cantoris
asked on
Startup Script to set Description of Computer Account in Active Directory
I'm trying to use a Startup Script deployed to workstations through Group Policy to synchronise the locallly-configured computer description to the description field of the computer account in Active Directory.
It fails with error 0x80070005 (General Access Denied error) but will run manually as domain admin. The business-end of the script is attached.
Any idea what the problem is and how to best get around it?
It fails with error 0x80070005 (General Access Denied error) but will run manually as domain admin. The business-end of the script is attached.
Any idea what the problem is and how to best get around it?
Set objSysInfo = CreateObject("ADSystemInfo")
strComputerDN = objSysInfo.ComputerName
Set objComputer = GetObject("LDAP://" & strComputerDN)
objComputer.Put "description", strLocalDescription
objComputer.SetInfo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry I left this unclosed so long. Thanks for your help.
ASKER
I had initially presumed the computer account would be allowed to edit its own AD description, though Effective Permissions then showed this not to be the case. I also wasn't completely sure whether the script ran as Computer or as System.
I'll read up on the use of "Self" too and will be back in touch when I've tried it all out properly.