Solved

IP addresses in Active Directory

Posted on 2011-03-14
63
380 Views
Last Modified: 2012-05-11
Is there any way I can either download or perhaps create a bat, vbs script to show IP address in Active Directory for the computers. I'd like to be able to make it show up in the Description or even in the properties by adding a tab.  Is this possible?
0
Comment
Question by:WellingtonIS
  • 32
  • 18
  • 4
  • +3
63 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 35128144
Nothing is impossible but what you want to do is not practical
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35128180
If you're running DHCP, then It would be extremely difficult.
If you have fixed IP's, then create a custom field & then you can populate that manually.
For point-in-time-reports, you could do a DNS or DHCP export.
0
 
LVL 2

Expert Comment

by:danny1875
ID: 35128235
You would certainly need to modify the Active Directory Schema to be able to do this, and im sure there is a class to add an IP address. Honestly though.. it would be much easier to reference the DHCP table to check the IP address if your not familiar on how to do this.. its only a few more clicks anyway.
0
 

Author Comment

by:WellingtonIS
ID: 35128272
Not using DHCP which is why I'd like to see if I can modify the Schema.
0
 
LVL 2

Expert Comment

by:danny1875
ID: 35128317
I'd highly recommend you do use DHCP, even if its just for ease of management. Be very careful when you modify the AD schema and make sure you have a good, current system backup before you start :)

hope this helps.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35128369
Even if you modify the schema you then have to set about creating your own forms to dispaly the data in AD which is far from easy - as I said not practical
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35128389
Your approach will be very time consuming to implement and probably quite time-consuming to maintain.
What is the purpose of this exercise? Perhaps there are alternative options?
0
 

Author Comment

by:WellingtonIS
ID: 35128484
OK I can't just changed to DHCP I have a boss and there are over 1200 devices that  have fixed IP's.  right now it's a spreadsheet and I'm sure you all know what a mess that is. I do use DNS but I was hoping to be able to view in AD.
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35128604
1200 devices with fixed IP?!?!? Do you have a plan to move to DHCP?
In the meantime use the "Export List" option in DNS.
0
 

Author Comment

by:WellingtonIS
ID: 35128701
Well not really, my boss is old school so I doubt it will get changed anytime soon.  I have been using the export list option in DNS I just was hoping I could see everything vis Active Directory
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35128718
1200 Devices with fixed IPs - A nightmare - and very inefficient - I would make changing this a priority !
0
 

Author Comment

by:WellingtonIS
ID: 35128736
Again, It's not up to me.  My boss is set on Fixed IPs. Its easier for security instead of putting it on the switches.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35128767
I think you need a new boss :-)
0
 

Author Comment

by:WellingtonIS
ID: 35128833
LOL he's ok just old school.  It's a lot of work to change of that many devices plus the fact that we are in the process of switching platforms in this hospital too.
0
 
LVL 2

Expert Comment

by:danny1875
ID: 35128848
I agree with KCTS :) but seriously, get away from fixed IP and over to DHCP, it will save you time an effort in administration. Modifying the schema will work, but its more effort in the long run to do that rather than your boss just admitting defeat and making the move to DHCP
0
 

Author Comment

by:WellingtonIS
ID: 35128855
So I guess I can't accomplish seeing IP's in Active Directory - if that's the case then close this.  thx everyone for your input.
0
 

Author Comment

by:WellingtonIS
ID: 35128888
LOL!  OK then I will not even try
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35129198
Try this script:

 
' *** Get IP addresses on the workstation

OPTION EXPLICIT
DIM computerName, DN, i, IPConfig, IPConfigSet
DIM strIPAddresses, strComputer
DIM objWMIService, objNetwork

Const ADS_PROPERTY_UPDATE = 2
strIPAddresses = ""

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set IPConfigSet = objWMIService.ExecQuery _
("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled=TRUE")

For Each IPConfig in IPConfigSet
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
strIPAddresses = strIPAddresses & IPConfig.IPAddress(i) & ", "
Next
End If
Next

Set objNetwork = WScript.CreateObject("WScript.Network")

DN = getOUByComputerName(objNetwork.ComputerName)


FUNCTION getOUByComputerName(BYVAL computerName)
	' *** Function to find ou/container of computer object from computer name ***
	
	DIM namingContext, ldapFilter, ou
	DIM cn, cmd, rs
	DIM objRootDSE, objComputer

' Bind to the RootDSE to get the default naming context for
	' the domain.  e.g. dc=wisesoft,dc=co,dc=uk
	SET objRootDSE = GETOBJECT("LDAP://RootDSE")
	namingContext = objRootDSE.GET("defaultNamingContext")
	SET objRootDSE = NOTHING

	' Construct an ldap filter to search for a computer object
	' anywhere in the domain with a name of the value specified.
	ldapFilter = "<LDAP://" & namingContext & _
 	">;(&(objectCategory=Computer)(name=" & computerName & "))" & _
	";distinguishedName;subtree"

	' Standard ADO code to query database
	SET cn = CREATEOBJECT("ADODB.Connection")
	SET cmd = CREATEOBJECT("ADODB.Command")

	cn.open "Provider=ADsDSOObject;"
	cmd.activeconnection = cn
	cmd.commandtext = ldapFilter
	
	SET rs = cmd.EXECUTE

	IF rs.eof <> TRUE AND rs.bof <> TRUE THEN
		ou = rs(0)
		Set objComputer = GetObject("LDAP://" & ou)
		objComputer.Put "Description" , Array(strIPAddresses)
		objComputer.SetInfo
	END IF
	rs.close
	cn.close

END FUNCTION

Open in new window


Should do what you would like.
0
 

Author Comment

by:WellingtonIS
ID: 35130102
Do I need to run this on the DC or can I run it from my own PC?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35130222
Run it from a login script so it is executed from every workstation. Then you could even use it with DHCP ;)
0
 

Author Comment

by:WellingtonIS
ID: 35130251
OK but what is it suppose to do exactly?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35130348
It gets the IP address and name of the station, finds the station in AD and adds the found IP addresses in the description of the machine's AD object.
0
 

Author Comment

by:WellingtonIS
ID: 35130364
OK I'll try and let you know. thx!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35130397
Good luck. I'll be waiting :)
0
 

Author Comment

by:WellingtonIS
ID: 35130425
Well the good news is I tested it on my own machine and it worked!!!  That's what I need, the bad news is I have to still check it on other machines to make sure it works and the even worse news is getting people to actually reboot.  Thanks - I WILL get back to you. Well deserved points.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35130509
Thx, just take your time.

BTW, you can always force a reboot ;)
0
 

Author Comment

by:WellingtonIS
ID: 35130545
Thx but good for me bad for users! ;)
0
 

Author Comment

by:WellingtonIS
ID: 35137231
When my users are logging in this morning they are getting this error... See attached.  I think this has to do with the fact that my users have no rights.  Perhaps we can add the run as command?
script.png
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137368
You could also try to run it as a computer startup script, that way no problems with user rights.
0
 

Author Comment

by:WellingtonIS
ID: 35137394
OK I'll try a startup script.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137417
I'll be waiting (still ;-)
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:WellingtonIS
ID: 35137565
Minor setback and I have to wait till the policy actually applies. Thanks again.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137584
Good luck.
0
 

Author Comment

by:WellingtonIS
ID: 35137649
Its still doing this even on the startup script.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137702
Time for some elevation then.
Found this:http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22502969.html
Might be interesting.
I think it would be wise to first try it using a computer startup script, because security issues with passwords stored in the script (well, you know).
0
 

Author Comment

by:WellingtonIS
ID: 35137844
Ran as a startup script and the error appeared.  I'm playing with a bat file with admin privledges.
0
 

Author Comment

by:WellingtonIS
ID: 35138312
OK now I have a different error.  Line 65 Chara 3
General Access denied error
800700005
Active Directory

Line 65 is END IF?
0
 

Author Comment

by:WellingtonIS
ID: 35138705
OK no matter what I try I can't get this to work. I tried to add the administrator account but that's not working either.
0
 

Author Comment

by:WellingtonIS
ID: 35138815
This is what I added.  I'm getting an error on line 52, 1?
' *** Get IP addresses on the workstation

Option Explicit

Dim strArgs, strAdminUser, strAdminPass
Dim objFSO, wshNetwork, strComputer, objShell, strCommand

Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set wshNetwork = WScript.CreateObject("WScript.Network")
Set objShell = WScript.CreateObject("WScript.Shell")

strAdminUser = "wellington\administrator"
strAdminPass = "WRMC33414"

If WScript.Arguments.Count < 1 Then
      Call Normal_User_Commands
ElseIf WScript.Arguments(0) = "AsAdmin" Then
      Call Admin_User_Commands
Else
      MsgBox "Unknown Argument received"
End If

Sub Normal_User_Commands

DIM computerName, DN, i, IPConfig, IPConfigSet
DIM strIPAddresses, strComputer
DIM objWMIService, objNetwork

Const ADS_PROPERTY_UPDATE = 2
strIPAddresses = ""

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set IPConfigSet = objWMIService.ExecQuery _
("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled=TRUE")

For Each IPConfig in IPConfigSet
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
strIPAddresses = strIPAddresses & IPConfig.IPAddress(i) & ", "
Next
End If
Next

Set objNetwork = WScript.CreateObject("WScript.Network")

DN = getOUByComputerName(objNetwork.ComputerName)


FUNCTION getOUByComputerName(BYVAL computerName)
      ' *** Function to find ou/container of computer object from computer name ***
      
      DIM namingContext, ldapFilter, ou
      DIM cn, cmd, rs
      DIM objRootDSE, objComputer

' Bind to the RootDSE to get the default naming context for
      ' the domain.  e.g. dc=wisesoft,dc=co,dc=uk
      SET objRootDSE = GETOBJECT("LDAP://RootDSE")
      namingContext = objRootDSE.GET("defaultNamingContext")
      SET objRootDSE = NOTHING

      ' Construct an ldap filter to search for a computer object
      ' anywhere in the domain with a name of the value specified.
      ldapFilter = "<LDAP://" & namingContext & _
       ">;(&(objectCategory=Computer)(name=" & computerName & "))" & _
      ";distinguishedName;subtree"

      ' Standard ADO code to query database
      SET cn = CREATEOBJECT("ADODB.Connection")
      SET cmd = CREATEOBJECT("ADODB.Command")

      cn.open "Provider=ADsDSOObject;"
      cmd.activeconnection = cn
      cmd.commandtext = ldapFilter
      
      SET rs = cmd.EXECUTE

      IF rs.eof <> TRUE AND rs.bof <> TRUE THEN
            ou = rs(0)
            Set objComputer = GetObject("LDAP://" & ou)
            objComputer.Put "Description" , Array(strIPAddresses)
            objComputer.SetInfo
      END IF
      rs.close
      cn.close

END FUNCTION
0
 

Author Comment

by:WellingtonIS
ID: 35138821
by the way that password is a dummy.. so don't worry.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35141188
Have a look at this, perhaps it might help.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35141200
0
 

Author Comment

by:WellingtonIS
ID: 35141318
I'm not so sure I understand this...
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35142115
Well, just forget that for now. I was trying to do it the difficult way. If memory serves me right, you should be able to add a permission in AD on the computer OU to allow user to change/modify the description field of the computer object and only that field.
Don't have a server at hand right now so I'll try to look into to that asap.
0
 

Author Comment

by:WellingtonIS
ID: 35147040
OK I think I got it to work using PSEXEC -  I'll let you know as soon as I finish testing.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35147191
Cool, let me know.

I also found where to add the permission:

If you go to the properties of the OU that's holding the computer->tab security->advanced button->add a permission for 'domain users'->in 'permission entries' go to tab properties->there should be an option 'write admindescription'

That should be the one.
0
 

Author Comment

by:WellingtonIS
ID: 35147237
OK this is my last shot... I'm wondering if I can call the script via a bat file for a startup or login script?  Is that possible.  In other words use Psexec to call the vb script for the login.
0
 

Author Comment

by:WellingtonIS
ID: 35151455
OK I FINALLY GOT IT TO WORK!!!  Yippie. The script does work however you need to run it as an administrator. To solve that issue I use psexec.exe with -u administrator -p and the passowrd plus cscript.exe.  I had to copy the vbs script to the actual hard drive via an admin share then run the command from my desktop.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35152526
YEAH!

Good job!

You did make sure it's unaccessible for the users (so they can't get the admin password)?

If I have some time left :-~  I'll digg into it. I'm sure it must be possible to run it without all this elevation stuff. But for now it's working :))
0
 

Author Comment

by:WellingtonIS
ID: 35155609
Thx. I'll keep this alive for a couple of dayz.  Let me know.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35155628
One question, you did add the write admindescription option for the users/workstations in AD?
0
 

Author Comment

by:WellingtonIS
ID: 35155716
NO I'm not even sure what that is.  
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35155734
Well, that should be an option to give the users/computers rights to write in the descriptiong field (without having to be administrator).
On the other hand, it's working right now and if you're not comfortable with making those changes in AD then I wouldn't push you to do so.
0
 
LVL 3

Expert Comment

by:fireline1082
ID: 35155745
I like the IP address update script that is really an awsome and usefull code


greate work erniebeek

I can help in runas thing, in my company I have written the below runas C# code and then compiled the file to runas.exe ; then I excuted the runas.exe file as part of the login batch script for all staff - then the password will not be visible to staff as .exe is compiled file -

You may need to copy the Runas.exe file locally to client machine C drive for example; then in the batch file just type: %systemdrive%\RunAs.exe

in below code change according to your settings:

Type_here_the_network_share_path_of_the_bat_file = e.g. \\server1\share\aa.bat   ; this is the bat file that has runas.exe

Type_here_your_domain = e.g. Example.com


Type_here_your_domain_admin_account = e.g. Administrator

Type_here_your_domain_admin_password = e.g. password


let me know if you have any difficulties or you did not understand the below


########


using System;
using System.Collections.Generic;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Runtime;
using System.Diagnostics;

namespace RunAs
{
    class Program
    {
        static void Main(string[] args)
        {
            try
            {


                ProcessStartInfo myProcess = new ProcessStartInfo(@"Type_here_the_network_share_path_of_the_bat_file");

                myProcess.Domain = "Type_here_your_domain";
                myProcess.UserName = "Type_here_your_domain_admin_account";

                System.Security.SecureString password = new System.Security.SecureString();

                string uspw = "Type_here_your_domain_admin_password";
                foreach (char c in uspw)
                {
                    password.AppendChar(c);
                }
               
                myProcess.Password = password;
                myProcess.UseShellExecute = false;

                Process.Start(myProcess);

             


            }
            catch (Exception e) { MessageBox.Show(e.ToString()); }

        }
    }
}

###############

0
 

Author Comment

by:WellingtonIS
ID: 35155805
In a way I'm doing that but the oppsite.  I'm copying the VB script to the c drive and doing the same thing via PSEXEC.exe just with a command.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35155806
@fireline1082: Well thank you very much :)
Though I can't take all the credit for this. I created this script from several others I found out there to help me making my life easier. Unfortunately I can't recall whom to give credit to as well.
0
 

Author Comment

by:WellingtonIS
ID: 35155821
This is awesome and has simplified my life - so THANK YOU!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35155919
The pleasure was all mine :)
0
 
LVL 3

Expert Comment

by:fireline1082
ID: 35158836
So you are doing it through PSEXEC, but that require you to go to each machine like running

psexec \\IPaddress cmd.exe  ; then execute the vb script on the local machine, right ? correct me if I am mistaken

In this case, it will be quite tough for you to remote each machine

but if you create a batch file; like in my case - I am doing this

from Active directory users and computers ; under each user account; I configure login script on Profile tab let us say AD_update.bat

Then in your AD, place the AD_update.bat under c:\windows\sysvol\(domain name)\scripts

then when the user login; the scrit will be executed at each time he logged-in

So that runas.exe which is coded in AD_update.bat will be running at each login. May be in your case since you are using static (fixed) IPs then the PC IP address will remain, but if you are using DHCP then the computer IP addresses may keep changing that is why you have to keep running the script to get the latest update. In this case, the AD login script may be usefull
0
 

Author Comment

by:WellingtonIS
ID: 35159065
I'm sorry I'm a bit confused.  If I do what you are saying I would have to copy the runas.exe to each machine and then in a bat file call that runas.exe and the vbs script?
0
 
LVL 3

Expert Comment

by:fireline1082
ID: 35165977
Yes you can do that but as I said if you are using static IP addresses then the results that you will get from PSEXEC will remain the same.

But if u later on decided to use DHCP or changing the assigned static IP addressed then you will need a dynamic solution like a login script which will keep your IP addresses results up to date
0
 

Author Comment

by:WellingtonIS
ID: 35231260
I'd like to explore the Login script if that's possible.  I guess I have to install runas on all the machines.  I'm just concerned about the permissions since that's been the biggest issue - the vb script will not install unless it's under the administrator.  I have been sucessful in running it via my PC with the adminstrator user name and password but it doesn't seem to work from the User's pc
0
 

Author Closing Comment

by:WellingtonIS
ID: 35448519
This did work however I couldn't run via a GPO had to do from one workstation with pexec commands.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now