Sync AD computer description field with local computer description field.

Discussion in 'Scripting' started by Michael, May 11, 2007.

  1. Michael

    Michael Guest


    Is there a way to sync the computer description field in AD with the
    computer description field on the my computer properties computername tab.

    FROM: XP PRO ( Local computer description field) >>>>>>>>> TO: SRV 2003
    (AD computer description field)

    We are doing a role out of a couple thousand computers and would like the
    local computer techs to fill out workstation description field and have it
    populate the AD computer description field.

    Thanks in advance for any help.
    Michael, May 11, 2007
    1. Advertisements

  2. Michael

    Jeremy Guest

    I'm sure you could do this via a combination WMI/ADSI script. But you'd
    have to run it AFTER the rollout, ensuring all the compters were swtiched
    on, then run the script against a list of computer names that:

    Connects to the remote computer and determines the description
    Writes the description to the computer object

    I'd do this with a short vbscript that accepts then computer name as an
    argument and just does that computer. Then I'd do a batch file loop that
    loops through a text file with each different computer name in the file
    passing it to the vbscript.

    I can see from setting my computer description to "dishwasher" and then
    searching the registry for dishwasher, that the value is stored in:

    So here is a link to a script to retireve a registry value with vbscript:

    And here is a link to a script to write to the Location property of a
    computer account, replace "Location" with "Description":

    This should get you underway.
    Jeremy, May 13, 2007
    1. Advertisements

  3. Active Directory is not designed to store short-lived, frequently updated
    information like that. Active Directory has no information about which user
    is logged into which computer.

    If in your environment you have a fixed relationship between users and
    computers, you could create a text file of user Distinguished Names and
    computer Distinguished Names. Then you could code a one time script to
    populate the user description field with the information you want. If you
    have many users you could start with a logon script that logs the user and
    computer names to a shared text file.
    Richard Mueller [MVP], Feb 9, 2009
  4. To get you started on a one-time scripting solution, here is an example
    VBScript program that creates a text file with the Distinguished Names of
    all users in the domain: User List 2.htm

    The same program can be modified to document all computer objects in the
    domain. Just modify this filter:

    ' Filter on all users.
    strFilter = "(&(objectCategory=person)(objectClass=user))"

    so it looks like this:

    ' Filter on all computers.
    strFilter = "(objectCategory=computer)"

    The program requires the name of the text file to be created, passed as a
    parameter to the program. There will be one Distinguished Name per line in
    the file created. You can read both files into a spreadsheet program and
    juggle it around until you line up the computers with the users. Note the
    file of computers will include servers and Domain Controllers, so delete
    those. You should end up with a spreadsheet where the first column is the
    Distinguished Name of users, and the second column is the Distinguished Name
    of the associated computer. Then you can use this spreadsheet as the input
    for another script to populate the description field of users. Such a
    program could look like below:
    Dim strExcelPath, objExcel, objSheet, intRow, strUserDN, strComputerDN
    Dim objUser, objComputer, strNetBIOSName

    ' Check for required arguments.
    If (Wscript.Arguments.Count < 1) Then
    Wscript.Echo "Arguments <FileName> required. For example:" & vbCrLf _
    & "cscript UserDescription.vbs c:\Scripts\UserList.xls"
    End If

    ' Spreadsheet file.
    strExcelPath = Wscript.Arguments(0)

    ' Bind to Excel object.
    On Error Resume Next
    Set objExcel = CreateObject("Excel.Application")
    If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "Excel application not found."
    End If
    On Error GoTo 0

    ' Open spreadsheet.
    On Error Resume Next
    objExcel.Workbooks.Open strExcelPath
    If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "Spreadsheet cannot be opened: " & strExcelPath
    End If
    On Error GoTo 0

    ' Bind to worksheet.
    Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)

    ' Read each row of spreadsheet until a blank is found in the first column.
    ' The first column is the DN of a user.
    ' The second column is the DN of a corresponding computer.
    ' intRow is the row number of the spreadsheet.
    intRow = 1
    Do While objSheet.Cells(intRow, 1).Value <> ""
    strUserDN = objSheet.Cells(intRow, 1).Value
    strComputerDN = objSheet.Cells(intRow, 2).Value
    On Error Resume Next
    Set objUser = GetObject("LDAP://" & strUserDN)
    If (Err.Number = 0) Then
    Set objComputer = GetObject("LDAP://" & strComputerDN)
    If (Err.Number = 0) Then
    On Error GoTo 0
    ' Assign the NetBIOS name of the computer to the description
    ' attribute of the user.
    strNetBIOSName = objComputer.sAMAccountName
    ' Strip off trailing "$" character.
    strNetBIOSName = Left(strNetBIOSName, Len(strNetBIOSName) - 1)
    objUser.description = strNetBIOSName
    ' Save change.
    On Error GoTo 0
    Wscript.Echo "Computer " & strComuterDN & " not found"
    End If
    Wscript.Echo "User " & strUserDN & " not found"
    On Error GoTo 0
    End If
    intRow = intRow + 1

    ' Close the workbook.

    ' Quit Excel.

    Wscript.Echo "Done"
    I decided to assign the NetBIOS name of the computer to the description
    field. You might want to user the Distinguished Name instead, in which case
    there is no need to bind to the computer object.
    Richard Mueller [MVP], Feb 9, 2009
  5. Michael

    Al Dunbar Guest

    I agree with Richard that AD is not the best place to keep that type of
    information. Add to that the fact that the script would need to be run by an
    account with sufficient privileges to modify the computer account's
    description field. Also add to this the fact that this information would not
    indicate who is currently logged on, but who last logged on.

    I agree. And that approach brings with it other benefits that could possibly
    obviate your need to update the computer account. I'm surprised Richard did
    not give you a link to a good example of this approach:


    Al Dunbar, Feb 9, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.