diffrentiate desktops and laptops

is there anyway to query AD attributes to identify a list of devices which are laptops? I think there used to be an attribute around internal battery which may help. Any advise welcome.
Who is Participating?
Hello ThereSystem AdministratorCommented:
Please refer to this EE question:

strContainer = "ou=workstations,dc=yourdomain,dc=local"
strReport = "ChassisTypeReport-" & ShortDateTime(Now) & ".csv"
On Error Resume Next
Set objChassisTypes = CreateObject("Scripting.Dictionary")
objChassisTypes.Add 1, "Other"
objChassisTypes.Add 2, "Unknown"
objChassisTypes.Add 3, "Desktop"
objChassisTypes.Add 4, "Low Profile Desktop"
objChassisTypes.Add 5, "Pizza Box"
objChassisTypes.Add 6, "Mini Tower"
objChassisTypes.Add 7, "Tower"
objChassisTypes.Add 8, "Portable"
objChassisTypes.Add 9, "Laptop"
objChassisTypes.Add 10, "Notebook"
objChassisTypes.Add 11, "Handheld"
objChassisTypes.Add 12, "Docking Station"
objChassisTypes.Add 13, "All-in-One"
objChassisTypes.Add 14, "Sub-Notebook"
objChassisTypes.Add 15, "Space Saving"
objChassisTypes.Add 16, "Lunch Box"
objChassisTypes.Add 17, "Main System Chassis"
objChassisTypes.Add 18, "Expansion Chassis"
objChassisTypes.Add 19, "Sub-Chassis"
objChassisTypes.Add 20, "Bus Expansion Chassis"
objChassisTypes.Add 21, "Peripheral Chassis"
objChassisTypes.Add 22, "Storage Chassis"
objChassisTypes.Add 23, "Rack Mount Chassis"
objChassisTypes.Add 24, "Sealed-Case PC"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objReport = objFSO.CreateTextFile(strReport, True)
objReport.WriteLine "Computer,Online,Chassis Type(s)"
For Each strComputer In ADContainerArray(strContainer, "computer", "name", True)
    If PingCheck(strComputer, 1, 500) Then
        intLimit = 0
        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
        Set colChassis = objWMIService.ExecQuery _
            ("Select * from Win32_SystemEnclosure")
        For Each objChassis in colChassis
            For Each intType In objChassis.ChassisTypes
                ReDim Preserve arrTypes(intLimit)
                arrTypes(intLimit) = objChassisTypes.Item(intType)
                intLimit = intLimit + 1
            objReport.WriteLine strComputer & ",True," & Join(arrTypes, ";")
        objReport.WriteLine strComputer & ",False"
    End If
WScript.Echo "Query complete."
Function ShortDateTime(dtmTime)
    strYear = Year(dtmTime)
    strMonth = Right("0" & Month(dtmTime), 2)
    strDay = Right("0" & Day(dtmTime), 2)
    strHour = Right("0" & Hour(dtmTime), 2)
    strMinute = Right("0" & Minute(dtmTime), 2)
    strSecond = Right("0" & Second(dtmTime), 2)
    ShortDateTime = strYear & strMonth & strDay & "-" & strHour & strMinute & strSecond
End Function
Function ADContainerArray(strDN, strClass, strField, blnSubtree)
    'Performs an Active Directory query and returns the results
    '    to an array.
    'strDN: Distinguished name of the AD container to search under
    'strClass: Object class to search for, e.g. Computer or User
    'strField: Field to return, e.g. Name, distinguishedName, CN
    'blnSubtree: Set to True or False
    '    If True, performs a recursive query on child containers
    intLimit = 0
    If blnSubtree Then
        intScope = ADS_SCOPE_SUBTREE
        intScope = ADS_SCOPE_ONELEVEL
    End If
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection
    objCommand.CommandText = "SELECT " & strField & " FROM 'LDAP://" &_
        strDN & "' WHERE objectClass='" & strClass & "'"
    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = intScope 
    Set objRecordSet = objCommand.Execute
    Do Until objRecordSet.EOF
        ReDim Preserve arrOutput(intLimit)
        arrOutput(intLimit) = objRecordSet.Fields(strField).Value
        intLimit = intLimit + 1
    ADContainerArray = arrOutput
End Function
Function PingCheck(strTarget, strPings, intPause)
    Const ForReading = 1
    Set objShell = CreateObject("WScript.Shell")
    strTempDir = objShell.ExpandEnvironmentStrings("%temp%")
    strTempFile = strTempDir & "\script-" & strTarget & ".txt"
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _
        strTarget & ">" & strTempFile, 0, True
    WScript.Sleep intPause
    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _
        strTarget & ">>" & strTempFile, 0, True
    Set objTempFile = objFSO.OpenTextFile(strTempFile, ForReading)
    strOutput = objTempFile.ReadAll
    objFSO.DeleteFile strTempFile, True
    If InStr(strOutput, "bytes=32") > 0 Then
        PingCheck = True
        PingCheck = False
    End If
End Function

Open in new window

Cliff GaliherCommented:
This is not stored in any AD attribute that is auto-populated. You could manually create a custom attribute and set such variables yourself, but AD neither knows nor cares about whether a device is a laptop or desktop.
Hello ThereSystem AdministratorCommented:
I Also found this MS tool:
Group Policy Inventory (GPInventory.exe)
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Cliff GaliherCommented:
Worth noting that both use WMI to query information from the device itself. That means the device must be on and reachable, and is NOT relying on an AD property as the OP requested.
Allow the question: what would you do with this information?
pma111Author Commented:
Its for cross refencing against a list of devices reporting bitlocker status to provide assurance all portable laptops have bitlocker fde applied.
All devices should be bitlocked, no matter if laptop or not. But well, use a startup script that queries battery presence and asks bitlocker if 100% encrypted. Code examples for battery checking will be googled in seconds.
David Johnson, CD, MVPOwnerCommented:
group policy wmi filtering will do this. AD by itself doesn't store this information
WMIC Path Win32_Battery | findstr Battery && manage-bde -status c: |findstr /c:"100,0" || echo unencrypted>\\server\share\%computername%.txt

Open in new window

If this line is executed as startup script, it will make the laptops drop a  text file named like the machine to a share if c: is not not 100% encrypted.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.