Automated object placement using AutoAD

Shaun VermaakCOG Lead Engineer
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units?

This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.


1) Computer Description Update Process

a) Delegation

To be able to update computer descriptions you need to delegate rights.

Add the following permissions to Active Directory either to the root of the domain or any other Organizational Unit. You would add it to an Organizational Unit if you only want to use this process for some computers

b) Powershell Script

Below is the Powershell script used to update the computer description.

It is important to note that you should not change the format of the message if you are planning to use my automated object placement process.

This script will be used within a group policy in step c

        # Get current user name
        $strUserName = $env:username;

        # Get current computer name
        $strComputerName = $env:computername;

        $objADSystemInfo = New-Object -ComObject ADSystemInfo;
        $objType = $objADSystemInfo.GetType();

        # Get current site name
        $strSiteName = $objType.InvokeMember('SiteName', 'GetProperty', $null, $objADSystemInfo, $null);

        # Get current date and time
        $strLogonDate = Get-Date -Format "dd-MM-yyyy HH:mm:ss";

        # Build message
        $strMessage = "$($strUserName) logged in on $($strLogonDate) at $($strSiteName) site";

        # Get computer object from Active Directory
        $strFilter = "(&(objectCategory=Computer)(name=$strComputerName))"
        $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
        $objSearcher.Filter = $strFilter
        $objPath = $objSearcher.FindOne()
        $objComputer = $objPath.GetDirectoryEntry()

        # Update computer object description with message in Active Directory
        $objComputer.InvokeSet("Description", $strMessage)

c) Group Policy Object

Create a GPO and link it to the root of a domain or Organizational Unit used in step a

Add the PowerShell script from step b as a User Logon script 

d) Result

After these steps, notice how the computer descriptions are automatically populated once the users log on to their computers

2) AutoAD

a) Download and extract (here is VirusTotal scan) to a folder of your choice on the computer which it will be scheduled to run on.

b) Run Configurator.exe (Configurator Editor).

c) On the Encrypt tab, enter the password for the account that will be performing the automated placement task. Encrypt it with key 2xCJvezFBYWQPBeHy7USdajK55M8skww and record encrypted password

d) On the Settings tab, enter the domain information, connection user name and the encrypted password recorded in step 2c.

Specify which objects AutoAD should create automatically

e) Specify Active Directory information. The format for these are Subnet/Bit Mask|AD Site Name|Computer DN|User DN

Subnet/Bit Mask: The subnet and mask (in bit format) for the specific entry

AD Site: The Active Directory site to which the subnet belongs

Computer DN: The distinguished name of the organizational unit where to move computers to for computer objects in this subnet

User DN: The distinguished name of the organizational unit where to move users to for user objects in this subnet

Please Note: Ensure that you do not allow users/admins to gain any additional permissions by moving users from one container to another. The reason for this is that a user move might be forced to an incorrect OU if descriptions are tampered with. 

f) Specify any user DNs that should be skipped

g) Specify any computer DNs that should be skipped

Demo Execution

After implementing ComputerDescriptionUpdate.ps1 notice how computer descriptions are automatically updated

AutoAD.exe output

Sites and subnets automatically created by AutoAD

Organizational Units automatically created by AutoAD

Object placement (example 1)

Object placement (example 2)

Object placement (example 3)

Object placement (example 4)


Using this process will keep Active Directory organized and objects in the correct Organizational Units

Please do not forget to press the "Thumb's Up" button if this article was helpful and valuable for EE members.

It also provides me with positive feedback. Thank you!

Shaun VermaakCOG Lead Engineer
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.

Comments (3)

Albert WidjajaIT Professional

Hi Shaun,

Thanks for sharing this great idea.

May I know if the section 1) Computer Description Update Process - a) Delegation must be executed on the root domain or this can be done on the default Computers OU and each of the OU where AD computer object is found?
Shaun VermaakCOG Lead Engineer
Awarded 2017
Distinguished Expert 2019


Both will work. Root is easier because object can be anywhere but delegation on a sub OU is better practice
Philip ElderSenior Technical Architect - HA/Compute/Storage
Most Valuable Expert 2021
Distinguished Expert 2022

How does the .EXE interact with ADDS to create all of those objects please?

$GPOCreateDate = "2022-06-08"
$Domain = "DC=MyDomain"
$TLD = "DC=Com"
$FullDomain = "$($Domain),$($TLD)"
$Site = "HeadOffice"
$Prefix = "ABCD-"

New-GPO "My New Policy" -Comment "$($GPOCreateDate): Created by Philip Elder."
New-GPLink -Name "Default Domain Computers Security Policy" -Target "$($FullDomain)" -LinkEnabled Yes -Enforced Yes

The above is for Step C which I think would fall in line with the step-by-step process to let folks know how to do that in PoSh?

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.