So to sum the above up without scaring you too much, if you have a small environment and little AD changes you could put in the date and you probably wont have any problems for the next 20 years, but if you are a large organisation you need to consider this.
This technique can be used to automatically populate the Description field of a computers in Active Directory. Im happy to modify the script if someone can think of something useful to add. Powershell cmdlet Set-ADComputer will help you to do it. Make sure that the information about the manufacturer and the model of the system have appeared in the Description field of our computer in the AD console.
The drawback of this approach is that any authenticated AD user can change or delete the description of any computer in Active Directory. So, we want the information about the manufacturer of the computer, its model and serial number to be displayed in the Description field of the computer in Active Directory Users and Computers console.
Using this technique, you can fill in any available computer attribute in Active Directory either manually or automatically. Create an array containing the list of all computers in the given OU: It is likely to work on other platforms as well. To do the same to other accounts, give them the corresponding privileges see below.
For this simple task I tackled it simply with a log-on script and a small amount of config to Active Directory. In this example the command is run with the domain administrator privileges.
Each time a change is made on an object like a computer the attribute on that object uSNChanged increases. To counter this problem the script does not change if the value is the same, therefore the majority of object descriptions will stay the same and not affect the USN count in a dramatic way.
I have a smaller environment but still chose to not include the date because I did not find it useful. The sample scripts are provided AS IS without warranty of any kind.
The Requirements Below are the list of requirements we had for our environment. To provide feedback or report bugs in sample scripts, please start a new discussion on the Discussions tab for this script.
It is supposed that this module is already installed from RSAT.
In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Windows No This script is tested on these platforms by the author. In our particular environment we had this very need even more so as we adopt automatic operating system deployments that use generated computer names containing serial numbers. ActiveDirectory for Windows PowerShell module can help us.
Its simple stuff really, but unless you have 3rd party systems like System Center SC12 or client agents, its either hard or time consuming to find out the relation between users and computers.
WS12 has some differences in this space with the new Active Directory system.
Because these USN counters are local, it is easy to ensure that they are reliable and never run backward that is, they cannot decrease in value.
The entire risk arising out of the use or performance of the sample scripts and documentation remains with you.
To do this please follow the below steps: Instead it uses update sequence numbers USNs that are assigned by a counter that is local to each domain controller. Originally we were hoping to use SC12 reporting but it was too slow and cumbersome to bring up details.
Our support staff could now go to Active Directory and see useful information populated in the description field for all computers. I would rely on SC12 to provide me with more detailed information if needed.How Automatically Fill Computer Description Field in Active Directory In this article we’ll demonstrate how to fill the computer information in Active Directory using PowerShell.
As an example, we’ll show how to save the information about the computer model in the description field of a computer objects in Active Directory.
Feb 11, · Udpate Comptuer Description–Pow erShell To update the computer description (description attribute) in Active Directory. Re: Computer Description Permission 1) Right-click the OU/container where computer accounts reside and choose "Delegate Permissions" (do NOT do it for the whole AD as this will allow editing.
Sep 09, · Update Computer account description with logon details. Add this as a logon script, it will write the users name and the date\time into the description field of the computer account of the machine being used.
If the computer is a server it will also include whether SNMP is installed (a requirement where I work). Active Directory. Automatically generate description field for computers in Active Directory. Changing the description of a computer object increases the uSNChanged value which allows it to replicate to other domain controllers.
There is a limit to the amount of USN’s that an Active Directory object can have, and this script can cause the USN limit to. Powershell Append text to object description in Active Directory.
How do I delete this orphaned Active Directory computer object (preferably with PowerShell)? 2. Missing DomainControllers in Active Directory Object. 1. Powershell remoting with active directory.
1. Syncing Computer Description With Active Directory Description Field. 0.Download