Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Update AD Computer description with Local Domain Computer Description

Posted on 2007-08-09
10
Medium Priority
?
559 Views
Last Modified: 2013-12-23
I have given all of the computers on my domain a description. When I look in Active Directory the description that I gave does not appear. How can I update the Active Directory description with the description on each domain computer?
0
Comment
Question by:tradnaitgroup
10 Comments
 
LVL 13

Expert Comment

by:ocon827679
ID: 19665422
When did you do this?  Did you give it time from updating the description until you looked?  Its not an instantaneous thing since its the Global Catalog that needs to be updated.
0
 

Author Comment

by:tradnaitgroup
ID: 19665469
It has been over a week. I am almost 100% postive that it is not updated automatically and will need to be done with a script or tool. Are you saying that the local computer description should replicate to the AD computer description?
0
 
LVL 19

Expert Comment

by:aissim
ID: 19665579
I believe those are two separate entities...the local attribute does not directly correlate to the AD computer description.

I found the following article with a script that supposedly does what you need, but I've never used it:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8273
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:tradnaitgroup
ID: 19665609
I found that same article. The issue is they give you no details whatsoever on how or where to run it, nor do they tell you what needs to be modified for your specific domain.
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 19665772
I have not tried the script from the article and I would strongly recommend testing it in a non-production environment.

That said, it does not appear to require any domain-specific customization.  Just copy everything after "UpdCompDesc.bat contains:" into a text file and save it as UpdCompDesc.bat.  Log onto a 2003 server as a member of the Domain Admins group and double-click the file.
0
 

Author Comment

by:tradnaitgroup
ID: 19665872
When I run the batch logged in as the Schema Admin on my test domain, it says "Access is denied.".
0
 
LVL 19

Expert Comment

by:aissim
ID: 19666037
You could try from the command line:

dsmod computer <DN of computer> -desc <testdescription>

Just to see if you get the same access denied error manually doing one machine. The DN of the computer needs to be in the form of CN=machinename,OU=computers,DC=domain,DC=com (or whatever is specific to your directory structure)
0
 

Author Comment

by:tradnaitgroup
ID: 19667507
Still no luck. I have written a VB script that will update the user field and description field for computer but when I run it as a login script through GP, I receive access denied. Anyone know where I can allow standard users access to the AD description fields?
0
 
LVL 19

Accepted Solution

by:
aissim earned 1500 total points
ID: 19670792
I'd test this with a generic account first, but this should work:

In ADUC - go to the OU that your computer accounts reside (or up a level if need be). Right-click and select Delegate Control...Select the necessary users and groups (probably either Everyone or Authenticated Users)...on the Tasks to Delegate screen tick the 'Create a custom task to delegate' radio button. Next screen will be 'Active Directory Object Type'....tick 'Only the following objects in the folder' and then scroll down and tick the 'Computer objects' box - then click Next. On the permissions screen the General box should be ticked by default, also tick the 'Property-specific' box below (which gives you more granular control); then under Permissions scroll down and tick the 'Write Description' box.
0
 

Expert Comment

by:bsohrabi
ID: 22232197
How long does it take for this to take effect?  I'm trying to do the same thing but I don't see the Descriptions in AD.  
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question