Asking the impossible? Add %username% to domain computer's description field automatically?

Domain: AD 2003 or 2008
Clients: XP Pro or <ptui> Vista

I support a lot of small businesses and am always looking for admin
shortcuts. I try to use fairly generic workstation names, and I put the
users' full names in the computer object's decscription field so I know who
to connect to for remote support, etc.

The problem is, of course, that users and computers over time will tend to
move, retire, quit, whatnot. I was wondering if anyone knew a way to somehow
populate the description field with the name of the user who has logged into
it. It would be fine if this happened every day (as long as it wasn't a
lengthy or disruptive process). I would want this to be the object's
description field, not the computer's local description field, so I can see
it all in ADUC.

I figured I'd go ask some smart geeky people. Any ideas?

"Lanwench [MVP - Exchange]"
< hoo.com> wrote in message
news:%...
> Domain: AD 2003 or 2008
> Clients: XP Pro or <ptui> Vista
>
> I support a lot of small businesses and am always looking for admin
> shortcuts. I try to use fairly generic workstation names, and I put the
> users' full names in the computer object's decscription field so I know
> who to connect to for remote support, etc.
>
> The problem is, of course, that users and computers over time will tend to
> move, retire, quit, whatnot. I was wondering if anyone knew a way to
> somehow populate the description field with the name of the user who has
> logged into it. It would be fine if this happened every day (as long as it
> wasn't a lengthy or disruptive process). I would want this to be the
> object's description field, not the computer's local description field, so
> I can see it all in ADUC.
>
> I figured I'd go ask some smart geeky people. Any ideas?
>

In general this is not recommended as it creates a lot of replication
traffic. The computer object is modified at every logon. AD is designed to
store information that changes infrequently. However, in a small network
(one site) this probably will not be disruptive. It could be done in a logon
script. I would code it to not revise the object unless the description is
to be changed. For example (not tested):
=========
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc

' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName

' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)

' Check computer description.
strDesc = objComputer.Description
If (strDesc <> strUserDN) Then
' Update computer description.
objComputer.description = strUserDN
objComputer.SetInfo
End If
=========
In the above I used the full Distinguished Name of the user. You could use
the NT name (the value of the sAMAccountName attribute), or the displayName
attribute (if it has a value).

Of course, this requires that all users have permissions to update the
description attribute of computers. I believe by default that authenticated
users have read but not write permissions. If you do this, I would recommend
granting authenticated users permissions to write the description attribute
only.

Finally, another option is a logon script that logs the user and computer
names to a shared log file. I have an example linked here:

http://www.rlmueller.net/Logon5.htm

You only need the logon script referenced on the page. When a user calls you
can copy the log file (so you don't interfere with users logging on), then
find the last logon entry for the user to determine the computer.

And another idea would be a shortcut on the desktop that runs a script that
displays information like the local computer name.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Richard Mueller [MVP] <rlmueller-> wrote:
> "Lanwench [MVP - Exchange]"
> < hoo.com> wrote in
> message news:%...
>> Domain: AD 2003 or 2008
>> Clients: XP Pro or <ptui> Vista
>>
>> I support a lot of small businesses and am always looking for admin
>> shortcuts. I try to use fairly generic workstation names, and I put
>> the users' full names in the computer object's decscription field so
>> I know who to connect to for remote support, etc.
>>
>> The problem is, of course, that users and computers over time will
>> tend to move, retire, quit, whatnot. I was wondering if anyone knew
>> a way to somehow populate the description field with the name of the
>> user who has logged into it. It would be fine if this happened every
>> day (as long as it wasn't a lengthy or disruptive process). I would
>> want this to be the object's description field, not the computer's
>> local description field, so I can see it all in ADUC.
>>
>> I figured I'd go ask some smart geeky people. Any ideas?
>>
>
> In general this is not recommended as it creates a lot of replication
> traffic. The computer object is modified at every logon. AD is
> designed to store information that changes infrequently. However, in
> a small network (one site) this probably will not be disruptive. It
> could be done in a logon script. I would code it to not revise the
> object unless the description is to be changed. For example (not
> tested): =========
> Option Explicit
> Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
>
> ' Retrieve DN of user and computer.
> Set objSysInfo = CreateObject("ADSystemInfo")
> strUserDN = objSysInfo.UserName
> strComputerDN = objSysInfo.ComputerName
>
> ' Bind to the AD computer object.
> Set objComputer = GetObject("LDAP://" & strComputerDN)
>
> ' Check computer description.
> strDesc = objComputer.Description
> If (strDesc <> strUserDN) Then
> ' Update computer description.
> objComputer.description = strUserDN
> objComputer.SetInfo
> End If
> =========
> In the above I used the full Distinguished Name of the user. You
> could use the NT name (the value of the sAMAccountName attribute), or
> the displayName attribute (if it has a value).
>
> Of course, this requires that all users have permissions to update the
> description attribute of computers. I believe by default that
> authenticated users have read but not write permissions. If you do
> this, I would recommend granting authenticated users permissions to
> write the description attribute only.
>
> Finally, another option is a logon script that logs the user and
> computer names to a shared log file. I have an example linked here:
>
> http://www.rlmueller.net/Logon5.htm
>
> You only need the logon script referenced on the page. When a user
> calls you can copy the log file (so you don't interfere with users
> logging on), then find the last logon entry for the user to determine
> the computer.
> And another idea would be a shortcut on the desktop that runs a
> script that displays information like the local computer name.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net

Yay - thanks, Richard. I will play with this. In several offices I support,
I've already got a login script that writes the login timestamp & user &
computer names to a text file, but it's a pain to look in separate places
for this. Displaying it on the screen for the user's benefit isn't that
useful as I generally need to know this stuff when they aren't there ... and
if they were there they could generally just look at the PTouch label ;-)

>> could be done in a logon script. I would code it to not revise the
>> object unless the description is to be changed. For example (not
>> tested): =========
>> Option Explicit
>> Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
>>
>> ' Retrieve DN of user and computer.
>> Set objSysInfo = CreateObject("ADSystemInfo")
>> strUserDN = objSysInfo.UserName
>> strComputerDN = objSysInfo.ComputerName
>>
>> ' Bind to the AD computer object.
>> Set objComputer = GetObject("LDAP://" & strComputerDN)
>>
>> ' Check computer description.
>> strDesc = objComputer.Description
>> If (strDesc <> strUserDN) Then
>> ' Update computer description.
>> objComputer.description = strUserDN
>> objComputer.SetInfo
>> End If
>> =========

This one got me interested too.
I don't like the fully qualified name, but I couldn't get it to work with
"sAMAccountName" or with "displayName",..the error was the "Object doesn't
support this property or method".

My descriptions look like this "Sales Laptop - <user Full Name>". So I'd
have to find some way to retreive the exisitng Desc, use the "-" as a
delimiter to save the first half into a variable and catcatonate them back
together with the new name.

Actually,...thinking about it,...that is just way more than I know how to
do. Easy the talk about,...hard to do.

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Phillip Windell" <> wrote in message
news:...
>>> could be done in a logon script. I would code it to not revise the
>>> object unless the description is to be changed. For example (not
>>> tested): =========
>>> Option Explicit
>>> Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
>>>
>>> ' Retrieve DN of user and computer.
>>> Set objSysInfo = CreateObject("ADSystemInfo")
>>> strUserDN = objSysInfo.UserName
>>> strComputerDN = objSysInfo.ComputerName
>>>
>>> ' Bind to the AD computer object.
>>> Set objComputer = GetObject("LDAP://" & strComputerDN)
>>>
>>> ' Check computer description.
>>> strDesc = objComputer.Description
>>> If (strDesc <> strUserDN) Then
>>> ' Update computer description.
>>> objComputer.description = strUserDN
>>> objComputer.SetInfo
>>> End If
>>> =========
>
> This one got me interested too.
> I don't like the fully qualified name, but I couldn't get it to work with
> "sAMAccountName" or with "displayName",..the error was the "Object doesn't
> support this property or method".
>
> My descriptions look like this "Sales Laptop - <user Full Name>". So I'd
> have to find some way to retreive the exisitng Desc, use the "-" as a
> delimiter to save the first half into a variable and catcatonate them back
> together with the new name.
>
> Actually,...thinking about it,...that is just way more than I know how to
> do. Easy the talk about,...hard to do.
>
> --
> Phillip Windell
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>

The ADSystemInfo object only retrieves the DN of the current user. You could
use this to bind to the user object and retrieve sAMAccountName, displayName
(if it has a value), or any other attribute. For example:
=========
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strName = objUser.sAMAccountName
=======
Or, you can use the wshNetwork object to retrieve the sAMAccountName of the
current user:
========
Set objNetwork = CreateObject("Wscript.Network")
strName = objNetwork.UserName
========
Finally you could use the wshShell object to retrieve the value of the
%username% environment variable:
========
Set objShell = CreateObject("Wscript.Shell")
Set colVars = objShell.Environment("Process")
strName = colVars("USERNAME")
==========
If it matters, I think using the wshNetwork object is most efficient, if the
client is at least Windows 2000.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Thanks Richard!

I'll poke around with this for a while.

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"Richard Mueller [MVP]" <rlmueller-> wrote in
message news:...
>
> "Phillip Windell" <> wrote in message
> news:...
>>>> could be done in a logon script. I would code it to not revise the
>>>> object unless the description is to be changed. For example (not
>>>> tested): =========
>>>> Option Explicit
>>>> Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
>>>>
>>>> ' Retrieve DN of user and computer.
>>>> Set objSysInfo = CreateObject("ADSystemInfo")
>>>> strUserDN = objSysInfo.UserName
>>>> strComputerDN = objSysInfo.ComputerName
>>>>
>>>> ' Bind to the AD computer object.
>>>> Set objComputer = GetObject("LDAP://" & strComputerDN)
>>>>
>>>> ' Check computer description.
>>>> strDesc = objComputer.Description
>>>> If (strDesc <> strUserDN) Then
>>>> ' Update computer description.
>>>> objComputer.description = strUserDN
>>>> objComputer.SetInfo
>>>> End If
>>>> =========
>>
>> This one got me interested too.
>> I don't like the fully qualified name, but I couldn't get it to work with
>> "sAMAccountName" or with "displayName",..the error was the "Object
>> doesn't support this property or method".
>>
>> My descriptions look like this "Sales Laptop - <user Full Name>". So I'd
>> have to find some way to retreive the exisitng Desc, use the "-" as a
>> delimiter to save the first half into a variable and catcatonate them
>> back together with the new name.
>>
>> Actually,...thinking about it,...that is just way more than I know how to
>> do. Easy the talk about,...hard to do.
>>
>> --
>> Phillip Windell
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>
> The ADSystemInfo object only retrieves the DN of the current user. You
> could use this to bind to the user object and retrieve sAMAccountName,
> displayName (if it has a value), or any other attribute. For example:
> =========
> Set objSysInfo = CreateObject("ADSystemInfo")
> strUserDN = objSysInfo.UserName
> Set objUser = GetObject("LDAP://" & strUserDN)
> strName = objUser.sAMAccountName
> =======
> Or, you can use the wshNetwork object to retrieve the sAMAccountName of
> the current user:
> ========
> Set objNetwork = CreateObject("Wscript.Network")
> strName = objNetwork.UserName
> ========
> Finally you could use the wshShell object to retrieve the value of the
> %username% environment variable:
> ========
> Set objShell = CreateObject("Wscript.Shell")
> Set colVars = objShell.Environment("Process")
> strName = colVars("USERNAME")
> ==========
> If it matters, I think using the wshNetwork object is most efficient, if
> the client is at least Windows 2000.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>

I got this one to work....

Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strName = objUser.sAMAccountName

But the displayName is what I would like. If I use "strName =
objUser.DisplayName" it just comes back blank. Yet all my AD Accounts have
the Display Name filled in in their properties.

Wait,...I think it worked. Needed to refresh the screen.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"Phillip Windell" <> wrote in message
news:OM$...
>I got this one to work....
>
> Set objSysInfo = CreateObject("ADSystemInfo")
> strUserDN = objSysInfo.UserName
> Set objUser = GetObject("LDAP://" & strUserDN)
> strName = objUser.sAMAccountName
>
> But the displayName is what I would like. If I use "strName =
> objUser.DisplayName" it just comes back blank. Yet all my AD Accounts
> have the Display Name filled in in their properties.
>
>
>

Ok, here is what I came up with by using you sample as a starting point.
I couldn't get the "test" to work correctly to determine if the Decription
was already correct and only update it when it isn't,...so this script just
overwrites the Description everytime it is run.

My descriptions follow the pattern of:

IT Laptop - Phillip Windell
Sales Laptop - Joe Smith
Newsroom Desktop - Jane Doe
Newsroom Laptop - John Public

So the idea is to keep everything from the "dash" to the left. Then add the
user's Display Name with a preceeding "space" after the dash.

It seems to work ok, but I have not had time to test it thoroughly.

-----------------Code below---------------------------
Option Explicit
Dim objSysInfo, strUserDN, strComputerDN, objComputer, strDesc
Dim objNetwork, strDisplayName, objUser
Dim pos, strLeftDesc

' Retrieve DN of user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName

' Bind to the AD computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strDisplayName = objUser.displayName

' Gather Left side of Description.
strDesc = objComputer.Description
pos = InStr(strDesc,"-")
strLeftDesc = Left(strDesc, pos)

' Update computer description.
objComputer.description = strLeftDesc & " " & strDisplayName
objComputer.SetInfo

' Echo variable for error checking
wscript.echo "Saved part of the Computer Description = " & strLeftDesc
wscript.echo "Users Display Name = " & strDisplayName
wscript.echo "Old Computer Description = " & strDesc
wscript.echo "New Computer Description = " & objComputer.Description
------------------------------------------------------------------------



--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------