<

GPO - Active Directory Update Computer Description with User Name using VB login Script

Published on
18,057 Points
11,357 Views
2 Endorsements
Last Modified:
Approved
[b]Ok so now I will show you how to add a user name to the description at login. [/b]

First connect to your DC (Domain Controller / Active Directory Server)

SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME
1. Open Active Directory Users and Computers (ADUC)
2. Right Click your "dommain.com" and click "Properties"
3. Select the "Security Tab" and click "Advanced" button
4. Click "Add" and then type "Authenticated Users" and click "OK"
5. No on the "Apply to:" drop down box locate and select "Descendant Computer objects"
6. Now in the Permissions window select the Allow check box for "Write all properties"
7. Click "OK", "OK" and "OK" again.

CREATE SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME
1. Click start > run and type: notepad
2. Click "OK"
3. Now copy and paste the following code:
 Set objSysInfo = CreateObject("ADSystemInfo")

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)

strMessage = objUser.CN & " logged in at " & objComputer.CN & " " & Now & "."

'objUser.Description = strMessage
'objUser.SetInfo

objComputer.Description = strMessage
objComputer.SetInfo
 

Open in new window


4. Now save this file to your desktop as AddUserDescriptionToAD.vbs
5. And that concludes the script

ADD SCRIPT TO GROUP POLICY TO UPDATE COMPUTER DESCRIPTION TO USERNAME
1. Open "Group Policy Manager" - Start > Administrative Tools > Group Policy Management
2. Expand "Forest: yourdomain.com"
3. Expand "Domains"
4. Expand "yourdomain.com"
5. Right click "Group Policy Objects" and select "New"
6. In the "Name" field type: User Configuration: Add Username to Computer Description
7. And click "OK"
8. Now under the "Group Policy Objects" locate the new GPO that was created "User Configuration: Add Username to Computer Description"
9. Right click the policy and click "Edit"
10. In the "Group Policy Management Editor" expand "User Configuration"
11. Expand "Policies"
12. Expand "Windows Settings"
13. And select "Scripts(Logon/Logoff)"
14. In the right pane double click "Logon"
15. Now click on "Show Files" (This will open the directory where you will need to copy the script AddUserDescriptionToAD.vbs)
16. So go to your Desktop and copy the "AddUserDescriptionToAD.vbs" script and paste it in the location that opened after click the "Show Files" button
17. Now go back to the "Logon Properties" window and click the "Add..." button
18. Now click the "Browse" button and double click the "AddUserDescriptionToAD.vbs" file.
19. Click "OK" and click "OK" again.
20. Close the "Group Policy Management Editor"

Next we will need to apply this policy to everyone.

APPLY NEW GPO (Group Policy Object) to All Users
1. On your "Group Policy Management" window
2. Ensure that you have expanded the "Forest:yourdomain.com > Domains > yourdomain.com"
3. Now right click on "yourdomain.com" and click "Link an Existing GPO..."
4. From the "Group Policy objects" list select the new Policy "User Configuration: Add Username to Computer Description" and click "OK"

Job done, now you can get your domain users to restart their computers and you will note that the Computer Description in AD has now change to the following:

NAME LASTNAME logged in at COMPUTERNAME 2010/08/31 09:40:51.

Please let me know if this article was helpful. This Article also appears in my blog : http://helewix.com/blog/index.php/Microsoft-Solutions/?blog=1&paged=5

Kind Regards,
Hendrik Wiese
2
Comment
1 Comment

Expert Comment

by:ACInfoServ
This script is excellent, but I am experiencing an issue on a few users at logon.  They are receive the attached error.  I realize this is an old post, but I am hoping someone might be able to offer assistance.
LogonError.png
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Join & Write a Comment

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Next Article:

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month