Solved

AD description field question

Posted on 2013-01-31
4
341 Views
Last Modified: 2013-02-01
Hi Experts,

How can I check if the Description field in my AD accounts [windows 2008 r2 forest/domain level] is linked to any other application such as Lync.

Going forward, I would like to use the Description field for special notes relating to the status of the user account

Please advise
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:coraxal
ID: 38841224
Well, not really sure what you mean by "linked to any other applications...", but I'll guess that you'd be looking for specific things in the description field such as "Lynch" or "Other app". If that's the case, you can check the Description field of AD accounts using PowerShell
# With the Win2k8 R2 Active-Directory module

Get-ADUser -Filter * -Properties Description -ResultSetSize $null | Select-Object Name,Description

# With Quest Active Roles cmdlets

Get-QADUser -SizeLimit 0 | Select-Object Name,Description

Open in new window

http://www.quest.com/powershell/activeroles-server.aspx
0
 

Author Comment

by:Jerry Seinfield
ID: 38841376
Thanks Coraxal

Basically what i need is to find a way via script or powershell to identify if this field is being used by another MS application /non MS application such as Lync, SAP, etc

Any ideas?
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 38841536
You can't unless you test every application as ANY application can query AD and use any value returned.
0
 
LVL 5

Accepted Solution

by:
coraxal earned 500 total points
ID: 38841629
If your AD users have values in the Description that you can query and apply filters on, then yes you can. However, if the Description is empty then like ve3ofa mentioned you won't be able to.

For example, if you have users like this:

"DisplayName", "Description"
John Doe, SAP user
Jane Doe, Lynch user

And if you were looking for the users with the string "SAP" in the Description field, you'd do something like this:
# With the Win2k8 R2 Active-Directory module

Get-ADUser -Properties Description -Filter {Description -like "*SAP*"} -ResultSetSize $null | Select-Object Name,Description

# With Quest Active Roles cmdlets

Get-QADUser -LdapFilter "(Description=*SAP*)"-SizeLimit 0 | Select-Object Name,Description

Open in new window

0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question