ThinkPaper
asked on
Add a new custom field in Active Directory??
I have a logon/logoff script that records when a user logged on or logged off a machine. The information is placed in the Description field in Active Directory. So when you open AD and click on an OU, you will see the list of machines, and whoever has logged on/off at those specific machines. This was an easy way to see who logged on to what machine and it worked wonderfully.
I'm at a different location now, and I want to do the same thing. However, they are already using the Description field for something else. So I'd like to create a new field (named something like "Last Logged User") so I can still use the script and store the user info in that field.
I'm not really familiar with using ADSIedit or ADAM.. not exactly sure how to start? Would I be able to add another field on the same "General" tab, or would I need to create a new tab to include just that field?
Also - don't know if this matters, but currently, when you click on an OU in AD, on the right side you'd see a listing of machines/objects and it's attributes (name, type, description..) I would like to be able to include the new field there, so administrators can easily see who logged on to what machine, without having to right-click properties or double click it.
Is there a easy step-by-step tutorial or reference that will show me how to do this?
Below is an example of the logon script:
I'm at a different location now, and I want to do the same thing. However, they are already using the Description field for something else. So I'd like to create a new field (named something like "Last Logged User") so I can still use the script and store the user info in that field.
I'm not really familiar with using ADSIedit or ADAM.. not exactly sure how to start? Would I be able to add another field on the same "General" tab, or would I need to create a new tab to include just that field?
Also - don't know if this matters, but currently, when you click on an OU in AD, on the right side you'd see a listing of machines/objects and it's attributes (name, type, description..) I would like to be able to include the new field there, so administrators can easily see who logged on to what machine, without having to right-click properties or double click it.
Is there a easy step-by-step tutorial or reference that will show me how to do this?
Below is an example of the logon script:
Set objSysInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
'----- update workstations only --------------
If Instr(objSysInfo.ComputerName, "Workstation")>0 Then
'--- Update Workstations ------------
strMessage = objUser.CN & " - logged on: " & Now & "."
End If
objComputer.Description = strMessage
objComputer.SetInfo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok.. confused.. added that to the default-Display and it's still not showing up when you do the Add/Remove Columns. Am I missing something?
ASKER
Also added the line to extraColumns in computer-Display and container-Display....
=/
=/
ASKER
ok nvm i think i got it =) added to user, computer, container and default and that seemed to make it show up.
ASKER
A followup --
adminInfo field DOES NOT work for this.. it is a reserved field for administrative purposes. If you try to run it, it will work under admin but not for regular user, even if I set read/write permissions to the field. I had to end up using the "info" field itself, which although doesn't show up in the configuration, is available since the computer inherits all the properties from the user class.
adminInfo field DOES NOT work for this.. it is a reserved field for administrative purposes. If you try to run it, it will work under admin but not for regular user, even if I set read/write permissions to the field. I had to end up using the "info" field itself, which although doesn't show up in the configuration, is available since the computer inherits all the properties from the user class.
ASKER
adminDescription,Logged User,0,100,0