and I put the
users' full names in the computer object's decscription field so I know who
to connect to for remote support, etc.

The problem is, of course, that users and computers over time will tend to
move, retire, quit, whatnot. I was wondering if anyone knew a way to somehow
populate the description field with the name of the user who has logged into
it. It would be fine if this happened every day (as long as it wasn't a
lengthy or disruptive process). I would want this to be the object's
description field, not the computer's local description field, so I can see
it all in ADUC.

I figured I'd go ask some smart geeky people. Any ideas?
Richard Mueller [MVP]
2009-09-21 18:23:47 UTC
Permalink
"Lanwench [MVP - Exchange]"
Post by Lanwench [MVP - Exchange]
Domain: AD 2003 or 2008
Clients: XP Pro or <ptui> Vista
I support a lot of small businesses and am always looking for admin
shortcuts. I try to use fairly generic workstation names, and I put the
users' full names in the computer object's decscription field so I know
who to connect to for remote support, etc.
The problem is, of course, that users and computers over time will tend to
move, retire, quit, whatnot. I was wondering if anyone knew a way to
somehow populate the description field with the name of the user who has
logged into it. It would be fine if this happened every day (as long as it
wasn't a lengthy or disruptive process). I would want this to be the
object's description field, not the computer's local description field, so
I can see it all in ADUC.
I figured I'd go ask some smart geeky people. Any ideas?
In general this is not recommended as it creates a lot of replication
traffic. The computer object is modified at every logon. AD is designed to
store information that changes infrequently. However, in a small network
(one site) this probably will not be disruptive. It could be done in a logon
script. I would code it to not revise the object unless the description is
to be changed. For example (not tested):
=========
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc

' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName

' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)

' Check computer description.
strDesc = objComputer.Description
If (strDesc <> strUserDN) Then
' Update computer description.
objComputer.description = strUserDN
objComputer.SetInfo
End If
=========
In the above I used the full Distinguished Name of the user. You could use
the NT name (the value of the sAMAccountName attribute), or the displayName
attribute (if it has a value).

Of course, this requires that all users have permissions to update the
description attribute of computers. I believe by default that authenticated
users have read but not write permissions. If you do this, I would recommend
granting authenticated users permissions to write the description attribute
only.

Finally, another option is a logon script that logs the user and computer
names to a shared log file. I have an example linked here:

http://www.rlmueller.net/Logon5.htm

You only need the logon script referenced on the page. When a user calls you
can copy the log file (so you don't interfere with users logging on), then
find the last logon entry for the user to determine the computer.

And another idea would be a shortcut on the desktop that runs a script that
displays information like the local computer name.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Lanwench [MVP - Exchange]
2009-09-22 12:38:54 UTC
Permalink
Post by Richard Mueller [MVP]
"Lanwench [MVP - Exchange]"
Post by Lanwench [MVP - Exchange]
Domain: AD 2003 or 2008
Clients: XP Pro or <ptui> Vista
I support a lot of small businesses and am always looking for admin
shortcuts. I try to use fairly generic workstation names, and I put
the users' full names in the computer object's decscription field so
I know who to connect to for remote support, etc.
The problem is, of course, that users and computers over time will
tend to move, retire, quit, whatnot. I was wondering if anyone knew
a way to somehow populate the description field with the name of the
user who has logged into it. It would be fine if this happened every
day (as long as it wasn't a lengthy or disruptive process). I would
want this to be the object's description field, not the computer's
local description field, so I can see it all in ADUC.
I figured I'd go ask some smart geeky people. Any ideas?
In general this is not recommended as it creates a lot of replication
traffic. The computer object is modified at every logon. AD is
designed to store information that changes infrequently. However, in
a small network (one site) this probably will not be disruptive. It
could be done in a logon script. I would code it to not revise the
object unless the description is to be changed. For example (not
tested): =========
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName
' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
' Check computer description.
strDesc = objComputer.Description
If (strDesc <> strUserDN) Then
' Update computer description.
objComputer.description = strUserDN
objComputer.SetInfo
End If
=========
In the above I used the full Distinguished Name of the user. You
could use the NT name (the value of the sAMAccountName attribute), or
the displayName attribute (if it has a value).
Of course, this requires that all users have permissions to update the
description attribute of computers. I believe by default that
authenticated users have read but not write permissions. If you do
this, I would recommend granting authenticated users permissions to
write the description attribute only.
Finally, another option is a logon script that logs the user and
http://www.rlmueller.net/Logon5.htm
You only need the logon script referenced on the page. When a user
calls you can copy the log file (so you don't interfere with users
logging on), then find the last logon entry for the user to determine
the computer.
And another idea would be a shortcut on the desktop that runs a
script that displays information like the local computer name.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
Yay - thanks, Richard. I will play with this. In several offices I support,
I've already got a login script that writes the login timestamp & user &
computer names to a text file, but it's a pain to look in separate places
for this. Displaying it on the screen for the user's benefit isn't that
useful as I generally need to know this stuff when they aren't there ... and
if they were there they could generally just look at the PTouch label ;-)
Phillip Windell
2009-09-22 13:56:33 UTC
Permalink
Post by Richard Mueller [MVP]
could be done in a logon script. I would code it to not revise the
object unless the description is to be changed. For example (not
tested): =========
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName
' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
' Check computer description.
strDesc = objComputer.Description
If (strDesc <> strUserDN) Then
' Update computer description.
objComputer.description = strUserDN
objComputer.SetInfo
End If
=========
This one got me interested too.
I don't like the fully qualified name, but I couldn't get it to work with
"sAMAccountName" or with "displayName",..the error was the "Object doesn't
support this property or method".

My descriptions look like this "Sales Laptop - <user Full Name>". So I'd
have to find some way to retreive the exisitng Desc, use the "-" as a
delimiter to save the first half into a variable and catcatonate them back
together with the new name.

Actually,...thinking about it,...that is just way more than I know how to
do. Easy the talk about,...hard to do.
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Richard Mueller [MVP]
2009-09-22 15:30:26 UTC
Permalink
Post by Phillip Windell
Post by Richard Mueller [MVP]
could be done in a logon script. I would code it to not revise the
object unless the description is to be changed. For example (not
tested): =========
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName
' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
' Check computer description.
strDesc = objComputer.Description
If (strDesc <> strUserDN) Then
' Update computer description.
objComputer.description = strUserDN
objComputer.SetInfo
End If
=========
This one got me interested too.
I don't like the fully qualified name, but I couldn't get it to work with
"sAMAccountName" or with "displayName",..the error was the "Object doesn't
support this property or method".
My descriptions look like this "Sales Laptop - <user Full Name>". So I'd
have to find some way to retreive the exisitng Desc, use the "-" as a
delimiter to save the first half into a variable and catcatonate them back
together with the new name.
Actually,...thinking about it,...that is just way more than I know how to
do. Easy the talk about,...hard to do.
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
The ADSystemInfo object only retrieves the DN of the current user. You could
use this to bind to the user object and retrieve sAMAccountName, displayName
(if it has a value), or any other attribute. For example:
=========
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strName = objUser.sAMAccountName
=======
Or, you can use the wshNetwork object to retrieve the sAMAccountName of the
current user:
========
Set objNetwork = CreateObject("Wscript.Network")
strName = objNetwork.UserName
========
Finally you could use the wshShell object to retrieve the value of the
%username% environment variable:
========
Set objShell = CreateObject("Wscript.Shell")
Set colVars = objShell.Environment("Process")
strName = colVars("USERNAME")
==========
If it matters, I think using the wshNetwork object is most efficient, if the
client is at least Windows 2000.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Phillip Windell
2009-09-22 17:00:30 UTC
Permalink
Thanks Richard!

I'll poke around with this for a while.
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Post by Richard Mueller [MVP]
Post by Phillip Windell
Post by Richard Mueller [MVP]
could be done in a logon script. I would code it to not revise the
object unless the description is to be changed. For example (not
tested): =========
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName
' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
' Check computer description.
strDesc = objComputer.Description
If (strDesc <> strUserDN) Then
' Update computer description.
objComputer.description = strUserDN
objComputer.SetInfo
End If
=========
This one got me interested too.
I don't like the fully qualified name, but I couldn't get it to work with
"sAMAccountName" or with "displayName",..the error was the "Object
doesn't support this property or method".
My descriptions look like this "Sales Laptop - <user Full Name>". So I'd
have to find some way to retreive the exisitng Desc, use the "-" as a
delimiter to save the first half into a variable and catcatonate them
back together with the new name.
Actually,...thinking about it,...that is just way more than I know how to
do. Easy the talk about,...hard to do.
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
The ADSystemInfo object only retrieves the DN of the current user. You
could use this to bind to the user object and retrieve sAMAccountName,
=========
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strName = objUser.sAMAccountName
=======
Or, you can use the wshNetwork object to retrieve the sAMAccountName of
========
Set objNetwork = CreateObject("Wscript.Network")
strName = objNetwork.UserName
========
Finally you could use the wshShell object to retrieve the value of the
========
Set objShell = CreateObject("Wscript.Shell")
Set colVars = objShell.Environment("Process")
strName = colVars("USERNAME")
==========
If it matters, I think using the wshNetwork object is most efficient, if
the client is at least Windows 2000.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Phillip Windell
2009-09-22 17:39:27 UTC
Permalink
I got this one to work....

Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strName = objUser.sAMAccountName

But the displayName is what I would like. If I use "strName =
objUser.DisplayName" it just comes back blank. Yet all my AD Accounts have
the Display Name filled in in their properties.
Phillip Windell
2009-09-22 17:48:14 UTC
Permalink
Wait,...I think it worked. Needed to refresh the screen.
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Post by Phillip Windell
I got this one to work....
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strName = objUser.sAMAccountName
But the displayName is what I would like. If I use "strName =
objUser.DisplayName" it just comes back blank. Yet all my AD Accounts
have the Display Name filled in in their properties.
Phillip Windell
2009-09-22 18:58:06 UTC
Permalink
Ok, here is what I came up with by using you sample as a starting point.
I couldn't get the "test" to work correctly to determine if the Decription
was already correct and only update it when it isn't,...so this script just
overwrites the Description everytime it is run.

My descriptions follow the pattern of:

IT Laptop - Phillip Windell
Sales Laptop - Joe Smith
Newsroom Desktop - Jane Doe
Newsroom Laptop - John Public

So the idea is to keep everything from the "dash" to the left. Then add the
user's Display Name with a preceeding "space" after the dash.

It seems to work ok, but I have not had time to test it thoroughly.

-----------------Code below---------------------------
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
Dim objNetwork, strDisplayName, objUser
Dim pos, strLeftDesc

' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName

' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strDisplayName = objUser.displayName

' Gather Left side of Description.
strDesc = objComputer.Description
pos = InStr(strDesc,"-")
strLeftDesc = Left(strDesc, pos)

' Update computer description.
objComputer.description = strLeftDesc & " " & strDisplayName
objComputer.SetInfo

' Echo variable for error checking
wscript.echo "Saved part of the Computer Description = " & strLeftDesc
wscript.echo "Users Display Name = " & strDisplayName
wscript.echo "Old Computer Description = " & strDesc
wscript.echo "New Computer Description = " & objComputer.Description
------------------------------------------------------------------------
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Loading...