IP addresses in Active Directory

Is there any way I can either download or perhaps create a bat, vbs script to show IP address in Active Directory for the computers. I'd like to be able to make it show up in the Description or even in the properties by adding a tab.  Is this possible?
WellingtonISAsked:
Who is Participating?
 
Ernie BeekConnect With a Mentor ExpertCommented:
Try this script:

 
' *** Get IP addresses on the workstation

OPTION EXPLICIT
DIM computerName, DN, i, IPConfig, IPConfigSet
DIM strIPAddresses, strComputer
DIM objWMIService, objNetwork

Const ADS_PROPERTY_UPDATE = 2
strIPAddresses = ""

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set IPConfigSet = objWMIService.ExecQuery _
("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled=TRUE")

For Each IPConfig in IPConfigSet
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
strIPAddresses = strIPAddresses & IPConfig.IPAddress(i) & ", "
Next
End If
Next

Set objNetwork = WScript.CreateObject("WScript.Network")

DN = getOUByComputerName(objNetwork.ComputerName)


FUNCTION getOUByComputerName(BYVAL computerName)
	' *** Function to find ou/container of computer object from computer name ***
	
	DIM namingContext, ldapFilter, ou
	DIM cn, cmd, rs
	DIM objRootDSE, objComputer

' Bind to the RootDSE to get the default naming context for
	' the domain.  e.g. dc=wisesoft,dc=co,dc=uk
	SET objRootDSE = GETOBJECT("LDAP://RootDSE")
	namingContext = objRootDSE.GET("defaultNamingContext")
	SET objRootDSE = NOTHING

	' Construct an ldap filter to search for a computer object
	' anywhere in the domain with a name of the value specified.
	ldapFilter = "<LDAP://" & namingContext & _
 	">;(&(objectCategory=Computer)(name=" & computerName & "))" & _
	";distinguishedName;subtree"

	' Standard ADO code to query database
	SET cn = CREATEOBJECT("ADODB.Connection")
	SET cmd = CREATEOBJECT("ADODB.Command")

	cn.open "Provider=ADsDSOObject;"
	cmd.activeconnection = cn
	cmd.commandtext = ldapFilter
	
	SET rs = cmd.EXECUTE

	IF rs.eof <> TRUE AND rs.bof <> TRUE THEN
		ou = rs(0)
		Set objComputer = GetObject("LDAP://" & ou)
		objComputer.Put "Description" , Array(strIPAddresses)
		objComputer.SetInfo
	END IF
	rs.close
	cn.close

END FUNCTION

Open in new window


Should do what you would like.
0
 
Brian PiercePhotographerCommented:
Nothing is impossible but what you want to do is not practical
0
 
Chev_PCNCommented:
If you're running DHCP, then It would be extremely difficult.
If you have fixed IP's, then create a custom field & then you can populate that manually.
For point-in-time-reports, you could do a DNS or DHCP export.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
danny1875Commented:
You would certainly need to modify the Active Directory Schema to be able to do this, and im sure there is a class to add an IP address. Honestly though.. it would be much easier to reference the DHCP table to check the IP address if your not familiar on how to do this.. its only a few more clicks anyway.
0
 
WellingtonISAuthor Commented:
Not using DHCP which is why I'd like to see if I can modify the Schema.
0
 
danny1875Commented:
I'd highly recommend you do use DHCP, even if its just for ease of management. Be very careful when you modify the AD schema and make sure you have a good, current system backup before you start :)

hope this helps.
0
 
Brian PiercePhotographerCommented:
Even if you modify the schema you then have to set about creating your own forms to dispaly the data in AD which is far from easy - as I said not practical
0
 
Chev_PCNCommented:
Your approach will be very time consuming to implement and probably quite time-consuming to maintain.
What is the purpose of this exercise? Perhaps there are alternative options?
0
 
WellingtonISAuthor Commented:
OK I can't just changed to DHCP I have a boss and there are over 1200 devices that  have fixed IP's.  right now it's a spreadsheet and I'm sure you all know what a mess that is. I do use DNS but I was hoping to be able to view in AD.
0
 
Chev_PCNCommented:
1200 devices with fixed IP?!?!? Do you have a plan to move to DHCP?
In the meantime use the "Export List" option in DNS.
0
 
WellingtonISAuthor Commented:
Well not really, my boss is old school so I doubt it will get changed anytime soon.  I have been using the export list option in DNS I just was hoping I could see everything vis Active Directory
0
 
Brian PiercePhotographerCommented:
1200 Devices with fixed IPs - A nightmare - and very inefficient - I would make changing this a priority !
0
 
WellingtonISAuthor Commented:
Again, It's not up to me.  My boss is set on Fixed IPs. Its easier for security instead of putting it on the switches.
0
 
Brian PiercePhotographerCommented:
I think you need a new boss :-)
0
 
WellingtonISAuthor Commented:
LOL he's ok just old school.  It's a lot of work to change of that many devices plus the fact that we are in the process of switching platforms in this hospital too.
0
 
danny1875Commented:
I agree with KCTS :) but seriously, get away from fixed IP and over to DHCP, it will save you time an effort in administration. Modifying the schema will work, but its more effort in the long run to do that rather than your boss just admitting defeat and making the move to DHCP
0
 
WellingtonISAuthor Commented:
So I guess I can't accomplish seeing IP's in Active Directory - if that's the case then close this.  thx everyone for your input.
0
 
WellingtonISAuthor Commented:
LOL!  OK then I will not even try
0
 
WellingtonISAuthor Commented:
Do I need to run this on the DC or can I run it from my own PC?
0
 
Ernie BeekExpertCommented:
Run it from a login script so it is executed from every workstation. Then you could even use it with DHCP ;)
0
 
WellingtonISAuthor Commented:
OK but what is it suppose to do exactly?
0
 
Ernie BeekExpertCommented:
It gets the IP address and name of the station, finds the station in AD and adds the found IP addresses in the description of the machine's AD object.
0
 
WellingtonISAuthor Commented:
OK I'll try and let you know. thx!
0
 
Ernie BeekExpertCommented:
Good luck. I'll be waiting :)
0
 
WellingtonISAuthor Commented:
Well the good news is I tested it on my own machine and it worked!!!  That's what I need, the bad news is I have to still check it on other machines to make sure it works and the even worse news is getting people to actually reboot.  Thanks - I WILL get back to you. Well deserved points.
0
 
Ernie BeekExpertCommented:
Thx, just take your time.

BTW, you can always force a reboot ;)
0
 
WellingtonISAuthor Commented:
Thx but good for me bad for users! ;)
0
 
WellingtonISAuthor Commented:
When my users are logging in this morning they are getting this error... See attached.  I think this has to do with the fact that my users have no rights.  Perhaps we can add the run as command?
script.png
0
 
Ernie BeekExpertCommented:
You could also try to run it as a computer startup script, that way no problems with user rights.
0
 
WellingtonISAuthor Commented:
OK I'll try a startup script.
0
 
Ernie BeekExpertCommented:
I'll be waiting (still ;-)
0
 
WellingtonISAuthor Commented:
Minor setback and I have to wait till the policy actually applies. Thanks again.
0
 
Ernie BeekExpertCommented:
Good luck.
0
 
WellingtonISAuthor Commented:
Its still doing this even on the startup script.
0
 
Ernie BeekExpertCommented:
Time for some elevation then.
Found this:http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22502969.html
Might be interesting.
I think it would be wise to first try it using a computer startup script, because security issues with passwords stored in the script (well, you know).
0
 
WellingtonISAuthor Commented:
Ran as a startup script and the error appeared.  I'm playing with a bat file with admin privledges.
0
 
WellingtonISAuthor Commented:
OK now I have a different error.  Line 65 Chara 3
General Access denied error
800700005
Active Directory

Line 65 is END IF?
0
 
WellingtonISAuthor Commented:
OK no matter what I try I can't get this to work. I tried to add the administrator account but that's not working either.
0
 
WellingtonISAuthor Commented:
This is what I added.  I'm getting an error on line 52, 1?
' *** Get IP addresses on the workstation

Option Explicit

Dim strArgs, strAdminUser, strAdminPass
Dim objFSO, wshNetwork, strComputer, objShell, strCommand

Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set wshNetwork = WScript.CreateObject("WScript.Network")
Set objShell = WScript.CreateObject("WScript.Shell")

strAdminUser = "wellington\administrator"
strAdminPass = "WRMC33414"

If WScript.Arguments.Count < 1 Then
      Call Normal_User_Commands
ElseIf WScript.Arguments(0) = "AsAdmin" Then
      Call Admin_User_Commands
Else
      MsgBox "Unknown Argument received"
End If

Sub Normal_User_Commands

DIM computerName, DN, i, IPConfig, IPConfigSet
DIM strIPAddresses, strComputer
DIM objWMIService, objNetwork

Const ADS_PROPERTY_UPDATE = 2
strIPAddresses = ""

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set IPConfigSet = objWMIService.ExecQuery _
("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled=TRUE")

For Each IPConfig in IPConfigSet
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
strIPAddresses = strIPAddresses & IPConfig.IPAddress(i) & ", "
Next
End If
Next

Set objNetwork = WScript.CreateObject("WScript.Network")

DN = getOUByComputerName(objNetwork.ComputerName)


FUNCTION getOUByComputerName(BYVAL computerName)
      ' *** Function to find ou/container of computer object from computer name ***
      
      DIM namingContext, ldapFilter, ou
      DIM cn, cmd, rs
      DIM objRootDSE, objComputer

' Bind to the RootDSE to get the default naming context for
      ' the domain.  e.g. dc=wisesoft,dc=co,dc=uk
      SET objRootDSE = GETOBJECT("LDAP://RootDSE")
      namingContext = objRootDSE.GET("defaultNamingContext")
      SET objRootDSE = NOTHING

      ' Construct an ldap filter to search for a computer object
      ' anywhere in the domain with a name of the value specified.
      ldapFilter = "<LDAP://" & namingContext & _
       ">;(&(objectCategory=Computer)(name=" & computerName & "))" & _
      ";distinguishedName;subtree"

      ' Standard ADO code to query database
      SET cn = CREATEOBJECT("ADODB.Connection")
      SET cmd = CREATEOBJECT("ADODB.Command")

      cn.open "Provider=ADsDSOObject;"
      cmd.activeconnection = cn
      cmd.commandtext = ldapFilter
      
      SET rs = cmd.EXECUTE

      IF rs.eof <> TRUE AND rs.bof <> TRUE THEN
            ou = rs(0)
            Set objComputer = GetObject("LDAP://" & ou)
            objComputer.Put "Description" , Array(strIPAddresses)
            objComputer.SetInfo
      END IF
      rs.close
      cn.close

END FUNCTION
0
 
WellingtonISAuthor Commented:
by the way that password is a dummy.. so don't worry.
0
 
Ernie BeekExpertCommented:
Have a look at this, perhaps it might help.
0
 
Ernie BeekExpertCommented:
0
 
WellingtonISAuthor Commented:
I'm not so sure I understand this...
0
 
Ernie BeekExpertCommented:
Well, just forget that for now. I was trying to do it the difficult way. If memory serves me right, you should be able to add a permission in AD on the computer OU to allow user to change/modify the description field of the computer object and only that field.
Don't have a server at hand right now so I'll try to look into to that asap.
0
 
WellingtonISAuthor Commented:
OK I think I got it to work using PSEXEC -  I'll let you know as soon as I finish testing.
0
 
Ernie BeekExpertCommented:
Cool, let me know.

I also found where to add the permission:

If you go to the properties of the OU that's holding the computer->tab security->advanced button->add a permission for 'domain users'->in 'permission entries' go to tab properties->there should be an option 'write admindescription'

That should be the one.
0
 
WellingtonISAuthor Commented:
OK this is my last shot... I'm wondering if I can call the script via a bat file for a startup or login script?  Is that possible.  In other words use Psexec to call the vb script for the login.
0
 
WellingtonISAuthor Commented:
OK I FINALLY GOT IT TO WORK!!!  Yippie. The script does work however you need to run it as an administrator. To solve that issue I use psexec.exe with -u administrator -p and the passowrd plus cscript.exe.  I had to copy the vbs script to the actual hard drive via an admin share then run the command from my desktop.
0
 
Ernie BeekExpertCommented:
YEAH!

Good job!

You did make sure it's unaccessible for the users (so they can't get the admin password)?

If I have some time left :-~  I'll digg into it. I'm sure it must be possible to run it without all this elevation stuff. But for now it's working :))
0
 
WellingtonISAuthor Commented:
Thx. I'll keep this alive for a couple of dayz.  Let me know.
0
 
Ernie BeekExpertCommented:
One question, you did add the write admindescription option for the users/workstations in AD?
0
 
WellingtonISAuthor Commented:
NO I'm not even sure what that is.  
0
 
Ernie BeekExpertCommented:
Well, that should be an option to give the users/computers rights to write in the descriptiong field (without having to be administrator).
On the other hand, it's working right now and if you're not comfortable with making those changes in AD then I wouldn't push you to do so.
0
 
fireline1082Commented:
I like the IP address update script that is really an awsome and usefull code


greate work erniebeek

I can help in runas thing, in my company I have written the below runas C# code and then compiled the file to runas.exe ; then I excuted the runas.exe file as part of the login batch script for all staff - then the password will not be visible to staff as .exe is compiled file -

You may need to copy the Runas.exe file locally to client machine C drive for example; then in the batch file just type: %systemdrive%\RunAs.exe

in below code change according to your settings:

Type_here_the_network_share_path_of_the_bat_file = e.g. \\server1\share\aa.bat   ; this is the bat file that has runas.exe

Type_here_your_domain = e.g. Example.com


Type_here_your_domain_admin_account = e.g. Administrator

Type_here_your_domain_admin_password = e.g. password


let me know if you have any difficulties or you did not understand the below


########


using System;
using System.Collections.Generic;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Runtime;
using System.Diagnostics;

namespace RunAs
{
    class Program
    {
        static void Main(string[] args)
        {
            try
            {


                ProcessStartInfo myProcess = new ProcessStartInfo(@"Type_here_the_network_share_path_of_the_bat_file");

                myProcess.Domain = "Type_here_your_domain";
                myProcess.UserName = "Type_here_your_domain_admin_account";

                System.Security.SecureString password = new System.Security.SecureString();

                string uspw = "Type_here_your_domain_admin_password";
                foreach (char c in uspw)
                {
                    password.AppendChar(c);
                }
               
                myProcess.Password = password;
                myProcess.UseShellExecute = false;

                Process.Start(myProcess);

             


            }
            catch (Exception e) { MessageBox.Show(e.ToString()); }

        }
    }
}

###############

0
 
WellingtonISAuthor Commented:
In a way I'm doing that but the oppsite.  I'm copying the VB script to the c drive and doing the same thing via PSEXEC.exe just with a command.
0
 
Ernie BeekExpertCommented:
@fireline1082: Well thank you very much :)
Though I can't take all the credit for this. I created this script from several others I found out there to help me making my life easier. Unfortunately I can't recall whom to give credit to as well.
0
 
WellingtonISAuthor Commented:
This is awesome and has simplified my life - so THANK YOU!
0
 
Ernie BeekExpertCommented:
The pleasure was all mine :)
0
 
fireline1082Commented:
So you are doing it through PSEXEC, but that require you to go to each machine like running

psexec \\IPaddress cmd.exe  ; then execute the vb script on the local machine, right ? correct me if I am mistaken

In this case, it will be quite tough for you to remote each machine

but if you create a batch file; like in my case - I am doing this

from Active directory users and computers ; under each user account; I configure login script on Profile tab let us say AD_update.bat

Then in your AD, place the AD_update.bat under c:\windows\sysvol\(domain name)\scripts

then when the user login; the scrit will be executed at each time he logged-in

So that runas.exe which is coded in AD_update.bat will be running at each login. May be in your case since you are using static (fixed) IPs then the PC IP address will remain, but if you are using DHCP then the computer IP addresses may keep changing that is why you have to keep running the script to get the latest update. In this case, the AD login script may be usefull
0
 
WellingtonISAuthor Commented:
I'm sorry I'm a bit confused.  If I do what you are saying I would have to copy the runas.exe to each machine and then in a bat file call that runas.exe and the vbs script?
0
 
fireline1082Commented:
Yes you can do that but as I said if you are using static IP addresses then the results that you will get from PSEXEC will remain the same.

But if u later on decided to use DHCP or changing the assigned static IP addressed then you will need a dynamic solution like a login script which will keep your IP addresses results up to date
0
 
WellingtonISAuthor Commented:
I'd like to explore the Login script if that's possible.  I guess I have to install runas on all the machines.  I'm just concerned about the permissions since that's been the biggest issue - the vb script will not install unless it's under the administrator.  I have been sucessful in running it via my PC with the adminstrator user name and password but it doesn't seem to work from the User's pc
0
 
WellingtonISAuthor Commented:
This did work however I couldn't run via a GPO had to do from one workstation with pexec commands.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.